supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1052 articles
How to manage open source risk in telecom OSS/BSS softwar...
A practical guide to managing telecom OSS/BSS open source risk—from SBOM inventory to dependency scanning—so carrier billing and network software stays secure.
Third-party risk management for telecom equipment vendors
A practical playbook for vetting telecom equipment vendors: supply chain checks, hardware/software audits, and procurement security controls.
How to vet open source software before deployment in tele...
A seven-step process for vetting open source telecom core network components — SBOMs, signature verification, protocol fuzzing, and procurement sign-off — before they reach production.
H2 database console remote code execution (CVE-2021-42392)
CVE-2021-42392 lets attackers trigger RCE in H2's console and JDBC URL handling via a Log4Shell-style JNDI gadget. Here's what's affected and how to fix it.
Securing the retail point-of-sale (POS) software supply c...
BlackPOS hit 40M Target cards in 2013. See how retail POS software supply chain security stops firmware tampering, malware, and vendor risk today.
Apache Shiro remember-me cookie deserialization RCE (CVE-2016-4437)
Apache Shiro's default rememberMe cipher key enables unauthenticated Java deserialization RCE. Here's how CVE-2016-4437 works and how to fix it.
Open source dependency risk in e-commerce platforms (Mage...
A practical guide to finding and fixing e-commerce platform dependency risk across Magento plugins, WooCommerce extensions, and Shopify apps before attackers do.
Third-party risk management for retail supply chain and l...
A practical, step-by-step framework for assessing and monitoring retail logistics software vendor risk, from SaaS onboarding to inventory system offboarding.
Spring Security authorization rule bypass (CVE-2023-34035)
CVE-2023-34035 lets Spring Security's requestMatchers() silently mis-evaluate authorization rules in multi-servlet apps. Here's the fix and how to detect exposure.
10 Predictions for Software Supply Chain Security in 2026
From AI-generated SBOMs to regulatory enforcement and the death of CVSS-only triage, here is what the software security landscape will look like in 2026.
Apache Solr XXE remote code execution (CVE-2017-12629)
CVE-2017-12629 chains XXE and Solr's RunExecutableListener into unauthenticated RCE. Affected versions, timeline, and concrete remediation steps.
NERC CIP-013 compliance and software supply chain risk ma...
NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.