supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1052 articles
How data poisoning attacks corrupt LLM behavior during tr...
A single expired domain and $60 can poison a training set. Here's how data poisoning attacks corrupt LLM behavior — and how Safeguard verifies training data before it ships.
Docker symlink race condition escape (CVE-2018-15664)
A TOCTOU race in Docker's docker cp symlink resolution let malicious containers write to host files as root. Impact, CVSS, and fixes inside.
Software Supply Chain Security in 2025: The Year in Review
From the CVE program funding crisis to the rise of AI-targeted supply chain attacks, 2025 reshaped the software security landscape. A comprehensive look at the year's defining events and trends.
Docker Engine crafted image denial of service (CVE-2021-21285)
CVE-2021-21285 lets a crafted container image crash Docker Engine before 20.10.3. Affected versions, severity, timeline, and remediation steps.
Risks of downloading malicious pretrained models from pub...
Real incidents show malicious Hugging Face models evading scanners with pickle exploits and reverse shells. Here's what teams need to know before the next pull.
How slopsquatting exploits AI-hallucinated package names
Slopsquatting attacks turn AI-hallucinated package names into real supply chain threats. Here's how it works, the numbers behind it, and how Safeguard stops it.
Security risks introduced by AI coding assistants and gen...
AI coding assistants now write huge shares of production code. Real 2025 incidents show hallucinated packages, leaked secrets, and vulnerable defaults ship with it.
Overview of NIST's finalized post-quantum cryptography st...
NIST finalized FIPS 203, 204, and 205 in August 2024, formalizing the first NIST post-quantum standards. Here's what changes for software supply chain security teams.
How ML-KEM (Kyber) works and implementation pitfalls
FIPS 203's ML-KEM Kyber is landing in TLS, SSH, and VPNs everywhere — here's how the lattice math works and the timing bugs, like KyberSlash, already found in real implementations.
How trusted execution environments protect sensitive work...
Trusted execution environments promise hardware-isolated security for sensitive workloads, but real-world attacks show the TEE model has limits Safeguard helps you manage.
Time-of-check to time-of-use (TOCTOU) race condition vulnerabilities
TOCTOU race conditions let attackers swap a resource between a security check and its use. Real CVEs, exploit mechanics, and prevention patterns explained.
Remote attestation fundamentals for confidential computin...
A practical look at remote attestation for confidential computing: how enclave protocols and hardware verification prove workloads haven't been tampered with.