Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Lazarus Group's 2024-2025 financial sector campaigns combined exchange compromises, DeFi exploits, and developer social engineering. Here is what defenders must know.
A senior-engineer buyer guide for software supply chain security in 2026: what the categories mean, what to test, and what to ignore in vendor pitches.
MCP server telemetry captures sensitive prompts, arguments, and outputs. A governance framework for retention, redaction, and tenant-scoped access is essential.
Provenance describes how software was built, attestations are signed claims about that process, and signing proves origin. Here's how the pieces fit.
A senior engineer's 2025 report on Composer and Packagist supply chain threats: namespace abuse, abandoned maintainers, plugin hooks, and the attacks that actually landed on PHP shops.
A 2026 enforcement update on California SB-327, the IoT security statute that set a national precedent, and what manufacturers and integrators need to know.
Griffin AI's evaluation harness results published for the first time. Benchmark methodology, comparison against baselines, and what the numbers mean for production use.
A senior engineer's view of OpenAI API key leakage on GitHub at scale, why automated secret scanning misses so many, and what actually stops the bleeding.
Symbol conflicts and binary planting are the oldest native-code attacks, and they are showing up in modern software supply chains in unexpected places.
Weekly insights on software supply chain security, delivered to your inbox.