third-party-risk
Safeguard articles tagged "third-party-risk" — guides, analysis, and best practices for software supply chain and application security.
54 articles
Bank of America Breach via Infosys McCamish Exposes 57,000 Customers
In February 2024, Bank of America disclosed that a ransomware attack on its service provider Infosys McCamish Systems had compromised the personal and financial data of over 57,000 customers, highlighting the cascading risk of vendor supply chain attacks.
Dollar Tree Third-Party Breach Impacts Nearly 2 Million Employees
In November 2023, Dollar Tree disclosed that a breach at its third-party service provider Zeroed-In Technologies exposed the personal data of nearly 2 million current and former employees, highlighting the persistent risk of third-party supply chain compromises.
API Security Through the Supply Chain Lens
APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.
Software Escrow and Supply Chain Continuity Planning
What happens when a critical vendor disappears? Software escrow arrangements protect your business continuity, but most organizations get the implementation wrong.
Software Vendor Risk Scoring Methodology
A practical framework for scoring and ranking software vendor risk based on supply chain security posture, vulnerability history, and development practices.
Third-Party Risk Management for Software Vendors: Beyond the Questionnaire
Security questionnaires are still how most organizations evaluate vendor risk. They're also still mostly useless. Here's what actually works.