Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

SBOM

Building an SBOM Program from Scratch: A Practical Guide

Standing up an SBOM program is more than picking a tool. This guide covers organizational buy-in, tooling selection, automation, and scaling from your first BOM to enterprise-wide adoption.

Sep 20, 20227 min read
Open Source Security

Linux Kernel Supply Chain Security: How the World's Largest Project Protects Itself

The Linux kernel is the most critical open source project on earth. Its supply chain security practices offer lessons for every project, but also reveal challenges that scale creates.

Sep 8, 20227 min read
Industry Guides

Software Supply Chain Security in Banking: A Practical Guide

Banks face unique software supply chain risks. This guide covers real threats, regulatory expectations, and what security teams should actually be doing.

Aug 20, 20227 min read
Application Security

Secrets Management: Preventing Credential Leaks in Your Software Supply Chain

Hardcoded credentials remain the most common source of breaches. Despite a decade of tooling improvements, secrets keep leaking through source code, container images, CI logs, and dependency configurations. Here is how to actually fix it.

Jun 22, 20229 min read
Application Security

The OWASP Top 10 (2021) Through a Supply Chain Security Lens

The 2021 OWASP Top 10 added supply chain risks for the first time. Here is what each category means when your code is mostly someone else's code.

Jun 15, 20228 min read
Cloud Security

AWS Supply Chain Security Best Practices You Should Adopt Today

A practical guide to securing your software supply chain on AWS, from ECR image provenance to CodePipeline hardening.

Jun 8, 20227 min read
PKI Security

Certificate Authority Compromise and Supply Chain Risks

A compromised certificate authority can undermine TLS trust for your entire software supply chain. Understanding CA risks is essential for defending package integrity and secure distribution.

Mar 12, 20227 min read
DevSecOps

Software Supply Chain Security for Startups: A Practical Guide

You don't need a massive security team to get supply chain security right. Here's a pragmatic, prioritized approach for startups that balances risk reduction with engineering velocity.

Feb 15, 20226 min read
Open Source Security

Log4j and the Maintainer Burnout Crisis Nobody Talks About

The Log4Shell vulnerability exposed more than a critical flaw in Java logging. It revealed a systemic failure in how the industry treats the people who maintain critical open source infrastructure.

Jan 18, 20227 min read
Vulnerability Research

Zero-Day Vulnerabilities in Open Source: 2021 in Review

2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.

Nov 28, 20217 min read
Compliance & Regulations

NTIA SBOM Minimum Elements: What Your SBOM Actually Needs to Contain

The NTIA published its minimum elements for SBOMs in July 2021. Here's a practical breakdown of what's required, what's optional, and where most organizations fall short.

Nov 10, 20218 min read
Risk Management

Third-Party Risk Management for Software Vendors: Beyond the Questionnaire

Security questionnaires are still how most organizations evaluate vendor risk. They're also still mostly useless. Here's what actually works.

Sep 8, 20218 min read
supply-chain-security (Page 87) — Safeguard Blog