Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Supply Chain

SCA Meaning and Full Form: Software Composition Analysis Explained

SCA stands for Software Composition Analysis — the practice of scanning your dependencies for known vulnerabilities and license risk. Here's the full form and how it actually works.

Feb 8, 20245 min read
Vulnerabilities

libwebp and CVE-2023-4863: The Full Story

A heap buffer overflow in libwebp's lossless decoder, exploited in the wild before a patch existed, turned out to affect far more software than the browser it was first reported in.

Jan 24, 20245 min read
Incident Analysis

VF Corporation Ransomware Attack Disrupts Vans, North Face, and Timberland

In December 2023, VF Corporation, parent company of Vans, The North Face, and Timberland, suffered a ransomware attack that disrupted order fulfillment and exposed personal data of 35.5 million customers during the critical holiday shopping season.

Dec 18, 20237 min read
Incident Analysis

Dollar Tree Third-Party Breach Impacts Nearly 2 Million Employees

In November 2023, Dollar Tree disclosed that a breach at its third-party service provider Zeroed-In Technologies exposed the personal data of nearly 2 million current and former employees, highlighting the persistent risk of third-party supply chain compromises.

Nov 22, 20237 min read
Incident Analysis

Boeing Hit by LockBit Ransomware: 43GB of Sensitive Data Leaked

In November 2023, the LockBit ransomware gang published 43 gigabytes of Boeing's internal data after the aerospace giant refused to pay ransom, exposing the persistent vulnerability of manufacturing supply chains to ransomware.

Nov 10, 20238 min read
Case Studies

Cloudflare's Supply Chain Security Model

How Cloudflare secures the software supply chain for infrastructure that sits between the internet and millions of websites, with lessons on Rust adoption and edge computing security.

Nov 5, 20237 min read
Case Studies

Microsoft's Secure Supply Chain Practices

How Microsoft rebuilt its security posture after years of high-profile incidents, implementing supply chain controls that now protect one of the world's largest software ecosystems.

Sep 15, 20237 min read
Security Operations

Building a Supply Chain Security Metrics Dashboard That Drives Action

Most security dashboards display data nobody acts on. Here is how to build supply chain metrics that actually drive security improvement.

Sep 12, 20235 min read
Tool Reviews

Socket.dev: Detecting Supply Chain Attacks Before They Hit

A review of Socket.dev's approach to supply chain security, focusing on behavior analysis of npm packages, install script detection, and typosquatting prevention.

Aug 22, 20235 min read
Cloud Security

Google Cloud Build Supply Chain Security: From Source to Deploy

How to secure your Cloud Build pipelines with SLSA provenance, Binary Authorization, and artifact verification for end-to-end supply chain integrity.

Aug 12, 20237 min read
Software Supply Chain

Cloud-Native SBOM Generation Strategies That Actually Work

Practical strategies for generating and managing Software Bills of Materials in cloud-native environments, beyond the compliance checkbox.

Jul 10, 20238 min read
Case Studies

How Google Secures Its Software Supply Chain

An inside look at Google's multi-layered approach to supply chain security, from Binary Authorization to SLSA, and what other organizations can adapt from their model.

May 8, 20237 min read
supply-chain-security (Page 86) — Safeguard Blog