Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

SBOM

SBOM adoption in underwriting and actuarial software

Insurers price risk with software built on unvetted open-source code. Here's how SBOM underwriting software closes that blind spot.

Dec 30, 20257 min read
Vulnerability Analysis

Sentry SDK sensitive data exposure (CVE-2021-23727)

CVE-2021-23727 let sentry-sdk for Python leak OS environment variables into Sentry events, exposing secrets. Here's the impact, timeline, and fix.

Dec 26, 20257 min read
Vulnerability Analysis

Jackson-databind RCE via JDOM gadget (CVE-2020-36189)

CVE-2020-36189 lets attackers chain jackson-databind polymorphic deserialization with a JDOM gadget for RCE, SSRF, or XXE. Here's the mechanics and the fix.

Dec 25, 20257 min read
Vulnerability Analysis

Apache Commons FileUpload RCE (CVE-2016-1000031)

CVE-2016-1000031 is a critical Apache Commons FileUpload deserialization RCE that still lurks in transitive Java dependencies years after its fix.

Dec 24, 20257 min read
Vulnerability Analysis

Spring Security OAuth2 client vulnerability (CVE-2022-31690)

CVE-2022-31690 in Spring Security's OAuth2 client can let one principal obtain another's token. Here's the impact, CVSS/EPSS context, and how to remediate.

Dec 22, 20257 min read
Regulatory Compliance

TSA pipeline cybersecurity directive and software supply ...

A breakdown of TSA's pipeline cybersecurity directives and the software supply chain requirements they impose on operators and oil and gas vendors alike.

Dec 21, 20257 min read
AI Security

What agentic AI security means and why traditional AppSec...

Traditional AppSec was built for static code, not decision-making agents. Here's what agentic AI security actually covers—and why autonomous agents need a new defense model.

Dec 20, 20258 min read
AI Security

Security implications of AI browser agents that click, br...

AI browser agents click, browse, and pay with your credentials -- and prompt injection attacks like EchoLeak and CometJacking prove they can be hijacked to do it.

Dec 19, 20257 min read
AI Security

Explaining Model Context Protocol and its expanding attac...

MCP security is now urgent: MCP servers grew from 700 to 16,000+ in a year, and most are unaudited. Here is the threat model and how Safeguard secures it.

Dec 19, 20258 min read
AI Security

How tool poisoning attacks compromise MCP tool descriptions

A single poisoned tool description can turn a trusted MCP server into a silent data-exfiltration channel. Here's how these attacks work — and how to stop them.

Dec 18, 20257 min read
AI Security

Why training data provenance matters for trustworthy AI m...

Poisoned datasets and untraceable training data are already causing lawsuits and breaches. Here's why training data provenance is now a security requirement.

Dec 16, 20258 min read
AI Security

What an AI Bill of Materials is and why enterprises need one

An AI bill of materials (AIBOM) inventories the models, data, and dependencies behind an AI system. Here's what it is and why enterprises need one.

Dec 15, 20257 min read
software-supply-chain (Page 22) — Safeguard Blog