Safeguard
Tag

third-party-risk

Safeguard articles tagged "third-party-risk" — guides, analysis, and best practices for software supply chain and application security.

54 articles

Incident Analysis

Bank of America Breach via Infosys McCamish Exposes 57,000 Customers

In February 2024, Bank of America disclosed that a ransomware attack on its service provider Infosys McCamish Systems had compromised the personal and financial data of over 57,000 customers, highlighting the cascading risk of vendor supply chain attacks.

Feb 12, 20248 min read
Incident Analysis

Dollar Tree Third-Party Breach Impacts Nearly 2 Million Employees

In November 2023, Dollar Tree disclosed that a breach at its third-party service provider Zeroed-In Technologies exposed the personal data of nearly 2 million current and former employees, highlighting the persistent risk of third-party supply chain compromises.

Nov 22, 20237 min read
Application Security

API Security Through the Supply Chain Lens

APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.

Sep 12, 20237 min read
Risk Management

Software Escrow and Supply Chain Continuity Planning

What happens when a critical vendor disappears? Software escrow arrangements protect your business continuity, but most organizations get the implementation wrong.

Apr 12, 20237 min read
Risk Management

Software Vendor Risk Scoring Methodology

A practical framework for scoring and ranking software vendor risk based on supply chain security posture, vulnerability history, and development practices.

Dec 18, 20227 min read
Risk Management

Third-Party Risk Management for Software Vendors: Beyond the Questionnaire

Security questionnaires are still how most organizations evaluate vendor risk. They're also still mostly useless. Here's what actually works.

Sep 8, 20218 min read
third-party-risk (Page 5) — Safeguard Blog