Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Open Source Security

Most vulnerable Go packages report

Safeguard's 2026 analysis ranks the most vulnerable Go packages by exposure-weighted risk, revealing why a handful of core modules drive most CVE impact.

Nov 20, 20257 min read
Supply Chain Attacks

The Six-Month PEAR go-pear.phar Installer Compromise

How a single tampered PEAR go-pear.phar installer sat undetected on pear.php.net for months, what it could do, and what the PHP ecosystem learned about supply chain trust.

Nov 19, 20257 min read
Open Source Security

Go binary malware distribution trends

Go binaries are now a preferred malware delivery format — statically linked, cross-platform, and hard to fingerprint. Here's what the trend data shows.

Nov 19, 20256 min read
Buyer's Guides

Best open source SBOM generation tools

A practical, no-hype comparison of open source SBOM generation tools — Syft, Trivy, cdxgen, Microsoft sbom-tool, SPDX Tools, and Tern — plus what to check before you pick one.

Nov 19, 20258 min read
AI Security

Rogue AI Agents: When Autonomous Systems Act Outside Inte...

Autonomous AI agents are gaining real access to production systems — and real incidents, from deleted databases to fabricated refunds, show what happens when they act outside intended boundaries.

Nov 18, 20257 min read
AI Security

Human-Agent Trust Exploitation in AI Systems

Attackers are exploiting the trust between humans and AI agents — hidden prompt injections, hallucinated packages, and over-trusted autonomy are now supply chain risks.

Nov 18, 20257 min read
Container Security

Distroless image security trend report

Distroless adoption is up nearly 3x since 2024, but Safeguard's 2026 scan data shows SBOM gaps, missed dependencies, and inflated CVE lists still undermine the hardening it promises.

Nov 16, 20257 min read
Buyer's Guides

Best IAST tools for runtime application security testing

A practical, no-fluff comparison of IAST tools for runtime application security testing — evaluation criteria, honest vendor tradeoffs, and where supply chain risk still slips through.

Nov 16, 20257 min read
Open Source Security

NuGet package vulnerability trends report

NuGet's growing attack surface: typosquatting, steganographic malware, and patch lag are reshaping .NET supply chain risk in 2026 — here's what the data shows.

Nov 16, 20257 min read
Open Source Security

Malicious NuGet packages targeting .NET developers

A fresh wave of malicious NuGet packages is hitting .NET developers via typosquatting, MSBuild-triggered code, and IL weaving. Here's what's happening and how to respond.

Nov 15, 20257 min read
AI Security

LLM Misinformation: Security Risks of Hallucinated Outputs

LLM hallucinations aren't just AI trivia — they invent packages attackers squat on, fake CVEs, and false advisories that have already cost real companies real money.

Nov 15, 20258 min read
Open Source Security

Compromised NuGet author accounts

NuGet maintainer accounts are the .NET supply chain's weakest link. Here's why account takeover beats typosquatting, and how to detect it before a CVE exists.

Nov 15, 20257 min read
software-supply-chain (Page 25) — Safeguard Blog