Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Web Security

CDN Poisoning Attacks: How Cached Content Becomes a Weapon

CDN cache poisoning turns your performance infrastructure into an attack vector. When the cache serves malicious content to every user, the blast radius is massive and immediate.

Feb 12, 20236 min read
SBOM

SBOMs for Serverless Applications: What Changes and What Doesn't

Serverless doesn't mean dependency-free. Here's how to generate and manage SBOMs for Lambda functions, Azure Functions, and Cloud Functions.

Feb 12, 20236 min read
AI Security

Securing AI/ML Pipelines: The Supply Chain You're Not Watching

AI/ML pipelines introduce unique supply chain risks from training data to model distribution. Most organizations have zero visibility into this attack surface.

Jan 20, 20236 min read
Software Supply Chain Security

Symlink Attacks in Package Managers: Following Links to Trouble

Symbolic links in package archives can redirect file operations to unintended locations. Here is how this old trick still works against modern tools.

Jan 8, 20234 min read
Security Strategy

Vendor Concentration Risk in Software: When One Vendor Failure Breaks Everything

Depending on too few vendors creates systemic risk. The CrowdStrike outage proved it. Here is how to assess and manage vendor concentration in your software stack.

Jan 8, 20234 min read
Supply Chain Attacks

Software Supply Chain Security in 2022: The Year Everything Changed

From LastPass to Log4j's aftermath to new regulations, 2022 was the year supply chain security went from niche concern to board-level priority.

Dec 20, 20227 min read
Risk Management

Software Vendor Risk Scoring Methodology

A practical framework for scoring and ranking software vendor risk based on supply chain security posture, vulnerability history, and development practices.

Dec 18, 20227 min read
Risk Management

Single Points of Failure in Software Supply Chains

Your software supply chain has single points of failure that would take down your entire operation. Most organizations have never mapped them.

Dec 12, 20225 min read
Software Supply Chain Security

Cargo Build Script Security: What build.rs Can Do to Your Machine

Rust build scripts run arbitrary code during compilation. Here is what they can access and how to evaluate the risk in your dependency tree.

Dec 8, 20224 min read
Vulnerability Analysis

GitHub Code Signing Bypass: When the Trust Anchor Fails

A vulnerability in GitHub's commit signature verification allowed attackers to forge signed commits. The flaw undermined the integrity guarantees that code signing is supposed to provide.

Dec 5, 20226 min read
Emerging Technology

5G Networks and the Software Supply Chain Risks Nobody Talks About

5G networks are software-defined infrastructure built on open-source components. The supply chain implications are enormous and under-discussed.

Nov 25, 20226 min read
Offensive Security

Penetration Testing the Software Supply Chain

Traditional pentests focus on the application. Supply chain pentesting targets the build pipeline, dependency resolution, and distribution mechanisms. Here is how to approach it.

Nov 22, 20227 min read
supply-chain (Page 56) — Safeguard Blog