Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Regulators across three continents are converging on a single demand: show where your training data came from. The engineering implications are larger than most labs have admitted.
Prompt injection has evolved from demonstration exploits into a category of attack that runs continuously against production AI systems. Here is what changed in 2026.
From AI-generated SBOMs to regulatory enforcement and the death of CVSS-only triage, here is what the software security landscape will look like in 2026.
The 2025 annual SSCS report lands into a changed landscape. Key findings, trend lines, and what the numbers actually imply for 2026 planning.
From the CVE program funding crisis to the rise of AI-targeted supply chain attacks, 2025 reshaped the software security landscape. A comprehensive look at the year's defining events and trends.
A data-led look at software supply chain attacks in Q3 2025: npm maintainer phishing, VS Code extension abuse, and a quiet shift toward CI/CD targeting.
A look back at vulnerability disclosure in 2024: counts, severity distribution, time-to-patch, and the handful of incidents that shifted practice. Numbers, not narrative.
From the MOVEit mass exploitation to AI model risks, 2023 proved that supply chain attacks are accelerating in both sophistication and scale. Here's what we learned.
By mid-2022, supply chain attacks had surged 742% over the previous three years. Here's the data, the trends, and what defenders need to know.
Weekly insights on software supply chain security, delivered to your inbox.