Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Software Supply Chain Security

Typosquatting and malicious Go modules published to pkg.g...

How malicious Go modules exploit pkg.go.dev's open publishing model, real typosquatting attacks like steelpoor/tlsproxy, and why Go's module proxy makes cleanup so hard.

Feb 4, 20268 min read
Software Supply Chain Security

What is a Private Package Registry

A private package registry controls who can publish and pull internal and third-party code — but only if it's configured to block, not just cache, public fallback resolution.

Feb 4, 20266 min read
Software Supply Chain Security

What is Artifact Repository Security

Artifact repositories are prime attack targets — one poisoned package reaches every downstream consumer. Here's what actually secures them.

Feb 3, 20267 min read
Industry Analysis

Goroutine leaks and data races as denial-of-service and s...

Goroutine leaks and data races aren't just bugs — they're exploitable DoS and logic-corruption vectors. Here's how they work, real incidents, and how Safeguard catches them.

Feb 3, 20267 min read
Software Supply Chain Security

What is Reproducible Builds

Reproducible builds let anyone recompile source code and cryptographically verify the binary matches — closing the gap attackers exploit when they compromise build systems, not source code.

Feb 3, 20268 min read
Cloud Security

What is Runtime Protection

Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.

Jan 31, 20266 min read
Best Practices

What is a Security Baseline

A security baseline is the minimum, testable set of controls every system or repo must meet — here's how it differs from policy, and how to build one for your supply chain.

Jan 30, 20267 min read
Software Supply Chain Security

iOS app supply chain risk from third-party SDKs and ad li...

Third-party SDKs and ad libraries run inside your iOS app with your app's permissions. Here's how ios sdk supply chain risk hides in plain sight — and what Safeguard does about it.

Jan 30, 20268 min read
Compliance

What is Third-Party Risk Management

Third-party risk management explained: what it covers, why SolarWinds and MOVEit made it board-level, and how modern TPRM differs from supply chain security.

Jan 29, 20268 min read
Software Supply Chain Security

Third-party library risk in Android apps: permissions, SD...

Every Android app runs dozens of third-party SDKs with full app permissions. Here's how android third-party library risk turns into real data leaks — and how Safeguard catches it first.

Jan 28, 20267 min read
Best Practices

What is Defense in Depth

Defense in depth stacks independent security layers—source, build, dependencies, artifacts, runtime—so no single failure causes a breach.

Jan 27, 20267 min read
Best Practices

What is Security by Obscurity

Security by obscurity means hiding a system instead of securing it. Here's why that bet fails, with real breaches, real CVEs, and what to build instead.

Jan 27, 20267 min read
software-supply-chain-security (Page 30) — Safeguard Blog