Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

982 articles

Software Supply Chain Security

Securing IoT device firmware supply chains

How Ripple20, Mirai, and Realtek SDK flaws exposed IoT firmware supply chains, what EU CRA and FDA SBOM rules require, and what reachability adds.

Apr 28, 20267 min read
Application Security

10 serverless security best practices

10 concrete, numbers-backed serverless security practices covering IAM least privilege, dependency SBOMs, event injection, and secrets management.

Apr 27, 20266 min read
Container Security

Container image scanning: how it works and best tools

A practical guide to container image scanning: how layer-by-layer CVE detection works, how Trivy stacks up, and where Safeguard adds deeper coverage.

Apr 26, 20267 min read
Application Security

WebAssembly (WASM) security considerations

A 2018 WASM cryptominer hit 4,275+ websites in a day. Learn WebAssembly's real security risks, from memory bugs to supply chain blind spots.

Apr 26, 20267 min read
Open Source Security

The State of Open Source Security report (annual series)

Safeguard's annual State of Open Source Security Report finds transitive dependencies now drive most exposure, and reachability — not CVSS alone — separates mature security programs.

Apr 25, 20267 min read
Software Supply Chain Security

Software supply chain attacks: how they work and recent e...

Software supply chain attacks like SolarWinds, xz-utils, and polyfill.io bypass vulnerability scanners entirely. Here's how they work and where provenance verification fills the gap.

Apr 25, 20268 min read
Industry Analysis

The State of Cloud Native Application Security survey

New 2026 survey data reveals a widening gap between vulnerability alert volume and remediation capacity — and what security teams say actually helps.

Apr 25, 20267 min read
Software Supply Chain Security

PulseMeter report: software supply chain risk perceptions

Safeguard's latest PulseMeter survey finds 71% of teams hit a supply chain incident this year, but only 34% feel confident they'd catch one in time.

Apr 25, 20267 min read
Open Source Security

5 risks of open source software in 2026

Open source now makes up most enterprise code. Here are 5 risks defining open source software security in 2026 — and how to close the exploitability gap.

Apr 24, 20267 min read
Cloud Security

CIEM vs. CSPM: what's the difference?

CIEM secures who can access cloud resources; CSPM secures how resources are configured. Neither covers the software you actually ship — that is Safeguard territory.

Apr 24, 20267 min read
Industry Analysis

162 vulnerabilities disclosed in Java's top 10 libraries

Safeguard's H1 2026 analysis found 162 CVEs across Java's ten most-downloaded libraries, with critical RCE risk concentrated in Tomcat and Spring.

Apr 24, 20267 min read
DevSecOps

Annual DevSecOps maturity benchmark report

Safeguard's 2026 DevSecOps Maturity Benchmark finds detection at an all-time high but remediation stuck at a 19-day median — here's what separates the top-quartile programs.

Apr 23, 20267 min read
sbom (Page 27) — Safeguard Blog