Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Vulnerability Analysis

What is prototype pollution and why it keeps recurring in npm packages

Prototype pollution has hit lodash, jQuery, minimist, hoek, and immer since 2018. Here's how the bug works and why it keeps coming back in npm.

Dec 15, 20256 min read
Cryptography

What crypto-agility means and how to design for algorithm...

What crypto agility really means, why SHA-1's decade-long death proved it, and how to design algorithm swaps into software before NIST's PQC deadlines force the issue.

Dec 13, 20257 min read
Industry Analysis

Introduction to confidential computing and hardware-based...

Confidential computing seals data in use inside hardware-encrypted enclaves, closing the last gap in the encrypt-everywhere model. Here's how it works.

Dec 12, 20258 min read
Industry Analysis

Key security risks unique to WebAssembly runtimes and mod...

WebAssembly runs your edge functions, service mesh plugins, and smart contracts. Here are the WebAssembly security risks hiding behind the sandbox.

Dec 11, 20258 min read
Industry Analysis

Analysis of documented WebAssembly sandbox escape vulnera...

Real documented WASM sandbox escape cases in Wasmtime and Wasmer, covering affected versions, severity, disclosure timelines, and how to remediate.

Dec 10, 20259 min read
Industry Analysis

How the WASI security model constrains system access for ...

WASI's capability model gives Wasm modules only the exact files, sockets, and resources they're explicitly granted—but misconfiguration and runtime bugs still leave real gaps to close.

Dec 10, 20257 min read
Industry Analysis

Security considerations for running WebAssembly at the ed...

Wasm's sandbox is safe by default, not safe by construction. Here's where edge WebAssembly security breaks down -- in browsers, at the edge, and in the build pipeline.

Dec 10, 20257 min read
AI Security

How RAG poisoning attacks manipulate retrieval-augmented ...

RAG poisoning attacks corrupt the external knowledge base an LLM retrieves from, turning trusted documents into vectors for misinformation and data leaks.

Dec 7, 20258 min read
AI Security

How model extraction attacks steal proprietary AI model b...

Model extraction attacks let adversaries clone proprietary AI models through ordinary API queries alone. Here's how the attacks work, why they evade detection, and how to stop them.

Dec 7, 20257 min read
AI Security

What shadow AI is and how to discover unsanctioned AI use...

Shadow AI risk is spreading faster than governance can keep up. Here's what unsanctioned AI use looks like inside real enterprises and how to discover it before data leaks.

Dec 6, 20257 min read
AI Security

Glossary of AI Trust, Risk, and Security Management (AI T...

A glossary of AI trust risk security management concepts: the Gartner AI TRiSM framework, its four pillars, AI risk taxonomy, and adversarial threats.

Dec 5, 20258 min read
Open Source Security

RubyGems Escape Sequence Injection via Gem Name Output (C...

A look at CVE-2019-8321, the RubyGems escape sequence injection flaw in gem CLI output: affected versions, severity, and how to remediate it.

Dec 4, 20258 min read
software-supply-chain (Page 23) — Safeguard Blog