Risk Management
Single Points of Failure in Software Supply Chains
Your software supply chain has single points of failure that would take down your entire operation. Most organizations have never mapped them.
Dec 12, 20225 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Your software supply chain has single points of failure that would take down your entire operation. Most organizations have never mapped them.
Rust build scripts run arbitrary code during compilation. Here is what they can access and how to evaluate the risk in your dependency tree.
Burned-out maintainers abandon projects, accept risky PRs without review, and hand off keys to strangers. The burnout crisis is a supply chain security crisis.
Rust promises memory safety without garbage collection. Here is an honest look at where adoption stands and what it means for supply chain security.
When a supply chain compromise is confirmed or suspected, forensic investigation must trace the attack path through dependencies, build systems, and artifacts. This guide covers the methodology.
Signed updates are table stakes for software distribution. But the signing and verification process has pitfalls that undermine the entire security model.
Attackers impersonate legitimate organizations on package registries through name squatting, logo theft, and metadata manipulation. Here is how to protect your brand and your users.
Python's package registry has no namespace protection. Attackers exploit this with typosquatting, namespace confusion, and abandoned name reclamation. Here is how to protect your Python supply chain.
Makefiles execute shell commands by design. When those commands incorporate untrusted input, the results are predictably dangerous.
Weekly insights on software supply chain security, delivered to your inbox.