software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
Minimum release age / cooldown policies for new package v...
A cooldown on new npm package versions can block malicious releases before they reach your build. Here's how minimum release age policies work.
Heartbleed OpenSSL vulnerability retrospective
A decade later, Heartbleed (CVE-2014-0160) still explains why software supply chain visibility matters: severity, timeline, and remediation steps revisited.
Apache Struts remote code execution CVE history
A decade of Apache Struts RCEs — from Equifax's CVE-2017-5638 to 2024's file-upload bypass — traced through CVSS, EPSS, KEV, and fixes.
Lodash prototype pollution vulnerabilities explained
A breakdown of lodash's prototype pollution CVEs (CVE-2018-3721, CVE-2019-10744, CVE-2020-8203), their impact, and concrete remediation steps.
Cloud misconfiguration: causes and prevention
Cloud misconfiguration causes most cloud breaches, from Capital One to Toyota. Learn its root causes, real incidents, and how Safeguard prevents it.
Open source security audits: what they cover
What an open source security audit actually covers versus routine SCA scanning, the frameworks that define it, real costs and timelines, and how Aikido Security's approach compares.
WebExtension vulnerabilities in React DevTools and Vue.js DevTools
CVE-2023-5654 and CVE-2023-5718 exposed 5M+ React and Vue devtools users to postMessage flaws. Here's how devtools extensions became supply chain risk.
Trivy's etcd exhaustion problem and scan reliability issues
Trivy's local vulnerability database runs on etcd's own bbolt engine, and its single-writer lock and unbounded growth cause CI scans to stall or fail.
Securing AWS Lambda cold starts and execution permissions
Lambda cold starts inject live IAM credentials into shared execution environments — here's how over-permissioned roles and vulnerable layers turn that into a real attack surface.
WebAssembly (WASM) security considerations
A 2018 WASM cryptominer hit 4,275+ websites in a day. Learn WebAssembly's real security risks, from memory bugs to supply chain blind spots.
The State of Open Source Security report (annual series)
Safeguard's annual State of Open Source Security Report finds transitive dependencies now drive most exposure, and reachability — not CVSS alone — separates mature security programs.
The State of Agentic AI Adoption report
New survey data on the state of agentic AI adoption shows enterprises racing to deploy autonomous agents faster than security teams can govern them.