Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

AI Security

Deepfakes and Social Engineering: The Human Layer of Supply Chain Attacks

AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.

May 20, 20245 min read
Open Source Security

.NET Supply Chain Audit Patterns

Auditing a .NET supply chain is a different exercise than auditing a JavaScript one, and the patterns that actually find problems are specific to how the ecosystem works.

May 18, 20246 min read
DevSecOps

Pants Build Tool Security Posture

A practitioner's view of the Pants build system's security properties, covering sandboxing, third-party resolution, and the Pants 2.x architecture.

May 18, 20247 min read
Open Source Security

Managing Python Package Namespace Conflicts

Python's flat namespace creates real security problems. Here is how namespace packages, shadowing, and install order interact, and how to avoid the surprises.

May 18, 20246 min read
Open Source Security

Rust no_std Supply Chain Considerations

Writing Rust for embedded or kernel targets drops you into no_std territory, and the supply chain rules are different there. A practical look at what changes and why.

May 15, 20247 min read
SBOM

SBOM for EdTech Platforms: Protecting Student Data Through Supply Chain Transparency

EdTech platforms handle some of the most sensitive data — children's information. FERPA, COPPA, and state student privacy laws demand supply chain visibility that most EdTech companies lack.

May 15, 20246 min read
Open Source Security

Kotlin Multiplatform Supply Chain Risks

Kotlin Multiplatform ships one codebase to JVM, iOS, Android, JS, and native targets. The supply chain surface expands in specific ways worth tracking.

May 12, 20246 min read
Security Operations

Disaster Recovery for Supply Chain Security Incidents

When a critical dependency is compromised, your disaster recovery plan determines whether you recover in hours or weeks. Most DR plans do not cover this scenario.

May 12, 20246 min read
Industry Analysis

APT29 Cozy Bear: Supply Chain Tradecraft

How Russia's SVR-linked APT29 quietly industrialized supply chain compromise from SolarWinds to TeamCity and JetBrains tooling.

May 10, 20246 min read
DevSecOps

AWS CodeBuild Supply Chain Hardening Guide

CodeBuild projects are where most AWS supply chain compromises end up executing. Here is a practical hardening guide built from years of incident response, with specific buildspec controls and IAM patterns.

May 10, 20247 min read
Risk Management

Quantifying Digital Supply Chain Risk

Security teams struggle to express supply chain risk in business terms. This guide covers frameworks and methods for quantifying dependency risk in ways that boards and executives actually understand.

May 8, 20248 min read
Software Supply Chain Security

Homebrew Cask Security Verification: What Gets Checked Before Installation

Homebrew Cask installs macOS applications from the command line. Here is what security verification happens (and what does not) before software lands on your Mac.

May 8, 20245 min read
supply-chain (Page 40) — Safeguard Blog