supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
SBOM Incident Response: Finding Affected Products Fast
When a critical CVE drops, the only number that matters is minutes-to-blast-radius. Here is how a well-run SBOM programme answers the question in under five minutes.
Fintech Software Supply Chain Realities in 2026
Fintechs ship fast and run on a thick layer of open source. Here is what the 2026 supply chain threat landscape looks like for a modern payments or lending platform, and the controls that actually scale.
Telecom Supply Chain Strategy for 2026
How telecom operators should rebuild their software supply chain strategy for 2026: SBOM mandates, 5G core risks, vendor concentration, and reachability-driven prioritization.
npm Protestware Patterns From 2020 to 2026
A senior engineer's view of six years of npm protestware, from colors.js to peacenotwar, and the supply chain lessons that still apply to modern JavaScript shops.
Azure Confidential VM Attestation in a Supply Chain Pipeline
Confidential VMs on Azure protect workloads in use, but the attestation flow is where their value gets unlocked. We trace how to wire it into a build and deploy pipeline.
JetBrains Plugin Security in 2026
JetBrains IDEs have a smaller plugin ecosystem than VS Code, but the security model is similar and the risks rhyme. Here is what to watch in 2026.
Nullcon Berlin 2026 Supply Chain Highlights
Nullcon Berlin 2026 delivered a dense European view of software supply chain research. Here are the themes and sessions that mattered most to defenders.
in-toto Attestation Framework Walkthrough 2026
A working engineer's tour of in-toto in 2026: layouts, links, the attestation predicate ecosystem, and how it composes with SLSA, sigstore, and SBOMs.
Guardrails As An Incident Prevention System
Detection and response cannot scale if the prevention layer is missing. Guardrails turn the lessons of past incidents into the policy that prevents the next one.
Nation-State Supply Chain Tradecraft Update
Nation-state supply chain tradecraft has evolved sharply since SolarWinds. We trace the 2025 to 2026 patterns, the operational signatures, and defensive implications.
Zero-Day Discovery ROI: CISO Board Deck
How to talk to your board about zero-day discovery without overpromising. The metrics, the framing, and the slides that hold up under follow-up questions.
XZ Utils Backdoor: One Year Retrospective
A year after the XZ Utils backdoor was caught by Andres Freund at Microsoft, what did we fix, what did we ignore, and what still gets packaged into Linux distros?