Best Practices
Crypto Exchange Supply Chain Hardening
Crypto exchanges are the highest-value software supply chain targets on the internet. A hardening playbook drawn from Lazarus, Ronin, and 3CX.
Nov 28, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Crypto exchanges are the highest-value software supply chain targets on the internet. A hardening playbook drawn from Lazarus, Ronin, and 3CX.
Differential testing compares the behavior of multiple implementations of the same specification. In supply-chain work, it surfaces bugs that nobody else can see.
Kimsuky has pivoted from diplomats to developers. A look at the tradecraft behind its supply-chain-flavored operations and what engineering orgs should do about it.
The UK NCSC expanded its supply chain guidance in 2023-2024, aligning with the Cyber Security and Resilience Bill and pushing SBOMs, vendor assurance, and provenance controls.
Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.
How modern coverage-guided fuzzing finds real vulnerabilities in open-source dependencies, and how to fold it into a supply-chain security program.
A Chinese company acquired the polyfill.io domain and began injecting malicious code into websites that relied on the CDN, affecting over 100,000 sites. The attack exploited trust in third-party JavaScript.
Insurers underwrite cyber risk while running on the same fragile dependency graphs as everyone else. A look at the industry's software supply chain blind spots.
NERC CIP-013 turned software supply chain into a regulated obligation for the bulk electric system. A practical look at what utilities are actually doing.
Weekly insights on software supply chain security, delivered to your inbox.