Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Product

Minimum release age / cooldown policies for new package v...

A cooldown on new npm package versions can block malicious releases before they reach your build. Here's how minimum release age policies work.

May 7, 20269 min read
Vulnerability Analysis

Heartbleed OpenSSL vulnerability retrospective

A decade later, Heartbleed (CVE-2014-0160) still explains why software supply chain visibility matters: severity, timeline, and remediation steps revisited.

May 4, 20267 min read
Vulnerability Analysis

Apache Struts remote code execution CVE history

A decade of Apache Struts RCEs — from Equifax's CVE-2017-5638 to 2024's file-upload bypass — traced through CVSS, EPSS, KEV, and fixes.

May 4, 20267 min read
Vulnerability Analysis

Lodash prototype pollution vulnerabilities explained

A breakdown of lodash's prototype pollution CVEs (CVE-2018-3721, CVE-2019-10744, CVE-2020-8203), their impact, and concrete remediation steps.

May 2, 20267 min read
Industry Analysis

Cloud misconfiguration: causes and prevention

Cloud misconfiguration causes most cloud breaches, from Capital One to Toyota. Learn its root causes, real incidents, and how Safeguard prevents it.

Apr 30, 20267 min read
Industry Analysis

Open source security audits: what they cover

What an open source security audit actually covers versus routine SCA scanning, the frameworks that define it, real costs and timelines, and how Aikido Security's approach compares.

Apr 30, 20268 min read
Industry Analysis

WebExtension vulnerabilities in React DevTools and Vue.js DevTools

CVE-2023-5654 and CVE-2023-5718 exposed 5M+ React and Vue devtools users to postMessage flaws. Here's how devtools extensions became supply chain risk.

Apr 28, 20267 min read
Industry Analysis

Trivy's etcd exhaustion problem and scan reliability issues

Trivy's local vulnerability database runs on etcd's own bbolt engine, and its single-writer lock and unbounded growth cause CI scans to stall or fail.

Apr 27, 20268 min read
Application Security

Securing AWS Lambda cold starts and execution permissions

Lambda cold starts inject live IAM credentials into shared execution environments — here's how over-permissioned roles and vulnerable layers turn that into a real attack surface.

Apr 26, 20267 min read
Application Security

WebAssembly (WASM) security considerations

A 2018 WASM cryptominer hit 4,275+ websites in a day. Learn WebAssembly's real security risks, from memory bugs to supply chain blind spots.

Apr 26, 20267 min read
Open Source Security

The State of Open Source Security report (annual series)

Safeguard's annual State of Open Source Security Report finds transitive dependencies now drive most exposure, and reachability — not CVSS alone — separates mature security programs.

Apr 25, 20267 min read
AI Security

The State of Agentic AI Adoption report

New survey data on the state of agentic AI adoption shows enterprises racing to deploy autonomous agents faster than security teams can govern them.

Apr 25, 20268 min read
software-supply-chain (Page 11) — Safeguard Blog