supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Africa's Digital Transformation: Security Challenges at Scale
Africa is leapfrogging traditional IT infrastructure with mobile-first, cloud-native solutions. But the cybersecurity foundations are lagging dangerously behind the pace of adoption.
Terraform Provider Verification: Securing Your Infrastructure as Code Supply Chain
Terraform providers are plugins that execute with full access to your infrastructure credentials. Verifying their integrity is not optional.
LLM Prompt Injection: The New Supply Chain Attack Vector
Prompt injection attacks against large language models represent a dangerous new frontier in software supply chain security. Here's what defenders need to know.
Internal Package Naming Best Practices to Prevent Dependency Confusion
The wrong naming convention for internal packages makes dependency confusion attacks trivial. Here is how to name packages so attackers cannot substitute them.
Game Day Exercises for Supply Chain Incidents: Practicing Before the Real Thing
Game day exercises simulate supply chain attacks and failures, testing your team's response procedures before a real incident hits. Here is how to plan and run effective supply chain game days.
Pharmaceutical Software Validation and Supply Chain Security
Pharma companies must validate software used in drug manufacturing and clinical trials. Software supply chain security is now part of that equation.
npm Tightens Unpublish Rules: What It Means for Supply Chain Security
npm's updated unpublish policy addresses the left-pad problem while balancing maintainer rights, but the supply chain implications go deeper than most realize.
Golang Module Security and Verification
Securing your Go module supply chain with checksum databases, GOPROXY, and vendor directories.
Security Challenges in Polyglot Repositories
Repositories containing multiple programming languages multiply the security tooling, configuration, and expertise required. These challenges are manageable with the right approach.
WebAssembly Security: New Capabilities, New Supply Chain Questions
WebAssembly is expanding beyond the browser into server-side and edge workloads. The security model and supply chain implications deserve closer scrutiny.
Supply Chain Risk Scoring Algorithms: How They Work and Where They Fail
Risk scoring turns complex supply chain data into actionable numbers. But the algorithms behind these scores have assumptions and blind spots that security teams must understand.
Aerospace and Defense Software Supply Chain Security
Aerospace and defense organizations face nation-state threats targeting software supply chains. Here's how to build resilience in high-assurance environments.