third-party-risk
Safeguard articles tagged "third-party-risk" — guides, analysis, and best practices for software supply chain and application security.
54 articles
Third-party risk management for OT/ICS vendors in utilities
A step-by-step guide to OT ICS vendor risk management for utilities: assessing, auditing, and monitoring SCADA and industrial control system vendors.
Polyfill.io supply chain attack
How a domain sale turned a trusted CDN into a malware vector for 100,000+ sites — and what the polyfill.io incident teaches defenders about third-party script risk.
Unsafe Consumption of Third-Party APIs
Third-party APIs get trusted more than user input ever would — and attackers know it. Real breaches from Polyfill.io to 3CX show why that trust is misplaced.
Best software supply chain risk scoring and rating platforms
A practical, no-hype guide to choosing software supply chain risk scoring platforms — evaluation criteria plus a fair roundup of six real vendors, strengths and limitations included.
Western Sydney University 2025 Breach: Third-Party Cloud Misconfiguration
From June to September 2025 an attacker quietly accessed a third-party cloud system linked to Western Sydney University and exfiltrated data on 10,000 students. We unpack the supply-chain anatomy.
What OpenAI and Anthropic Ecosystem Partnerships Signal A...
OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.
Writing a Deprecation Policy for Third-Party Components
End-of-life libraries leave codebases only when something forces them out. A written component deprecation policy with triggers, timelines, and CI gates does the forcing on your schedule, not an attacker's.
PowerSchool Breach: 62M Students, $2.85M Ransom, Cascading Extortion
PowerSchool's December 2024 breach exposed data on roughly 62M students and 9.5M teachers through a compromised support-portal credential and triggered downstream extortion of school districts months later.
UnitedHealth Change Healthcare: 190 Million Update and the Long Tail
In January 2025 UnitedHealth revised the Change Healthcare breach count to 190 million people, the largest HIPAA breach in US history. We unpack what changed and the supply-chain lessons that still apply.
Managing Third-Party Software Risk With Safeguard TPRM
Your vendors' software is your risk. Safeguard TPRM gives you continuous visibility into the supply chain security posture of every third-party product you depend on.
Sisense Data Breach: When Your Analytics Platform Becomes the Threat
CISA issued a rare advisory urging Sisense customers to reset credentials after attackers compromised the business intelligence platform, potentially accessing customer data across thousands of organizations.
Building a Software Vendor Security Scorecard
Not all vendors are equal when it comes to security. Here is how to build a scorecard that objectively evaluates vendor security practices and informs procurement decisions.