supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Codecov Bash Uploader Compromise: A Retrospective
A single altered line in Codecov's Bash Uploader leaked CI secrets for 69 days across thousands of repos. Here is what actually happened and why.
SunBurst: A Supply Chain Attack Evolution Study
The SolarWinds SunBurst campaign rewrote the supply chain threat model. Five years of research reveal what changed and what defenders still miss.
CCleaner 2017: Anatomy of a Quiet Supply Chain Hit
The CCleaner backdoor of 2017 was among the first modern build-system compromises to achieve mass distribution through a trusted installer.
M.E.Doc and NotPetya: The Origin Story
The forensic detail of how M.E.Doc's update server became the delivery mechanism for NotPetya, and what it means for small-vendor risk.
NotPetya's Origin: A Supply Chain Story From Ukraine
NotPetya is remembered as ransomware. It was not. It was a supply chain wiper that detonated through Ukrainian tax software in June 2017.