supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
ITAR and EAR Export Controls: What Software Teams Need to Know
Export control regulations affect software development more than most teams realize. Here's how ITAR and EAR intersect with software supply chains.
JumpCloud Supply Chain Attack: North Korea's Lazarus Group Strikes Again
How North Korean threat actors compromised JumpCloud's infrastructure to target cryptocurrency firms through a sophisticated supply chain attack in July 2023.
Digital Twins and Supply Chain Security: Securing the Virtual Mirror
Digital twins replicate physical systems in software. When the software supply chain of a digital twin is compromised, the consequences extend to the physical world.
Nonprofit Organization Cybersecurity: A Practical Guide
Nonprofits handle donor data and sensitive beneficiary information with limited budgets. Here's a realistic guide to managing software security on nonprofit resources.
Clop Ransomware and the MOVEit Campaign: Mass Exploitation at Scale
Clop's exploitation of MOVEit Transfer compromised over 2,500 organizations in one campaign, demonstrating a shift from traditional ransomware to mass vulnerability exploitation.
NuGet Package Tampering Detection: Securing the .NET Supply Chain
NuGet packages can be tampered with at multiple points in the supply chain. Here is how to detect and prevent package tampering in your .NET projects.
Starjacking Attacks on Package Registries: Exploiting Repository Trust
Starjacking exploits the trust developers place in GitHub stars and repository metadata. Attackers link malicious packages to popular repositories to appear legitimate. Here is how it works.
Domain Squatting and Package Registry Attacks
Typosquatting and domain squatting in package registries trick developers into installing malicious packages. The attack is trivially easy to execute and remarkably effective.
Microsegmentation for Software Supply Chain Security
Microsegmentation limits lateral movement after a breach. Applied to software supply chains, it contains the blast radius when a dependency, build tool, or vendor is compromised.
Quantum Computing and the Coming Cryptography Crisis in Supply Chains
Quantum computers threaten the cryptographic foundations of software supply chains. The time to prepare is now, not when quantum advantage arrives.
Progress MOVEit: Second Critical Vulnerability Discovered Amid Breach Fallout
While organizations were still reeling from the first MOVEit zero-day, a second critical vulnerability was found — raising questions about the product's security.
DNS Security and Software Distribution: The Foundation Nobody Secures
Every software download, package install, and API call starts with a DNS query. DNS compromise redirects your supply chain at the most fundamental level — and most organizations have no visibility.