supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
React Native Security Considerations for Mobile Supply Chains
React Native introduces unique security challenges at the intersection of JavaScript and native mobile code. Understanding these risks is essential for securing cross-platform mobile applications.
RubyGems Yanked Gems: Security Risks of Removed Ruby Packages
When a Ruby gem is yanked from RubyGems.org, it creates security risks for projects that depended on it. Understanding the yanking mechanism is critical for Ruby supply chain security.
Building a Software Supply Chain Risk Register
A risk register is the backbone of supply chain risk management. Here is a practical template for identifying, scoring, tracking, and mitigating software supply chain risks.
Confidential Computing: A New Trust Model for Software Supply Chains
Confidential computing protects data in use through hardware-based enclaves. It could fundamentally change how we think about supply chain trust.
Southeast Asia's Software Supply Chain Security Gap
Southeast Asia's booming tech sector is building fast but securing slowly. Supply chain attacks targeting the region are increasing, and most organizations lack basic visibility into their dependencies.
SBOMs for Embedded Systems: Firmware Transparency
Embedded devices run for decades and rarely get patched. SBOMs bring transparency to firmware that the IoT industry desperately needs.
Incident Response Tabletop Exercises: A Practical Guide for Supply Chain Scenarios
Your incident response plan is untested until people have walked through it under pressure. Here is how to design and run tabletop exercises that actually prepare your team for supply chain compromises.
Package Registry Mirroring: Security Benefits and Hidden Risks
Mirroring npm, PyPI, or Maven Central locally reduces dependency on external infrastructure. But mirrors introduce their own security considerations that most teams overlook.
Python setuptools Security Considerations
setuptools is the default Python packaging backend and its security properties matter for anyone who builds, installs, or runs Python code. Here is what to watch.
Zero Trust for Developer Workstations: Rethinking Endpoint Security
Developer workstations have elevated access to source code, build systems, and deployment pipelines. Zero Trust principles applied to these endpoints significantly reduce supply chain attack surface.
AI Hallucinations Meet Package Confusion: A New Class of Supply Chain Attack
When LLMs hallucinate package names that don't exist, attackers can register them. This supply chain attack vector is already being exploited in the wild.
SBOM for the Gaming Industry: Why Game Studios Need Software Transparency
Game studios ship millions of lines of code with complex dependency chains across engines, middleware, and third-party SDKs. SBOMs are not just a compliance tool — they are an operational necessity.