supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Law firm software supply chain risk in 2026
Why the legal sector's reliance on Relativity, iManage, NetDocuments, and a long tail of practice-management vendors creates a supply chain attack surface that ABA Formal Opinion 483 makes a duty to address.
AWS Lambda Layers as a supply chain trust surface in 2026
Lambda Layers feel like a packaging convenience, but org-shared and public layers carry code that runs with your function's IAM role. Here is the 2026 control set.
Chrome extension marketplace hijack: the acquired-and-weaponized pattern
Legitimate Chrome extensions keep getting acquired and turned malicious, and content_scripts give the new owner code execution inside every user's browser session. Here is why the pattern keeps working in 2026 and what defenders can do about it.
MCP tool poisoning: hidden instructions and rug-pulled tool definitions
Tool-poisoning attacks against Model Context Protocol servers hide adversarial instructions inside tool descriptions and silently mutate tool definitions after install. Here is how the attack works and how to defend against it.
SEC cyber-incident 8-K disclosure and the software supply chain in 2026
The SEC's Item 1.05 8-K rule has been live since December 2023, and supply-chain incidents are now the most common trigger for a four-day materiality clock. Here is what programs need to know.
Socket.dev vs Phylum: which supply chain risk scanner fits your stack in 2026
How Socket.dev and Phylum compare on behavioral detection, ecosystem coverage, scoring transparency, and the developer ergonomics that decide adoption.
BMC firmware and the supply chain you forgot you had
Baseboard management controllers run their own operating system below your hypervisor, ship as binary blobs from vendors like AMI and Insyde, and almost never appear in an SBOM. The MegaRAC incidents made that gap impossible to ignore.
Automotive Supply Chain Cybersecurity Under ISO/SAE 21434 in 2026
OEMs and Tier 1 suppliers have spent four years operationalizing ISO/SAE 21434 and UN R155. Here is what cybersecurity engineering looks like in 2026, and where the supply chain gaps still live.
Software Supply Chain Security Management: Building the Program
Software supply chain security management works as a program, not a tool purchase — it needs SBOM generation, dependency monitoring, and vendor risk scoring wired together with clear ownership.
CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery
On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.
EO 14144 to EO 14306: How the Federal Software Mandate Evolved
EO 14144 set ambitious supply chain rules for federal software in January 2025. EO 14306 in June reshaped them. Here is what survived, what changed, and what to plan for.
Argo CD Image Updater Security Considerations in 2026
How Argo CD Image Updater works, the security tradeoffs of automated image promotion, and the configuration patterns that prevent supply chain incidents.