sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
974 articles
KubeCon NA 2025: Supply Chain Security Themes
KubeCon + CloudNativeCon NA 2025 put supply chain security at the center of the cloud-native conversation. Here is what mattered for platform teams.
What is Incident Response
What incident response actually means, its four NIST phases, and why supply chain attacks like Log4Shell and SolarWinds break traditional response assumptions.
What is a Data Breach
A data breach is unauthorized access to sensitive data. See real causes like MOVEit and Log4Shell, average costs, and how to prevent one.
GCP Artifact Analysis API for Vulnerability Triage
GCP's Artifact Analysis API is the most direct way to get scan results into your triage tooling. Here is how to use it without drowning your team.
What is a Bug Bounty Program
A bug bounty program pays researchers to find and report vulnerabilities before attackers do. Here's how they work, what they cost, and their limits.
SLSA Provenance Consumption: Griffin AI vs Mythos
SLSA provenance is the cryptographic receipt of a build. Griffin AI verifies it, parses it, and uses it as typed evidence. Mythos-class tools describe it and forget to check the signature.
What is Threat Intelligence
Threat intelligence turns raw indicators into actionable defense. Here's what it actually is, its four types, and how it applies to software supply chains.
What is a Kill Chain
What is a cyber kill chain? A staged breakdown of how attacks unfold, from Lockheed Martin's 7 stages to why supply chain attacks break the model.
What is Attack Path Analysis
Attack path analysis maps how vulnerabilities and misconfigurations chain together into real exploit routes, cutting 10,000+ findings down to the handful that matter.
EU Cyber Resilience Act: Your SBOM Obligations
The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.
Log4Shell (Log4j Vulnerability) Explained
A deep dive into Log4Shell (CVE-2021-44228): how the critical Log4j2 RCE flaw worked, its timeline, affected versions, and how to remediate it.
Healthcare Supply Chain Security Baseline for 2026
What hospitals and payers should actually require from their software vendors in 2026: HIPAA-aligned controls, SBOM expectations, and the threats now hitting clinical environments.