Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Product

How the Snyk CLI's authentication flow issues and stores ...

A technical walkthrough of how Snyk's CLI authenticates via `snyk auth`, where it stores API tokens locally, and why that plaintext credential file is worth protecting.

Aug 17, 20258 min read
Concepts

What is Patch Latency

Patch latency is the gap between a fix existing and the fix running in production. Here's how to measure it honestly, why it balloons, and how teams get it under 30 days.

Aug 17, 20257 min read
Industry Analysis

The Confidence Gap: Why Developers Trust AI Code More Tha...

Studies show developers trust AI-generated code more than human code, even though it's often less secure. Here's what's driving the AI code trust gap.

Aug 9, 20257 min read
Industry Analysis

Autocomplete Anxiety: Measuring How Often AI Coding Assis...

Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.

Aug 9, 20257 min read
SBOM

The Gap Between SBOM Generation and SBOM Consumption

Most companies generate SBOMs to satisfy a compliance checkbox, then let them sit unread. Here is why SBOM consumption lags generation, and how to close the gap.

Jul 29, 20257 min read
Industry Analysis

Runtime Reachability Analysis: Cutting Through Vulnerabil...

Most CVE findings are noise. Here's how runtime reachability analysis separates exploitable risk from theoretical severity, and why CVSS alone can't prioritize your patch queue.

Jul 24, 20258 min read
Engineering

Sigstore Cosign Keyless Signing Explained for Teams

Keyless signing swaps long-lived private keys for ten-minute certificates tied to an OIDC identity. How Fulcio and Rekor work, and how to roll it out without breaking deploys.

Jul 24, 20256 min read
Application Security

Consolidation Wave: Why AppSec Vendors Are Buying Runtime...

CrowdStrike, Cisco, Tenable, and others have spent three years buying runtime-visibility startups. Here's why AppSec vendors need runtime context to fix alert overload.

Jul 24, 20258 min read
Open Source Security

The Business Case for Consolidating SAST, SCA, and DAST U...

Fragmented SAST, SCA, and DAST tools cost more than three licenses — they cost analyst hours, slower remediation, and longer audits. Here's the real ROI math for consolidation.

Jul 23, 20258 min read
Industry Analysis

Benchmarking Mean Time to Remediate Across Company Size a...

MTTR benchmarks vary 2-5x by company size and industry. See how financial services, healthcare, and mid-sized firms compare — and what a realistic 2026 target looks like.

Jul 23, 20258 min read
DevSecOps

Shift Left Fatigue: Why Developers Are Pushing Back on Se...

Shift-left security handed developers new duties without removing old ones. Here's why teams are pushing back — and how better tooling fixes the real problem: noise, not ownership.

Jul 19, 20257 min read
DevSecOps

Measuring Developer Security Maturity Beyond Tool Coverage

Tool coverage tells you what's installed, not whether developers are actually getting safer. Here's how to build a maturity model around remediation velocity, recurrence, and secrets hygiene instead.

Jul 18, 20258 min read
software-supply-chain-security (Page 37) — Safeguard Blog