supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1052 articles
Type confusion vulnerabilities explained
Type confusion bugs let attackers corrupt memory by exploiting mismatched type assumptions. See real CVEs, how JIT engines fail, and how to catch it early.
Practical steps to secure third-party WebAssembly plugins...
A step-by-step guide to securing third-party WebAssembly plugins in production: sandboxing, capability restriction, resource limits, provenance checks, and runtime monitoring.
How AI safety benchmarks and evaluations measure model risk
A concrete look at how AI safety benchmark evaluation, LLM safety scorecards, and capability testing actually measure model risk in 2026 — and where they fall short.
The Secure Software Development Lifecycle in 2025: What Actually Changed
A practical look at how SSDLC practices evolved in 2025, what worked, what failed, and why most organizations are still getting the basics wrong.
How indirect prompt injection hides malicious instruction...
How attackers hide malicious instructions inside webpages, documents, and retrieved content to hijack AI systems — and why RAG pipelines are especially exposed.
Typosquatting in open source package registries explained
Typosquatting hides malware behind a one-character package name typo. Learn how it works, real incidents, and how to detect it before your build runs.
How to detect malicious npm packages
Real npm supply chain attacks — event-stream, ua-parser-js, node-ipc, and the 2025 chalk/debug breach — show how to spot and stop malicious packages.
Subresource integrity bypass explained
SRI hashes can't stop what happens before the hash is made. How polyfill.io, British Airways, and event-stream exposed real gaps in browser integrity checks.
How to build an AI-specific incident response playbook
A step-by-step guide to building an AI incident response plan — covering scoping, escalation, detection, containment, and post-incident review for LLM and agent failures.
RubyGems 2019 Multi-CVE Disclosure: Directory Traversal v...
CVE-2019-8320 let malicious RubyGems packages delete arbitrary directories via symlinked gem decompression. Here's the impact, timeline, and how to remediate it.
RubyGems Escape Sequence Injection via Crafted API Respon...
CVE-2019-8322 is a RubyGems flaw where crafted API responses could inject terminal escape sequences, spoofing gem output. Here's what to know and how to fix it.
RubyGems Escape Sequence Injection in Gem Owner Command (...
CVE-2019-8323 shows how RubyGems' gem owner command echoed unsanitized API response data to the terminal, enabling escape sequence injection attacks.