Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (23)AI Security (384)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Supply Chain Attacks (54)Threat Intelligence (47)SBOM (41)Product (35)Tools (32)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Infrastructure Security

When the Cloud Pulls the Plug: The GCP Account Suspension That Took Railway Down (May 19, 2026)

On May 19, 2026, Google Cloud automatically suspended Railway's production account, taking down a platform fronting roughly 10 million services for about eight hours. The root cause was not a breach but a control-plane dependency and a provider action with no human in the loop.

May 21, 202613 min read
Infrastructure Security

When DNSSEC Goes Wrong: The .de TLD Signing Failure That Took Down German Domains (May 5, 2026)

On May 5, 2026, DENIC published unvalidatable DNSSEC signatures for the .de zone after a deployment defect made its signer generate three key pairs instead of one. Validating resolvers worldwide, including Cloudflare's 1.1.1.1, were forced to return SERVFAIL.

May 7, 202613 min read
Infrastructure Security

Iran-Linked Actors Are Disrupting U.S. Water and Energy PLCs: Inside CISA/FBI Advisory AA26-097A (2026)

A joint FBI, CISA, NSA, EPA, DOE and Cyber Command advisory (AA26-097A, April 2026) warns that Iranian-affiliated actors are now causing operational disruption to internet-exposed PLCs across U.S. water, energy, and government facilities. Through May 2026 it is the defining OT threat. We unpack the campaign and the defense.

May 6, 202612 min read
Infrastructure Security

Message Queue Security: Hardening Kafka, RabbitMQ, and Event Brokers

Message queues are the nervous system of modern architectures. A compromised broker can intercept, modify, or inject messages across your entire system. Here is how to lock them down.

May 25, 20245 min read
Infrastructure Security

Envoy Proxy Security Hardening for Production Deployments

Envoy powers service meshes and API gateways across the industry. Its default configuration prioritizes connectivity over security. Here is how to fix that.

Apr 12, 20244 min read
Infrastructure Security

Software Updates in Air-Gapped Environments: Security Without Connectivity

Air-gapped environments protect critical infrastructure by eliminating network connectivity. But software still needs updates. Bridging this gap without introducing the risks you isolated against is the challenge.

Feb 8, 20245 min read
Infrastructure Security

Puppet Forge Supply Chain Security: Trusting Your Configuration Management

Puppet modules from the Forge run with root-level access on your servers. The supply chain security of these modules deserves the same scrutiny as any dependency.

Dec 12, 20235 min read
Infrastructure Security

Apache Web Server Hardening Guide for Production Environments

Apache httpd still serves millions of websites. Its default configuration exposes information, accepts weak TLS, and enables features you probably do not need.

Nov 12, 20234 min read
Infrastructure Security

Pulumi and Crossplane Security: IaC Beyond Terraform

Security considerations for Pulumi and Crossplane as infrastructure-as-code alternatives, including unique risks and hardening strategies.

Nov 5, 20237 min read
Page 1 of 3

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights