software-supply-chain-security
Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
494 articles
Securing smart grid and advanced metering infrastructure ...
How AMI firmware, smart meters, and grid modernization projects create software supply chain risk for utilities — and what closing that gap actually requires.
Zero trust architecture patterns adapted for AI agent wor...
How zero trust AI agents, agent network segmentation, and continuous verification close the gaps that let one poisoned tool call turn an autonomous agent into a supply chain attack.
Terraform Module Supply Chain Security
The dependency lockfile everyone commits only covers providers — your modules float free. Pinning, provenance, and the code-execution paths hiding inside terraform plan.
What a cryptographic bill of materials is and why it's ne...
A cryptographic bill of materials (CBOM) inventories every algorithm, key, and certificate in your systems—here's why PQC migration is impossible without one.
Comparing confidential VM offerings across major cloud pr...
A practical comparison of confidential virtual machines across Azure, AWS Nitro Enclaves, GCP confidential compute, and more -- real strengths, real limitations, no marketing gloss.
What AI red teaming is and how to run a structured exercise
A practical guide to AI red teaming: how to plan, run, and report a structured LLM red team exercise using a repeatable adversarial testing methodology.
Reproducible Builds: Why Bit-for-Bit Identical Matters
If two builds of the same source produce different binaries, you cannot prove what you shipped. How determinism breaks, the flags that fix it, and why auditors care.
npm typosquatting campaigns roundup
A roundup of npm typosquatting campaign patterns, from dependency confusion to AI-tooling lookalikes, and how teams can detect exposure fast.
Securing the .NET NuGet Supply Chain
Package source mapping, packages.lock.json, NuGetAudit and signature verification — .NET ships more built-in supply chain controls than any other ecosystem. Most teams enable none of them.
Typosquatting in the Go module ecosystem
Typosquatting is surging across the Go module ecosystem, exploiting decentralized import paths and an immutable checksum database that makes takedowns nearly meaningless.
Kubernetes and Go supply chain risk report
Kubernetes leans on thousands of Go modules. New analysis shows how typosquats and vendored code turn that dependency into real supply chain risk.
Best SBOM management and analysis platforms
A practical buyer's guide to SBOM management platforms in 2026 -- evaluation criteria plus an honest look at six real vendors and where each one falls short.