supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Fuzz Testing Supply Chain Components: Finding Bugs Before Attackers Do
Fuzz testing discovers crashes, memory corruption, and logic errors by feeding random inputs to software. Applied to supply chain components, it reveals vulnerabilities that code review and static analysis miss.
Mailchimp Social Engineering Breach: How an Employee Hack Compromised Crypto Customers
A social engineering attack on Mailchimp employees gave attackers access to internal tools, which they used to target cryptocurrency companies and their customers in a downstream phishing campaign.
Kubernetes Supply Chain Security: Best Practices for 2022
Kubernetes does not run your code — it runs container images built from layers of dependencies you may not control. Securing the K8s supply chain requires thinking beyond pod security policies.
Conti Ransomware Leaks: What the Internal Files Revealed About Supply Chain Tools
When Conti's internal communications leaked in early 2022, they exposed the operational playbook of a top-tier ransomware gang — including how they targeted supply chains.
SolarWinds Lessons Two Years On: What Actually Changed
Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?
Firmware Supply Chain Security Guide
Firmware runs below the operating system, making it invisible to most security tools. Compromised firmware can persist through OS reinstallation, making supply chain integrity essential.
Rust Crate Supply Chain Security: Lessons from a Growing Ecosystem
As Rust adoption accelerates, its crate ecosystem faces the same supply chain threats that plague npm and PyPI. Here's what the Rust community is doing right — and where gaps remain.
Software Supply Chain Attacks 2021: A Complete Timeline
2021 was the year software supply chain attacks went mainstream. From SolarWinds aftermath to Log4Shell, here's every major incident and what they tell us about the threat landscape.
Vendor Concentration Risk: When Your Entire Stack Depends on One Company
Relying too heavily on a single vendor creates systemic risk that most organizations dramatically underestimate. Here is how to measure and manage it.
BGP Hijacking and Software Distribution Security
BGP hijacking lets attackers reroute internet traffic at the network level, silently intercepting software downloads and updates. This is one of the most powerful yet overlooked supply chain attack vectors.
XcodeGhost Revisited: How a Trojanized IDE Infected Thousands of iOS Apps
XcodeGhost compromised Apple's developer toolchain by distributing a modified Xcode IDE. Years later, the attack remains a textbook example of build-tool supply chain compromise.
The ua-parser-js npm Hijack of October 2021
An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.