supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Startup Security Budget Allocation: Where to Spend First
Startups can't afford to do everything at once. Here's how to allocate your security budget for maximum impact, including software supply chain basics.
The Open Source Maintainer Burnout Crisis and Its Security Consequences
Burned-out maintainers abandon projects, accept risky PRs without review, and hand off keys to strangers. The burnout crisis is a supply chain security crisis.
Rust Adoption in Security-Critical Software: Where We Stand
Rust promises memory safety without garbage collection. Here is an honest look at where adoption stands and what it means for supply chain security.
Software Supply Chain Forensics: Investigation Techniques After a Compromise
When a supply chain compromise is confirmed or suspected, forensic investigation must trace the attack path through dependencies, build systems, and artifacts. This guide covers the methodology.
Software Update Signing and Verification: Getting It Right
Signed updates are table stakes for software distribution. But the signing and verification process has pitfalls that undermine the entire security model.
Brand Protection on Package Registries: Defending Your Namespace
Attackers impersonate legitimate organizations on package registries through name squatting, logo theft, and metadata manipulation. Here is how to protect your brand and your users.
PyPI Namespace Squatting: How Attackers Exploit Python's Flat Package Namespace
Python's package registry has no namespace protection. Attackers exploit this with typosquatting, namespace confusion, and abandoned name reclamation. Here is how to protect your Python supply chain.
Browser Extension Permission Models and Supply Chain Risk
Browser extensions operate with broad permissions and auto-update silently. Here is how the extension permission model creates supply chain risks and what organizations can do about it.
Browser Extension Attacks and the Supply Chain
Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.
Makefile Injection Attacks: When Build Automation Becomes a Weapon
Makefiles execute shell commands by design. When those commands incorporate untrusted input, the results are predictably dangerous.
Real Estate and PropTech Security Considerations
PropTech platforms handle wire transfers, personal data, and property records. Software supply chain security is essential as real estate goes digital.
Build Reproducibility: A Verification Guide
If you cannot reproduce a build bit-for-bit, you cannot verify it was not tampered with. This guide covers deterministic builds, reproducibility verification, and why it matters for supply chain trust.