Safeguard
Tag

third-party-risk

Safeguard articles tagged "third-party-risk" — guides, analysis, and best practices for software supply chain and application security.

54 articles

Industry Analysis

Third-party risk management for OT/ICS vendors in utilities

A step-by-step guide to OT ICS vendor risk management for utilities: assessing, auditing, and monitoring SCADA and industrial control system vendors.

Dec 21, 20259 min read
Incident Analysis

Polyfill.io supply chain attack

How a domain sale turned a trusted CDN into a malware vector for 100,000+ sites — and what the polyfill.io incident teaches defenders about third-party script risk.

Nov 8, 20257 min read
Industry Analysis

Unsafe Consumption of Third-Party APIs

Third-party APIs get trusted more than user input ever would — and attackers know it. Real breaches from Polyfill.io to 3CX show why that trust is misplaced.

Nov 6, 20257 min read
Software Supply Chain Security

Best software supply chain risk scoring and rating platforms

A practical, no-hype guide to choosing software supply chain risk scoring platforms — evaluation criteria plus a fair roundup of six real vendors, strengths and limitations included.

Nov 5, 20258 min read
Incident Analysis

Western Sydney University 2025 Breach: Third-Party Cloud Misconfiguration

From June to September 2025 an attacker quietly accessed a third-party cloud system linked to Western Sydney University and exfiltrated data on 10,000 students. We unpack the supply-chain anatomy.

Nov 4, 20257 min read
Application Security

What OpenAI and Anthropic Ecosystem Partnerships Signal A...

OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.

Jul 15, 20258 min read
Governance

Writing a Deprecation Policy for Third-Party Components

End-of-life libraries leave codebases only when something forces them out. A written component deprecation policy with triggers, timelines, and CI gates does the forcing on your schedule, not an attacker's.

Jun 24, 20255 min read
Incident Analysis

PowerSchool Breach: 62M Students, $2.85M Ransom, Cascading Extortion

PowerSchool's December 2024 breach exposed data on roughly 62M students and 9.5M teachers through a compromised support-portal credential and triggered downstream extortion of school districts months later.

Mar 12, 20256 min read
Incident Analysis

UnitedHealth Change Healthcare: 190 Million Update and the Long Tail

In January 2025 UnitedHealth revised the Change Healthcare breach count to 190 million people, the largest HIPAA breach in US history. We unpack what changed and the supply-chain lessons that still apply.

Feb 4, 20257 min read
Product

Managing Third-Party Software Risk With Safeguard TPRM

Your vendors' software is your risk. Safeguard TPRM gives you continuous visibility into the supply chain security posture of every third-party product you depend on.

Apr 15, 20247 min read
Incident Analysis

Sisense Data Breach: When Your Analytics Platform Becomes the Threat

CISA issued a rare advisory urging Sisense customers to reset credentials after attackers compromised the business intelligence platform, potentially accessing customer data across thousands of organizations.

Apr 15, 20245 min read
Risk Management

Building a Software Vendor Security Scorecard

Not all vendors are equal when it comes to security. Here is how to build a scorecard that objectively evaluates vendor security practices and informs procurement decisions.

Feb 28, 20246 min read
third-party-risk (Page 4) — Safeguard Blog