Safeguard
Tag

supply-chain-risk

Safeguard articles tagged "supply-chain-risk" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Open Source Security

Open Source Funding Crisis: What It Means for Your Tree

Critical infrastructure depends on unpaid maintainers, and burnout creates openings attackers exploit. xz-utils was the warning shot, not the exception.

Mar 21, 20267 min read
Software Supply Chain Security

Best software supply chain security platforms

A practical buyer's guide comparing top software supply chain security platforms—SBOM, dependency scanning, and CI/CD attestation—so you can pick the right fit.

Nov 13, 20257 min read
Open Source Security

Immature Open Source Projects as a Supply Chain Risk

xz-utils, event-stream, node-ipc: a decade of supply chain incidents traces back to one root cause — thinly maintained, single-person open source projects.

Nov 3, 20257 min read
Open Source

Open Source Maintainer Succession Planning: A Supply Chain Imperative

When a solo maintainer disappears, entire dependency chains are at risk. How organizations should approach succession planning for critical open source projects.

Aug 10, 20256 min read
Compliance

NIS2 Directive: What EU Software Vendors Must Do Now

NIS2 is in force, transposition is late in half the EU, and the obligations bind anyway if you're in scope. The supply chain security and 24-hour reporting duties, decoded.

Jul 8, 20256 min read
Product

Safeguard Open Source Manager: Understanding the Health of Your Dependencies

Vulnerability counts do not tell the full story. Open Source Manager evaluates the health, maintainability, and trustworthiness of the open-source projects your software depends on.

May 1, 20247 min read
Risk Management

Legacy Software and Supply Chain Risks

Legacy systems are supply chain time bombs—running outdated dependencies, unsupported frameworks, and unmaintained libraries. Here's how to manage the risk.

Nov 18, 20237 min read
Compliance & Regulations

NIST CSF Updates Put Supply Chain Risk Management Front and Center

NIST's 2022 updates to the Cybersecurity Framework signal a major shift: supply chain risk management is no longer optional — it's a core pillar.

Jul 15, 20225 min read
supply-chain-risk — Safeguard Blog