Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

SBOM & Compliance

SBOM Incident Response: Finding Affected Products Fast

When a critical CVE drops, the only number that matters is minutes-to-blast-radius. Here is how a well-run SBOM programme answers the question in under five minutes.

Mar 4, 20267 min read
Software Supply Chain Security

Fintech Software Supply Chain Realities in 2026

Fintechs ship fast and run on a thick layer of open source. Here is what the 2026 supply chain threat landscape looks like for a modern payments or lending platform, and the controls that actually scale.

Mar 4, 20266 min read
Software Supply Chain Security

Telecom Supply Chain Strategy for 2026

How telecom operators should rebuild their software supply chain strategy for 2026: SBOM mandates, 5G core risks, vendor concentration, and reachability-driven prioritization.

Mar 4, 20265 min read
Supply Chain Attacks

npm Protestware Patterns From 2020 to 2026

A senior engineer's view of six years of npm protestware, from colors.js to peacenotwar, and the supply chain lessons that still apply to modern JavaScript shops.

Mar 3, 20267 min read
Cloud Security

Azure Confidential VM Attestation in a Supply Chain Pipeline

Confidential VMs on Azure protect workloads in use, but the attestation flow is where their value gets unlocked. We trace how to wire it into a build and deploy pipeline.

Mar 2, 20267 min read
Application Security

JetBrains Plugin Security in 2026

JetBrains IDEs have a smaller plugin ecosystem than VS Code, but the security model is similar and the risks rhyme. Here is what to watch in 2026.

Mar 2, 20266 min read
Industry Analysis

Nullcon Berlin 2026 Supply Chain Highlights

Nullcon Berlin 2026 delivered a dense European view of software supply chain research. Here are the themes and sessions that mattered most to defenders.

Mar 2, 20268 min read
Software Supply Chain Security

in-toto Attestation Framework Walkthrough 2026

A working engineer's tour of in-toto in 2026: layouts, links, the attestation predicate ecosystem, and how it composes with SLSA, sigstore, and SBOMs.

Mar 2, 20265 min read
Best Practices

Guardrails As An Incident Prevention System

Detection and response cannot scale if the prevention layer is missing. Guardrails turn the lessons of past incidents into the policy that prevents the next one.

Mar 1, 20268 min read
Industry Analysis

Nation-State Supply Chain Tradecraft Update

Nation-state supply chain tradecraft has evolved sharply since SolarWinds. We trace the 2025 to 2026 patterns, the operational signatures, and defensive implications.

Mar 1, 20267 min read
AI Security

Zero-Day Discovery ROI: CISO Board Deck

How to talk to your board about zero-day discovery without overpromising. The metrics, the framing, and the slides that hold up under follow-up questions.

Mar 1, 20267 min read
Incident Analysis

XZ Utils Backdoor: One Year Retrospective

A year after the XZ Utils backdoor was caught by Andres Freund at Microsoft, what did we fix, what did we ignore, and what still gets packaged into Linux distros?

Mar 1, 20267 min read
supply-chain (Page 21) — Safeguard Blog