Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Application Security

React Native Security Considerations for Mobile Supply Chains

React Native introduces unique security challenges at the intersection of JavaScript and native mobile code. Understanding these risks is essential for securing cross-platform mobile applications.

Nov 5, 20237 min read
Software Supply Chain Security

RubyGems Yanked Gems: Security Risks of Removed Ruby Packages

When a Ruby gem is yanked from RubyGems.org, it creates security risks for projects that depended on it. Understanding the yanking mechanism is critical for Ruby supply chain security.

Nov 5, 20235 min read
Risk Management

Building a Software Supply Chain Risk Register

A risk register is the backbone of supply chain risk management. Here is a practical template for identifying, scoring, tracking, and mitigating software supply chain risks.

Oct 28, 20237 min read
Emerging Technology

Confidential Computing: A New Trust Model for Software Supply Chains

Confidential computing protects data in use through hardware-based enclaves. It could fundamentally change how we think about supply chain trust.

Oct 22, 20235 min read
Regional Security

Southeast Asia's Software Supply Chain Security Gap

Southeast Asia's booming tech sector is building fast but securing slowly. Supply chain attacks targeting the region are increasing, and most organizations lack basic visibility into their dependencies.

Oct 22, 20235 min read
SBOM

SBOMs for Embedded Systems: Firmware Transparency

Embedded devices run for decades and rarely get patched. SBOMs bring transparency to firmware that the IoT industry desperately needs.

Oct 18, 20236 min read
Incident Response

Incident Response Tabletop Exercises: A Practical Guide for Supply Chain Scenarios

Your incident response plan is untested until people have walked through it under pressure. Here is how to design and run tabletop exercises that actually prepare your team for supply chain compromises.

Oct 12, 20235 min read
Supply Chain Security

Package Registry Mirroring: Security Benefits and Hidden Risks

Mirroring npm, PyPI, or Maven Central locally reduces dependency on external infrastructure. But mirrors introduce their own security considerations that most teams overlook.

Oct 8, 20235 min read
Open Source Security

Python setuptools Security Considerations

setuptools is the default Python packaging backend and its security properties matter for anyone who builds, installs, or runs Python code. Here is what to watch.

Oct 5, 20237 min read
Network Security

Zero Trust for Developer Workstations: Rethinking Endpoint Security

Developer workstations have elevated access to source code, build systems, and deployment pipelines. Zero Trust principles applied to these endpoints significantly reduce supply chain attack surface.

Oct 5, 20235 min read
AI Security

AI Hallucinations Meet Package Confusion: A New Class of Supply Chain Attack

When LLMs hallucinate package names that don't exist, attackers can register them. This supply chain attack vector is already being exploited in the wild.

Sep 20, 20235 min read
SBOM

SBOM for the Gaming Industry: Why Game Studios Need Software Transparency

Game studios ship millions of lines of code with complex dependency chains across engines, middleware, and third-party SDKs. SBOMs are not just a compliance tool — they are an operational necessity.

Sep 20, 20235 min read
supply-chain (Page 49) — Safeguard Blog