Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

AppSec

CVE-2023-4863: The libwebp Zero-Day That Hit Chrome and More

CVE-2023-4863 was a heap buffer overflow in libwebp's Huffman decoding that was exploited as a zero-day in the wild — and because libwebp sits inside Chrome, Firefox, and countless Electron apps, one library bug became an ecosystem-wide emergency patch.

Jan 22, 20256 min read
Product Update

Safeguard 5.0: The Next Generation of Software Supply Chain Security

Safeguard 5.0 introduces Griffin AI, expanded SBOM analysis, and a redesigned policy engine. Here is what is new and why it matters for your security program.

Jan 5, 20255 min read
Industry Trends

Software Supply Chain Security in 2024: A Year in Review

From the CrowdStrike outage to state-sponsored npm campaigns and regulatory milestones, 2024 was the year supply chain security went from niche concern to operational necessity.

Dec 22, 20247 min read
Industry Trends

Software Supply Chain Security Predictions for 2025

From AI-generated code risks to regulatory enforcement and package manager security evolution, here are the trends that will define software supply chain security in 2025.

Dec 20, 20247 min read
Industry Analysis

OpenTelemetry for Supply Chain Traces: Instrumenting the Pipeline

How OpenTelemetry turns CI/CD pipelines into a traceable, queryable graph that exposes supply chain risk from source control to production deployment.

Dec 18, 20247 min read
Industry Analysis

Panther SIEM Supply Chain Rules: A Detection Engineering Playbook

Write Panther Python detections that catch package poisoning, CI token abuse, and registry compromise. Real rule examples, tuning patterns, and alert routing.

Oct 18, 20247 min read
Best Practices

Legacy COBOL Supply Chain Modernization: A Pragmatic Playbook

Modernize the supply chain around COBOL systems without rewriting them. Build provenance, SBOMs, and policy gates for mainframe code that is not going anywhere.

Aug 28, 20247 min read
Supply Chain

SBOM Full Form and Why It Matters Now

SBOM full form is Software Bill of Materials — a complete inventory of the components in an application. Here's what it actually contains and why it matters today.

Aug 19, 20244 min read
Industry Analysis

New Relic Security: Building a Supply Chain View

How to extend New Relic's APM and Vulnerability Management features into a working software supply chain dashboard for security and platform teams.

Aug 15, 20247 min read
Vulnerabilities

The Moq Vulnerability: What Happened and What to Do

The Moq incident wasn't a classic CVE — it was a popular .NET mocking library quietly bundling a data-collection dependency in a routine version bump, and it's a case study in why supply-chain monitoring has to watch behavior, not just version numbers.

Aug 15, 20245 min read
Supply Chain

SCA in Cyber Security: What It Actually Means

SCA in cyber security stands for software composition analysis — the practice of identifying every open-source component in an application and checking it against known vulnerabilities and licenses.

Jul 30, 20245 min read
Industry Analysis

SentinelOne Supply Chain Detection Logic for Build Systems

How to extend SentinelOne's behavioral detection engine to cover build agents, package registries, and developer endpoints without drowning analysts in false positives.

Jul 22, 20247 min read
supply-chain-security (Page 84) — Safeguard Blog