supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
State and local government software supply chain in 2026
StateRAMP, election infrastructure, court case management, and the budget-versus-risk gap that defines software supply chain security for state and local agencies.
GCP Cloud Functions and Cloud Run buildpacks: the third-party supply chain in 2026
Buildpack dependency surface plus Cloud Build's default service account creates a blast radius most teams underestimate. Here is what to harden in 2026.
FTC Section 5 and software security: how 'unfair practices' became a supply chain doctrine
The Federal Trade Commission has spent the last several years building a software-security enforcement theory under Section 5. Drizly, SolarWinds, and Henry Schein each contributed pieces of the framework.
The bootloader supply chain: what an OS vendor controls versus inherits
Between firmware and the kernel sits a thin layer of code that almost no one audits and almost everyone trusts. Understanding the supply chain behind shim, GRUB, and u-boot is the difference between owning your boot path and renting it.
VS Code marketplace incident postmortem: what 2023-2024 actually taught us
Between 2023 and 2024 the VS Code Marketplace saw a string of typosquat, hijack, and impersonation incidents that shaped Microsoft's eventual hardening response. This is a composite postmortem of what happened, what changed, and what is still broken in 2026.
Azure Functions extensions as a supply chain entry point in 2026
Binding extensions and isolated worker SDK packages run with the function's managed identity. Here is how to evaluate and gate them in 2026.
The CUPS RCE chain: a postmortem of CVE-2024-47176 and friends
The September 2024 CUPS chain (CVE-2024-47176, 47076, 47175, 47177) turned a printer browsing daemon into a remote code execution vector and exposed how badly long-tail Linux daemons get patched.
PropTech software supply chain risk and wire fraud in 2026
MLS integrations, lender APIs, escrow platforms, and the long tail of PropTech vendors all feed into one of the most consequential downstream consequences in any industry: wire fraud at closing.
FTC Data Broker Rule Supply Chain Implications in 2026
The FTC finalized substantive data broker rules in late 2025 and enforcement is ramping in 2026. The software supply chain implications are broader than they first appear.
CISA's Secure-by-Design pledge two years in: vendor commitments and procurement effects
CISA's Secure-by-Design pledge launched in April 2024 with seven voluntary goals. Two years later, signatories are publishing progress reports and procurement teams are starting to ask hard questions.
Firefox add-on supply chain: how Mozilla's posture differs from Chrome's
Mozilla Add-ons applies mandatory signing, a stricter review path for extensions that touch broad permissions, and a separately maintained recommended-extensions program. Here is what that buys defenders in 2026 and where the gaps still are.
Endor Labs vs Snyk SCA 2026
Endor Labs built its SCA platform around reachability from day one. How does that architectural bet compare to Snyk's incumbent position in 2026?