Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Software Supply Chain Security

Securing smart grid and advanced metering infrastructure ...

How AMI firmware, smart meters, and grid modernization projects create software supply chain risk for utilities — and what closing that gap actually requires.

Dec 21, 20257 min read
AI Security

Zero trust architecture patterns adapted for AI agent wor...

How zero trust AI agents, agent network segmentation, and continuous verification close the gaps that let one poisoned tool call turn an autonomous agent into a supply chain attack.

Dec 19, 20257 min read
Engineering

Terraform Module Supply Chain Security

The dependency lockfile everyone commits only covers providers — your modules float free. Pinning, provenance, and the code-execution paths hiding inside terraform plan.

Dec 18, 20256 min read
Cryptography

What a cryptographic bill of materials is and why it's ne...

A cryptographic bill of materials (CBOM) inventories every algorithm, key, and certificate in your systems—here's why PQC migration is impossible without one.

Dec 12, 20257 min read
Cloud Security

Comparing confidential VM offerings across major cloud pr...

A practical comparison of confidential virtual machines across Azure, AWS Nitro Enclaves, GCP confidential compute, and more -- real strengths, real limitations, no marketing gloss.

Dec 11, 20258 min read
AI Security

What AI red teaming is and how to run a structured exercise

A practical guide to AI red teaming: how to plan, run, and report a structured LLM red team exercise using a repeatable adversarial testing methodology.

Dec 9, 20258 min read
Engineering

Reproducible Builds: Why Bit-for-Bit Identical Matters

If two builds of the same source produce different binaries, you cannot prove what you shipped. How determinism breaks, the flags that fix it, and why auditors care.

Dec 4, 20256 min read
Open Source Security

npm typosquatting campaigns roundup

A roundup of npm typosquatting campaign patterns, from dependency confusion to AI-tooling lookalikes, and how teams can detect exposure fast.

Nov 30, 20257 min read
Engineering

Securing the .NET NuGet Supply Chain

Package source mapping, packages.lock.json, NuGetAudit and signature verification — .NET ships more built-in supply chain controls than any other ecosystem. Most teams enable none of them.

Nov 24, 20256 min read
Open Source Security

Typosquatting in the Go module ecosystem

Typosquatting is surging across the Go module ecosystem, exploiting decentralized import paths and an immutable checksum database that makes takedowns nearly meaningless.

Nov 20, 20257 min read
Open Source Security

Kubernetes and Go supply chain risk report

Kubernetes leans on thousands of Go modules. New analysis shows how typosquats and vendored code turn that dependency into real supply chain risk.

Nov 19, 20258 min read
SBOM

Best SBOM management and analysis platforms

A practical buyer's guide to SBOM management platforms in 2026 -- evaluation criteria plus an honest look at six real vendors and where each one falls short.

Nov 19, 20257 min read
software-supply-chain-security (Page 33) — Safeguard Blog