Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Industry Insights

State and local government software supply chain in 2026

StateRAMP, election infrastructure, court case management, and the budget-versus-risk gap that defines software supply chain security for state and local agencies.

May 13, 20267 min read
Cloud Security

GCP Cloud Functions and Cloud Run buildpacks: the third-party supply chain in 2026

Buildpack dependency surface plus Cloud Build's default service account creates a blast radius most teams underestimate. Here is what to harden in 2026.

May 13, 20267 min read
Compliance

FTC Section 5 and software security: how 'unfair practices' became a supply chain doctrine

The Federal Trade Commission has spent the last several years building a software-security enforcement theory under Section 5. Drizly, SolarWinds, and Henry Schein each contributed pieces of the framework.

May 13, 20268 min read
Open Source

The bootloader supply chain: what an OS vendor controls versus inherits

Between firmware and the kernel sits a thin layer of code that almost no one audits and almost everyone trusts. Understanding the supply chain behind shim, GRUB, and u-boot is the difference between owning your boot path and renting it.

May 13, 20267 min read
Supply Chain Attacks

VS Code marketplace incident postmortem: what 2023-2024 actually taught us

Between 2023 and 2024 the VS Code Marketplace saw a string of typosquat, hijack, and impersonation incidents that shaped Microsoft's eventual hardening response. This is a composite postmortem of what happened, what changed, and what is still broken in 2026.

May 13, 20268 min read
Cloud Security

Azure Functions extensions as a supply chain entry point in 2026

Binding extensions and isolated worker SDK packages run with the function's managed identity. Here is how to evaluate and gate them in 2026.

May 12, 20267 min read
Vulnerability Management

The CUPS RCE chain: a postmortem of CVE-2024-47176 and friends

The September 2024 CUPS chain (CVE-2024-47176, 47076, 47175, 47177) turned a printer browsing daemon into a remote code execution vector and exposed how badly long-tail Linux daemons get patched.

May 12, 20266 min read
Industry Insights

PropTech software supply chain risk and wire fraud in 2026

MLS integrations, lender APIs, escrow platforms, and the long tail of PropTech vendors all feed into one of the most consequential downstream consequences in any industry: wire fraud at closing.

May 12, 20267 min read
Industry Analysis

FTC Data Broker Rule Supply Chain Implications in 2026

The FTC finalized substantive data broker rules in late 2025 and enforcement is ramping in 2026. The software supply chain implications are broader than they first appear.

May 12, 20266 min read
Compliance

CISA's Secure-by-Design pledge two years in: vendor commitments and procurement effects

CISA's Secure-by-Design pledge launched in April 2024 with seven voluntary goals. Two years later, signatories are publishing progress reports and procurement teams are starting to ask hard questions.

May 12, 20268 min read
Supply Chain Attacks

Firefox add-on supply chain: how Mozilla's posture differs from Chrome's

Mozilla Add-ons applies mandatory signing, a stricter review path for extensions that touch broad permissions, and a separately maintained recommended-extensions program. Here is what that buys defenders in 2026 and where the gaps still are.

May 12, 20268 min read
Application Security

Endor Labs vs Snyk SCA 2026

Endor Labs built its SCA platform around reachability from day one. How does that architectural bet compare to Snyk's incumbent position in 2026?

May 12, 20266 min read
supply-chain (Page 6) — Safeguard Blog