Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Best Practices

Third-Party Risk Management for Software Vendors

A practical TPRM program for software vendors covering intake, tiering, annual review, SBOM ingestion, and continuous monitoring with staffing ratios and budgets.

May 7, 20246 min read
Best Practices

Developer Workstation Forensics for Supply Chain

Forensic procedures for a developer workstation that may have executed a malicious package, from live triage through full imaging.

May 5, 20246 min read
Emerging Threats

Open Source AI Model Security: The Emerging Threat Landscape

As open source AI models proliferate, their security implications extend far beyond traditional software vulnerabilities. Model poisoning, supply chain tampering, and unsafe deserialization create new attack surfaces.

May 5, 20246 min read
Open Source Security

Spring Dependency Management Supply Chain

Spring Boot's dependency management is the unsung hero of the Java ecosystem, and it is also a supply chain seam worth understanding. Here is how BOMs, starters, and transitive version coercion shape what actually ships.

Apr 30, 20247 min read
Industry Analysis

Chronicle Security Supply Chain Queries

Writing YARA-L detection rules and UDM queries in Google Chronicle (now Security Operations) to catch software supply chain threats at scale.

Apr 30, 20246 min read
Industry Analysis

Critical Infrastructure Software Supply Chain

How the 16 critical infrastructure sectors are absorbing software supply chain obligations under PPD-21, NSM-22, and CISA's emerging frameworks.

Apr 28, 20247 min read
Incident Analysis

Twilio 2022 Incidents: Supply Chain Lessons

Twilio disclosed two social engineering incidents in 2022 that cascaded through its customer base; the supply chain lessons remain relevant for any B2B vendor.

Apr 28, 20246 min read
Compliance & Frameworks

EU NIS2 Directive: What Software Supply Chain Teams Need to Know

The NIS2 Directive imposes new cybersecurity obligations across the EU, with specific requirements for supply chain risk management that affect software vendors and their customers.

Apr 25, 20247 min read
Open Source Security

PyPI Supply Chain Attacks: Q1 2024 Roundup

Q1 2024 brought typosquats, stealer campaigns, and a week-long new-user freeze on PyPI. Here is what the attacks looked like and how to defend.

Apr 22, 20245 min read
Industry Analysis

Conti Ransomware Supply Chain Patterns

Before Conti splintered in 2022, its affiliates turned MSPs, RMM tools, and identity infrastructure into repeatable supply chain attack paths.

Apr 18, 20246 min read
Open Source Security

RubyGems 2FA Enforcement Analysis

A look at how RubyGems.org rolled out mandatory 2FA for high-traffic gem maintainers, what it has caught, and what gaps still remain in the account-compromise defense story.

Apr 18, 20247 min read
SBOM & Compliance

Sigstore Rekor Transparency Log Operations

Rekor is the transparency log behind Sigstore, and understanding its operational model matters more than most teams realise. Here is how we run against it in production.

Apr 18, 20247 min read
supply-chain (Page 41) — Safeguard Blog