Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
As AI models become critical software components, the need for AI-specific SBOMs and model cards grows urgent. How the industry is extending supply chain transparency to machine learning pipelines.
Mozilla and Google expanded cargo-vet's shared audit pool to 14,000 crates in Q1 2025. Here's how to adopt it without drowning in imports.
An analysis of the state of open-source security in 2025. Critical infrastructure runs on projects maintained by small, often unpaid teams. Here is what the data shows and why it matters.
AI agents that can execute code, browse the web, and manage infrastructure are proliferating. The security implications of these autonomous frameworks demand scrutiny.
Defend against Go module substitution attacks with GOPROXY, GOSUMDB, vendor verification, and checksum database monitoring — complete with working examples.
Anthropic's Model Context Protocol standardizes how AI models interact with external tools. The security implications for software supply chains are significant.
Cython-built Python extensions ship as platform-specific binaries with a build toolchain behind them. That introduces supply chain surface most teams have not mapped.
AI coding assistants are generating millions of lines of production code. But they also introduce dependency hallucinations, insecure patterns, and supply chain risks that security teams need to address.
How attackers chain low and medium severity flaws across dependencies to reach critical impact, and why supply chain context changes triage priorities.
Weekly insights on software supply chain security, delivered to your inbox.