Industry Trends
When Observability Meets Security: The Convergence That Changes Everything
Observability and security have operated in silos for too long. Their convergence creates capabilities that neither could achieve alone.
Oct 5, 20236 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Observability and security have operated in silos for too long. Their convergence creates capabilities that neither could achieve alone.
WebAssembly is expanding beyond the browser into server-side and edge workloads. The security model and supply chain implications deserve closer scrutiny.
Semver promises predictability in dependency management. In practice, it creates a trust model with serious security implications that most developers do not consider.
Container build tools have direct access to your source code, secrets, and registries. BuildKit and Buildah offer security features that most teams ignore. Here is what to use and why.
Should you pin exact dependency versions or use ranges? The answer is more nuanced than most teams think, and getting it wrong has real security implications.
A pre-release security checklist that covers dependency verification, vulnerability scanning, SBOM generation, and artifact integrity for every production release.
The software industry runs on open source maintained by unpaid volunteers. Until we fix the funding problem, we can't fix the security problem.
Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.
When a dependency becomes a security liability, migration is the only real fix. Here is a structured approach to dependency migration that minimizes risk and disruption.
Weekly insights on software supply chain security, delivered to your inbox.