Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Industry Analysis

Django ORM SQL injection edge cases beyond parameterized ...

Django's ORM parameterizes queries by default, but .raw(), .extra(), and annotate() calls create real SQL injection risk. Here's what to check.

Jan 28, 20267 min read
Vulnerability Analysis

Rails YAML deserialization RCE history and CVE-2013-0156 ...

A deep dive into CVE-2013-0156, the Rails YAML deserialization RCE that let attackers execute code via crafted requests, and how to remediate it.

Jan 26, 20268 min read
Vulnerability Analysis

What is a Man-in-the-Browser Attack

Man-in-the-browser malware rewrites transactions inside a victim's own browser, bypassing TLS and OTP 2FA -- here's how it works and how to stop it.

Jan 26, 20267 min read
Industry Analysis

Rails Active Record SQL injection via raw queries and str...

A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.

Jan 26, 20267 min read
Compliance

What is a Security Compliance Framework

A concrete breakdown of what security compliance frameworks are, which ones software companies actually need, and how long certification really takes.

Jan 25, 20266 min read
Regulatory Compliance

NestJS dependency injection and module configuration secu...

NestJS's dependency injection container silently governs data isolation and supply-chain trust. Here's how scope, module, and factory misconfigurations turn into real security failures.

Jan 24, 20267 min read
Industry Analysis

State of Open Source Security Report Overview

Open source vulnerabilities tripled in six years, but 70-85% aren't even reachable. A data-driven look at the real state of open source security in 2026.

Jan 24, 20267 min read
Industry Analysis

State of Cloud Security Report Overview

This year's cloud security reports point to the same conclusion: detection isn't the bottleneck anymore — identity sprawl, supply chain risk, and slow remediation are.

Jan 23, 20268 min read
Industry Analysis

Inside the Agentic Development Supply Chain Report

Safeguard's research team analyzed 42,000+ repositories with agentic commit activity, finding new dependency, MCP server, and SBOM gaps introduced by AI coding agents.

Jan 23, 20267 min read
Industry Analysis

The Hidden Cost of AI Code in Financial Services

Banks and fintechs are shipping AI-generated code faster than they can vet it. The bill for that speed is starting to come due.

Jan 22, 20267 min read
Vulnerability Analysis

Log4Shell (CVE-2021-44228) and the supply chain lessons o...

A Log4Shell CVE-2021-44228 analysis covering the JNDI lookup flaw, CVSS 10.0 severity, KEV status, patch timeline, remediation steps, and the transitive dependency lessons it taught.

Jan 22, 20268 min read
SBOM

Generating and exporting a software bill of materials in AWS

A practical walkthrough for generating and exporting an AWS SBOM using Inspector and ECR -- plus troubleshooting tips and how Safeguard helps.

Jan 19, 20267 min read
software-supply-chain (Page 20) — Safeguard Blog