Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The NIS2 Directive imposes new cybersecurity obligations across the EU, with specific requirements for supply chain risk management that affect software vendors and their customers.
Q1 2024 brought typosquats, stealer campaigns, and a week-long new-user freeze on PyPI. Here is what the attacks looked like and how to defend.
The supply-chain risks unique to GCP Cloud Functions: dependency resolution at deploy time, buildpack trust, runtime identity, and the audit trail the service does and does not give you.
How to contribute to open-source projects without introducing security vulnerabilities, and how to evaluate the security posture of projects you contribute to.
How Bazel's hermeticity model reduces supply chain risk, with concrete WORKSPACE and MODULE.bazel examples from real migrations.
HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.
Network policies are usually framed as a zero-trust tool. They are also one of the best defenses against a compromised dependency.
PowerShell modules are a supply chain people forget exists, and the trust model is weaker than NuGet's. Here is why that matters.
Poisoned AI models are a supply chain threat that traditional security tools can't detect. Here are the emerging techniques for identifying compromised models.
Weekly insights on software supply chain security, delivered to your inbox.