supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
SCA Meaning and Full Form: Software Composition Analysis Explained
SCA stands for Software Composition Analysis — the practice of scanning your dependencies for known vulnerabilities and license risk. Here's the full form and how it actually works.
libwebp and CVE-2023-4863: The Full Story
A heap buffer overflow in libwebp's lossless decoder, exploited in the wild before a patch existed, turned out to affect far more software than the browser it was first reported in.
VF Corporation Ransomware Attack Disrupts Vans, North Face, and Timberland
In December 2023, VF Corporation, parent company of Vans, The North Face, and Timberland, suffered a ransomware attack that disrupted order fulfillment and exposed personal data of 35.5 million customers during the critical holiday shopping season.
Dollar Tree Third-Party Breach Impacts Nearly 2 Million Employees
In November 2023, Dollar Tree disclosed that a breach at its third-party service provider Zeroed-In Technologies exposed the personal data of nearly 2 million current and former employees, highlighting the persistent risk of third-party supply chain compromises.
Boeing Hit by LockBit Ransomware: 43GB of Sensitive Data Leaked
In November 2023, the LockBit ransomware gang published 43 gigabytes of Boeing's internal data after the aerospace giant refused to pay ransom, exposing the persistent vulnerability of manufacturing supply chains to ransomware.
Cloudflare's Supply Chain Security Model
How Cloudflare secures the software supply chain for infrastructure that sits between the internet and millions of websites, with lessons on Rust adoption and edge computing security.
Microsoft's Secure Supply Chain Practices
How Microsoft rebuilt its security posture after years of high-profile incidents, implementing supply chain controls that now protect one of the world's largest software ecosystems.
Building a Supply Chain Security Metrics Dashboard That Drives Action
Most security dashboards display data nobody acts on. Here is how to build supply chain metrics that actually drive security improvement.
Socket.dev: Detecting Supply Chain Attacks Before They Hit
A review of Socket.dev's approach to supply chain security, focusing on behavior analysis of npm packages, install script detection, and typosquatting prevention.
Google Cloud Build Supply Chain Security: From Source to Deploy
How to secure your Cloud Build pipelines with SLSA provenance, Binary Authorization, and artifact verification for end-to-end supply chain integrity.
Cloud-Native SBOM Generation Strategies That Actually Work
Practical strategies for generating and managing Software Bills of Materials in cloud-native environments, beyond the compliance checkbox.
How Google Secures Its Software Supply Chain
An inside look at Google's multi-layered approach to supply chain security, from Binary Authorization to SLSA, and what other organizations can adapt from their model.