Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Buyer's Guides

How Sponsorship Models (GitHub Sponsors, Tidelift, Open C...

GitHub Sponsors, Tidelift, and Open Collective pay maintainers in very different ways. Here's how their fees, payouts, and security guarantees actually compare.

Jul 26, 20258 min read
Open Source Security

Why Automated Tooling Can't Fully Replace Human Maintaine...

Automated scanners missed the XZ Utils backdoor for years. Here's why CVE scores, SAST tools, and dependency bots can't replace human maintainer judgment.

Jul 25, 20257 min read
Product

Why Security Debt Accumulates Fastest in the Most 'Produc...

High-velocity engineering teams accumulate the most security debt, not the least. Here's why speed hides risk — and how to catch it without slowing down.

Jul 23, 20257 min read
AI Security

Model Context Protocol Security 101: What Could Go Wrong ...

MCP lets AI models call tools automatically — and lets malicious servers hide instructions in plain sight. Here's how tool poisoning, rug pulls, and shadowing actually work.

Jul 22, 20257 min read
AI Security

Prompt Injection vs Traditional Injection Attacks: A Tech...

SQL injection was solved by separating code from data. Prompt injection can't be, because in an LLM they share one channel. Here's the technical comparison, with real exploits and dates.

Jul 22, 20258 min read
AI Security

The Jailbreaking Economy: How Model Vulnerabilities Get D...

Jailbreak prompts now trade like exploits: sold as $200/month "dark" chatbots, bountied by vendors for up to $15,000. Here's how that market actually works.

Jul 21, 20258 min read
AI Security

Least Privilege for AI Agents: Why It's Harder Than It So...

AI agents break least-privilege assumptions built for humans: they chain tools, act autonomously, and compose narrow scopes into broad access no one reviewed.

Jul 21, 20257 min read
AI Security

Why Traditional SAST Tools Struggle to Analyze Agentic Co...

Agentic codebases build call graphs at runtime, defeating static analysis. Here's why SAST tools miss prompt injection and tool-schema risks—and how Safeguard closes the gap.

Jul 19, 20257 min read
DevSecOps

Why Security Training Completion Rates Don't Predict Secu...

Completion rates measure attendance, not behavior. Here's why training checkboxes don't predict secure coding outcomes, and what to measure instead.

Jul 19, 20257 min read
DevSecOps

The Champion Model: Do Embedded Security Champions Actual...

Security champion programs cut vulnerabilities only under specific conditions. Here's what BSIMM, GitLab, and OWASP data show about when the champion model actually works.

Jul 18, 20257 min read
DevSecOps

Why Security and Engineering KPIs Are Still Misaligned in...

Security teams chase CVSS scores and SLA compliance while engineering chases velocity and uptime—two scorecards that were never built to agree.

Jul 18, 20257 min read
DevSecOps

The Hidden Cost of Context Switching Between IDE and Secu...

Jumping between your IDE and security dashboards isn't free. Here's what context switching really costs developers, and how to eliminate it.

Jul 17, 20257 min read
software-supply-chain (Page 42) — Safeguard Blog