Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1052 articles

Open Source Security

How to manage open source risk in telecom OSS/BSS softwar...

A practical guide to managing telecom OSS/BSS open source risk—from SBOM inventory to dependency scanning—so carrier billing and network software stays secure.

Dec 25, 20258 min read
Industry Analysis

Third-party risk management for telecom equipment vendors

A practical playbook for vetting telecom equipment vendors: supply chain checks, hardware/software audits, and procurement security controls.

Dec 25, 20258 min read
Open Source Security

How to vet open source software before deployment in tele...

A seven-step process for vetting open source telecom core network components — SBOMs, signature verification, protocol fuzzing, and procurement sign-off — before they reach production.

Dec 24, 20257 min read
Vulnerability Analysis

H2 database console remote code execution (CVE-2021-42392)

CVE-2021-42392 lets attackers trigger RCE in H2's console and JDBC URL handling via a Log4Shell-style JNDI gadget. Here's what's affected and how to fix it.

Dec 24, 20257 min read
Software Supply Chain Security

Securing the retail point-of-sale (POS) software supply c...

BlackPOS hit 40M Target cards in 2013. See how retail POS software supply chain security stops firmware tampering, malware, and vendor risk today.

Dec 23, 20257 min read
Vulnerability Analysis

Apache Shiro remember-me cookie deserialization RCE (CVE-2016-4437)

Apache Shiro's default rememberMe cipher key enables unauthenticated Java deserialization RCE. Here's how CVE-2016-4437 works and how to fix it.

Dec 23, 20258 min read
Open Source Security

Open source dependency risk in e-commerce platforms (Mage...

A practical guide to finding and fixing e-commerce platform dependency risk across Magento plugins, WooCommerce extensions, and Shopify apps before attackers do.

Dec 23, 20257 min read
Software Supply Chain Security

Third-party risk management for retail supply chain and l...

A practical, step-by-step framework for assessing and monitoring retail logistics software vendor risk, from SaaS onboarding to inventory system offboarding.

Dec 23, 20258 min read
Vulnerability Analysis

Spring Security authorization rule bypass (CVE-2023-34035)

CVE-2023-34035 lets Spring Security's requestMatchers() silently mis-evaluate authorization rules in multi-servlet apps. Here's the fix and how to detect exposure.

Dec 23, 20258 min read
Industry Analysis

10 Predictions for Software Supply Chain Security in 2026

From AI-generated SBOMs to regulatory enforcement and the death of CVSS-only triage, here is what the software security landscape will look like in 2026.

Dec 22, 20257 min read
Vulnerability Analysis

Apache Solr XXE remote code execution (CVE-2017-12629)

CVE-2017-12629 chains XXE and Solr's RunExecutableListener into unauthenticated RCE. Affected versions, timeline, and concrete remediation steps.

Dec 22, 20257 min read
Regulatory Compliance

NERC CIP-013 compliance and software supply chain risk ma...

NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.

Dec 22, 20258 min read
supply-chain-security (Page 57) — Safeguard Blog