sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
982 articles
Securing IoT device firmware supply chains
How Ripple20, Mirai, and Realtek SDK flaws exposed IoT firmware supply chains, what EU CRA and FDA SBOM rules require, and what reachability adds.
10 serverless security best practices
10 concrete, numbers-backed serverless security practices covering IAM least privilege, dependency SBOMs, event injection, and secrets management.
Container image scanning: how it works and best tools
A practical guide to container image scanning: how layer-by-layer CVE detection works, how Trivy stacks up, and where Safeguard adds deeper coverage.
WebAssembly (WASM) security considerations
A 2018 WASM cryptominer hit 4,275+ websites in a day. Learn WebAssembly's real security risks, from memory bugs to supply chain blind spots.
The State of Open Source Security report (annual series)
Safeguard's annual State of Open Source Security Report finds transitive dependencies now drive most exposure, and reachability — not CVSS alone — separates mature security programs.
Software supply chain attacks: how they work and recent e...
Software supply chain attacks like SolarWinds, xz-utils, and polyfill.io bypass vulnerability scanners entirely. Here's how they work and where provenance verification fills the gap.
The State of Cloud Native Application Security survey
New 2026 survey data reveals a widening gap between vulnerability alert volume and remediation capacity — and what security teams say actually helps.
PulseMeter report: software supply chain risk perceptions
Safeguard's latest PulseMeter survey finds 71% of teams hit a supply chain incident this year, but only 34% feel confident they'd catch one in time.
5 risks of open source software in 2026
Open source now makes up most enterprise code. Here are 5 risks defining open source software security in 2026 — and how to close the exploitability gap.
CIEM vs. CSPM: what's the difference?
CIEM secures who can access cloud resources; CSPM secures how resources are configured. Neither covers the software you actually ship — that is Safeguard territory.
162 vulnerabilities disclosed in Java's top 10 libraries
Safeguard's H1 2026 analysis found 162 CVEs across Java's ten most-downloaded libraries, with critical RCE risk concentrated in Tomcat and Spring.
Annual DevSecOps maturity benchmark report
Safeguard's 2026 DevSecOps Maturity Benchmark finds detection at an all-time high but remediation stuck at a 19-day median — here's what separates the top-quartile programs.