Software Updates
Safeguard articles tagged "Software Updates" — guides, analysis, and best practices for software supply chain and application security.
6 articles
DNS Cache Poisoning for Software Updates: 2025
DNS cache poisoning is a known attack class with a new application: hijacking software update checks to ship malicious binaries that pass every signature check.
Lessons from CrowdStrike: Rethinking How We Deploy Software Updates
The CrowdStrike outage wasn't just an EDR problem. It exposed fundamental weaknesses in how the entire industry handles software updates, from kernel drivers to SaaS platforms.
Certificate Pinning for Software Updates: When and How to Pin
Certificate pinning can protect your update channel from MITM attacks, but it introduces operational complexity. Here is when pinning makes sense and how to do it safely.
Securing Software Update Mechanisms
Software updates are a double-edged sword: they deliver patches but also provide a trusted channel attackers can exploit. Securing the update mechanism itself is essential to supply chain integrity.
Software Updates in Air-Gapped Environments: Security Without Connectivity
Air-gapped environments protect critical infrastructure by eliminating network connectivity. But software still needs updates. Bridging this gap without introducing the risks you isolated against is the challenge.
Software Update Signing and Verification: Getting It Right
Signed updates are table stakes for software distribution. But the signing and verification process has pitfalls that undermine the entire security model.