Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Industry Insights

Law firm software supply chain risk in 2026

Why the legal sector's reliance on Relativity, iManage, NetDocuments, and a long tail of practice-management vendors creates a supply chain attack surface that ABA Formal Opinion 483 makes a duty to address.

May 12, 20267 min read
Cloud Security

AWS Lambda Layers as a supply chain trust surface in 2026

Lambda Layers feel like a packaging convenience, but org-shared and public layers carry code that runs with your function's IAM role. Here is the 2026 control set.

May 12, 20267 min read
Supply Chain Attacks

Chrome extension marketplace hijack: the acquired-and-weaponized pattern

Legitimate Chrome extensions keep getting acquired and turned malicious, and content_scripts give the new owner code execution inside every user's browser session. Here is why the pattern keeps working in 2026 and what defenders can do about it.

May 12, 20269 min read
AI Security

MCP tool poisoning: hidden instructions and rug-pulled tool definitions

Tool-poisoning attacks against Model Context Protocol servers hide adversarial instructions inside tool descriptions and silently mutate tool definitions after install. Here is how the attack works and how to defend against it.

May 12, 20268 min read
Compliance

SEC cyber-incident 8-K disclosure and the software supply chain in 2026

The SEC's Item 1.05 8-K rule has been live since December 2023, and supply-chain incidents are now the most common trigger for a four-day materiality clock. Here is what programs need to know.

May 12, 20268 min read
Vendor Comparison

Socket.dev vs Phylum: which supply chain risk scanner fits your stack in 2026

How Socket.dev and Phylum compare on behavioral detection, ecosystem coverage, scoring transparency, and the developer ergonomics that decide adoption.

May 12, 20267 min read
Supply Chain Attacks

BMC firmware and the supply chain you forgot you had

Baseboard management controllers run their own operating system below your hypervisor, ship as binary blobs from vendors like AMI and Insyde, and almost never appear in an SBOM. The MegaRAC incidents made that gap impossible to ignore.

May 12, 20268 min read
Industry Analysis

Automotive Supply Chain Cybersecurity Under ISO/SAE 21434 in 2026

OEMs and Tier 1 suppliers have spent four years operationalizing ISO/SAE 21434 and UN R155. Here is what cybersecurity engineering looks like in 2026, and where the supply chain gaps still live.

May 8, 20266 min read
Supply Chain

Software Supply Chain Security Management: Building the Program

Software supply chain security management works as a program, not a tool purchase — it needs SBOM generation, dependency monitoring, and vendor risk scoring wired together with clear ownership.

May 8, 20265 min read
Regulatory Compliance

CISA's CI Fortify (May 2026): Planning Critical Infrastructure for Cyber Isolation and Recovery

On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.

May 7, 202611 min read
Compliance

EO 14144 to EO 14306: How the Federal Software Mandate Evolved

EO 14144 set ambitious supply chain rules for federal software in January 2025. EO 14306 in June reshaped them. Here is what survived, what changed, and what to plan for.

May 6, 20266 min read
DevSecOps

Argo CD Image Updater Security Considerations in 2026

How Argo CD Image Updater works, the security tradeoffs of automated image promotion, and the configuration patterns that prevent supply chain incidents.

May 6, 20266 min read
supply-chain (Page 7) — Safeguard Blog