Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Career Development

CISSP, CEH, OSCP: How Security Certifications Address Supply Chain Risks

Major security certifications are updating their content to cover supply chain threats. Here is what CISSP, CEH, and OSCP teach about supply chain security — and what they miss.

Jun 8, 20235 min read
AI Security

ChatGPT Plugins and the New Plugin Supply Chain Attack Surface

AI plugins connect LLMs to external services, creating a supply chain of trust that most users never examine. The risks are significant.

Jun 5, 20235 min read
Software Supply Chain Security

npm Install Script Security: The Code That Runs Before Your Code

npm install scripts execute arbitrary code during package installation. They are the most exploited vector in JavaScript supply chain attacks.

Jun 2, 20234 min read
How-To Guide

Securing Your Private Package Registry

Private package registries are high-value targets for supply chain attackers. Here is how to lock them down, from access controls to dependency confusion prevention.

May 30, 20236 min read
AppSec

The Security Implications of Package Bundlers

Bundlers transform your code and dependencies into production artifacts. The security implications of this transformation are significant and widely overlooked.

May 28, 20236 min read
Industry Guides

Legal Tech Software Security and Compliance Considerations

Law firms and legal tech companies handle privileged data through increasingly complex software. Here's how to manage the software supply chain risk.

May 25, 20237 min read
Compliance

HIPAA and Software Supply Chain Compliance for Health Tech

HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.

May 25, 20236 min read
Cloud Security

Serverless Security: Supply Chain Risks in Lambda, Cloud Functions, and Azure Functions

Serverless architectures shift the attack surface from infrastructure to application dependencies. This guide covers the unique supply chain risks of serverless and how to address them.

May 18, 20237 min read
Industry Trends

Low-Code/No-Code Platforms: The Shadow Supply Chain in Your Organization

Citizen developers are building applications on low-code platforms faster than security teams can assess them. The supply chain risks are real and growing.

May 15, 20235 min read
Software Supply Chain Security

Malware Analysis Techniques for Suspicious npm Packages

When an npm package looks suspicious, you need a systematic approach to determine if it is malicious. These analysis techniques separate noise from genuine threats.

May 15, 20236 min read
Application Security

Subresource Integrity Failures: When CDN Trust Goes Wrong

SRI protects against CDN compromises and supply chain attacks on client-side scripts. Most web applications do not use it. Here is what they are missing.

May 12, 20235 min read
Developer Security

Elixir and Hex Package Security: Protecting the BEAM Ecosystem

Elixir's Hex package manager serves a smaller but growing ecosystem. Smaller does not mean safer — here is what Elixir teams need to know about dependency security.

May 10, 20235 min read
supply-chain (Page 53) — Safeguard Blog