supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Deepfakes and Social Engineering: The Human Layer of Supply Chain Attacks
AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.
.NET Supply Chain Audit Patterns
Auditing a .NET supply chain is a different exercise than auditing a JavaScript one, and the patterns that actually find problems are specific to how the ecosystem works.
Pants Build Tool Security Posture
A practitioner's view of the Pants build system's security properties, covering sandboxing, third-party resolution, and the Pants 2.x architecture.
Managing Python Package Namespace Conflicts
Python's flat namespace creates real security problems. Here is how namespace packages, shadowing, and install order interact, and how to avoid the surprises.
Rust no_std Supply Chain Considerations
Writing Rust for embedded or kernel targets drops you into no_std territory, and the supply chain rules are different there. A practical look at what changes and why.
SBOM for EdTech Platforms: Protecting Student Data Through Supply Chain Transparency
EdTech platforms handle some of the most sensitive data — children's information. FERPA, COPPA, and state student privacy laws demand supply chain visibility that most EdTech companies lack.
Kotlin Multiplatform Supply Chain Risks
Kotlin Multiplatform ships one codebase to JVM, iOS, Android, JS, and native targets. The supply chain surface expands in specific ways worth tracking.
Disaster Recovery for Supply Chain Security Incidents
When a critical dependency is compromised, your disaster recovery plan determines whether you recover in hours or weeks. Most DR plans do not cover this scenario.
APT29 Cozy Bear: Supply Chain Tradecraft
How Russia's SVR-linked APT29 quietly industrialized supply chain compromise from SolarWinds to TeamCity and JetBrains tooling.
AWS CodeBuild Supply Chain Hardening Guide
CodeBuild projects are where most AWS supply chain compromises end up executing. Here is a practical hardening guide built from years of incident response, with specific buildspec controls and IAM patterns.
Quantifying Digital Supply Chain Risk
Security teams struggle to express supply chain risk in business terms. This guide covers frameworks and methods for quantifying dependency risk in ways that boards and executives actually understand.
Homebrew Cask Security Verification: What Gets Checked Before Installation
Homebrew Cask installs macOS applications from the command line. Here is what security verification happens (and what does not) before software lands on your Mac.