Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

AI Security

Prompt Injection Attack Techniques and Defenses

Prompt injection is now OWASP's #1 LLM risk, and real incidents like EchoLeak and Slack AI prove it can mean zero-click data exfiltration. Here's how it works and what stops it.

Nov 12, 20257 min read
Application Security

Out-of-Bounds Read Vulnerabilities (CWE-125) Explained

How out-of-bounds read vulnerabilities (CWE-125) leak memory instead of crashing programs, why Heartbleed and Cloudbleed happened, and how to catch them in your dependencies.

Nov 12, 20257 min read
Application Security

Out-of-Bounds Write Vulnerabilities (CWE-787) Explained

CWE-787 out-of-bounds write bugs let attackers corrupt memory past a buffer's limit, causing crashes or code execution. Here's how they work.

Nov 12, 20258 min read
Application Security

Improper Restriction of Operations Within Memory Bounds

CWE-119 has topped MITRE's vulnerability rankings for years, from Heartbleed to WannaCry to the 2023 libwebp zero-day. Here's why it persists and how to catch it early.

Nov 11, 20257 min read
Concepts

What Is a CVE Numbering Authority (CNA)?

A CNA is an organization authorized to assign CVE identifiers to vulnerabilities in its scope. Here is how CNAs work and why they shape how fast a flaw becomes citable.

Nov 11, 20255 min read
Open Source Security

Unsafe Rust code vulnerability patterns

RustSec advisories tied to unsafe code keep climbing. Here's how unsound FFI, transmute misuse, and unchecked indexing become real exploits.

Nov 11, 20257 min read
Buyer's Guides

Best secrets management and vaulting solutions

A buyer's guide to secrets management tools: evaluation criteria plus honest comparisons of Vault, AWS Secrets Manager, CyberArk, Doppler, and Infisical.

Nov 11, 20259 min read
Application Security

Integer Overflow and Wraparound Vulnerabilities

A single wrapped integer minted 184B bitcoin, grounded 787s, and erased $900M from a crypto token. Here's how overflow bugs work—and how Safeguard catches them first.

Nov 11, 20258 min read
Open Source Security

Rust supply chain security landscape

Rust's crates.io has topped 170,000 packages and real attacks are following. Here's what's changed and how security teams should respond.

Nov 11, 20257 min read
Buyer's Guides

Best third-party and vendor risk management (TPRM) tools

A practical buyer's guide comparing six named third-party risk management tools — strengths, limitations, and where software supply chain visibility fills the gaps they miss.

Nov 11, 20258 min read
Compliance

Best continuous compliance monitoring platforms

A practical, no-hype comparison of continuous compliance monitoring platforms for SOC 2 and audit readiness, plus where dedicated tools fall short.

Nov 11, 20258 min read
Buyer's Guides

Best SOC 2 compliance automation tools

A practical, no-hype comparison of SOC 2 compliance automation tools — what to evaluate, how Vanta, Drata, Secureframe, Sprinto, and others differ, and where they fall short.

Nov 10, 20258 min read
software-supply-chain (Page 27) — Safeguard Blog