Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Software Supply Chain Security

Telecom Supply Chain Risk Controls in 2026

Practical supply chain controls for telecom operators in 2026, covering RAN software, OSS/BSS stacks, and the regulatory pressure from FCC and ENISA frameworks.

Apr 2, 20266 min read
Container Security

Container Registry Security Hardening Checklist for 2026

A concrete hardening checklist for container registries in 2026, covering authentication, signing, scanning, retention, and the operational details that actually matter.

Apr 2, 20265 min read
Supply Chain Attacks

Composer/PHP Supply Chain Threats: 2025 Report

A senior engineer's 2025 report on Composer and Packagist supply chain threats: namespace abuse, abandoned maintainers, plugin hooks, and the attacks that actually landed on PHP shops.

Apr 2, 20268 min read
Application Security

Next-Gen SCA Explained: What Changed in 2026

Next-gen SCA tools moved past package-tree scanning to reachability, runtime context, and exploit signal. Here's what actually changed and why it matters.

Apr 2, 20265 min read
Emerging Technology

Symbol Conflict and Binary Planting Attacks 2025

Symbol conflicts and binary planting are the oldest native-code attacks, and they are showing up in modern software supply chains in unexpected places.

Apr 1, 20268 min read
Best Practices

Break-Glass Workflow Design: Audited Bypass That Works

Every policy needs a bypass path or it will be routed around. The trick is making the bypass auditable, time-bound, and rare enough to remain meaningful.

Mar 31, 20267 min read
Industry Analysis

Dependency Confusion Five Years In: Evolution

Dependency confusion turned five in 2026. We look at how the attack has evolved, why it still works, and what defenders have actually learned.

Mar 31, 20268 min read
AI Security

Responsible Disclosure For Discovered Zero-Days

When your pipeline starts producing zero-days, you inherit responsible disclosure obligations. Here is how to do it well, with the artefacts the pipeline already gives you.

Mar 31, 20267 min read
Best Practices

Finding Forgotten Public npm Packages In Your Org

Public npm packages your org published years ago are now an attacker's best targets. Find them before someone else does.

Mar 30, 20267 min read
Open Source Security

Go Modules Supply Chain Program Blueprint 2026

A 2026 blueprint for Go modules supply chain security — from proxy and checksum database to vendoring and binary provenance — anchored by Safeguard.

Mar 30, 20267 min read
Regulatory Compliance

SLSA v1.1 Framework Update: What's New

SLSA v1.1 sharpens the build track, adds a source track draft, and clarifies attestation semantics. Here is the practical guide for security teams.

Mar 30, 20266 min read
Best Practices

TPRM Vendor Tiering By Blast Radius Not Spend

Most TPRM programs tier vendors by spend. That misses the vendors who are cheap but catastrophic when they fail. Tiering by blast radius is the fix.

Mar 30, 20267 min read
supply-chain (Page 12) — Safeguard Blog