software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
Vulnerability assessment vs. penetration testing
Vulnerability assessment and penetration testing solve different problems. Here's how Safeguard's supply chain approach compares to Checkmarx's AppSec platform.
API security and the rise of shadow/zombie APIs
Shadow and zombie APIs caused breaches at Optus, T-Mobile, and Peloton. Here's why code-scanning tools miss them and what API security best practices actually work.
DevSecOps and CI/CD pipeline security
CI/CD pipelines are now a prime attack surface. Here's what Checkmarx's SAST-first approach misses, and how Safeguard secures the full pipeline.
What is Static Application Security Testing (SAST)
SAST scans source code for flaws before deployment. Learn how it works, where Checkmarx-style tools fall short on supply chain risk, and how Safeguard closes the gap.
Interactive Application Security Testing (IAST) explained
IAST tests applications from the inside while they run, catching flaws SAST and DAST miss alone. Here's how it works, how Checkmarx uses it, and where gaps remain.
Web Application Security Standards overview
A breakdown of OWASP, NIST SSDF, and PCI DSS 4.0 web application security standards, where Veracode's scanning model covers them, and where supply-chain gaps remain.
OWASP Testing Tools and Methodology
OWASP testing tools cover the methodology; Veracode wraps part of it commercially. Neither was built for supply chain risk — here's where the gaps are and how to close them.
Where Defenders Should Be: The H2 2026 Cybersecurity Conference Calendar
A preview of the major H2 2026 security events — Black Hat USA, DEF CON 34, USENIX Security — and the agentic AI security and supply chain themes that will dominate the agendas.
AI Code Security Tools: risks of restricting them
Banning AI coding assistants doesn't remove the risk, it just removes visibility. Here's why restriction backfires and what actually secures AI-generated code.
Hacker Summer Camp 2026 Survival Guide: OPSEC for Black Hat, DEF CON 34 and BSides
A practical, opinionated field guide to surviving Hacker Summer Camp in Las Vegas this August — device hygiene, network OPSEC, talk selection, and pacing — with a preview of the AI agent and supply chain themes likely to dominate the floor.
FedRAMP Moderate authorization and AppSec controls
Veracode's FedRAMP Moderate authorization is a procurement accelerant, not proof of AppSec efficacy. Here's what the badge covers, what it doesn't, and what federal buyers should verify.
Black Hat Arsenal 2026 Preview: The Agentic AI and Supply-Chain Tools to Watch
Black Hat USA 2026 runs August 1–6 at Mandalay Bay, with Arsenal August 4–6. Here is an honest preview of the open-source tool categories worth your time — and how to tell signal from demo-day hype.