Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Hardware travels through dozens of hands before reaching your data center. Understanding and enforcing trust boundaries across the hardware supply chain is essential for building secure systems.
Azure DevOps pipelines present unique supply chain risks from marketplace extensions to service connections. A breakdown of the attack surface and how to harden it.
A social engineering attack on Mailchimp employees gave attackers access to internal tools, which they used to target cryptocurrency companies and their customers in a downstream phishing campaign.
Two years after the SolarWinds SUNBURST compromise, the industry has new frameworks and new vocabulary — but has the build pipeline actually gotten harder to attack?
Firmware runs below the operating system, making it invisible to most security tools. Compromised firmware can persist through OS reinstallation, making supply chain integrity essential.
2021 was the year software supply chain attacks went mainstream. From SolarWinds aftermath to Log4Shell, here's every major incident and what they tell us about the threat landscape.
BGP hijacking lets attackers reroute internet traffic at the network level, silently intercepting software downloads and updates. This is one of the most powerful yet overlooked supply chain attack vectors.
XcodeGhost compromised Apple's developer toolchain by distributing a modified Xcode IDE. Years later, the attack remains a textbook example of build-tool supply chain compromise.
An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.
Weekly insights on software supply chain security, delivered to your inbox.