supply-chain-risk
Safeguard articles tagged "supply-chain-risk" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Open Source Funding Crisis: What It Means for Your Tree
Critical infrastructure depends on unpaid maintainers, and burnout creates openings attackers exploit. xz-utils was the warning shot, not the exception.
Best software supply chain security platforms
A practical buyer's guide comparing top software supply chain security platforms—SBOM, dependency scanning, and CI/CD attestation—so you can pick the right fit.
Immature Open Source Projects as a Supply Chain Risk
xz-utils, event-stream, node-ipc: a decade of supply chain incidents traces back to one root cause — thinly maintained, single-person open source projects.
Open Source Maintainer Succession Planning: A Supply Chain Imperative
When a solo maintainer disappears, entire dependency chains are at risk. How organizations should approach succession planning for critical open source projects.
NIS2 Directive: What EU Software Vendors Must Do Now
NIS2 is in force, transposition is late in half the EU, and the obligations bind anyway if you're in scope. The supply chain security and 24-hour reporting duties, decoded.
Safeguard Open Source Manager: Understanding the Health of Your Dependencies
Vulnerability counts do not tell the full story. Open Source Manager evaluates the health, maintainability, and trustworthiness of the open-source projects your software depends on.
Legacy Software and Supply Chain Risks
Legacy systems are supply chain time bombs—running outdated dependencies, unsupported frameworks, and unmaintained libraries. Here's how to manage the risk.
NIST CSF Updates Put Supply Chain Risk Management Front and Center
NIST's 2022 updates to the Cybersecurity Framework signal a major shift: supply chain risk management is no longer optional — it's a core pillar.