Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Tokio is the async runtime underneath most production Rust. A supply chain review of Tokio and the crates that orbit it — dependencies, CVE history, and what changes across versions.
A look at how crates.io handles authentication, yanking, namespace squatting, and the supply chain risks that remain in mid-2024.
Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.
Writing Rust for embedded or kernel targets drops you into no_std territory, and the supply chain rules are different there. A practical look at what changes and why.
A practical head-to-head between cargo-audit 0.21 and cargo-deny 0.16 based on six months of running both in production CI pipelines.
Why build.rs is the highest-leverage attack surface in the Rust ecosystem, with concrete examples from 2023 and 2024 incidents.
CISA publishes a roadmap urging the industry to transition to memory-safe programming languages, targeting the root cause of roughly 70% of critical vulnerabilities.
How to secure your Rust supply chain with Cargo.lock, crate auditing, and build script controls.
How Cloudflare secures the software supply chain for infrastructure that sits between the internet and millions of websites, with lessons on Rust adoption and edge computing security.
Weekly insights on software supply chain security, delivered to your inbox.