AppSec
The Security Implications of Package Bundlers
Bundlers transform your code and dependencies into production artifacts. The security implications of this transformation are significant and widely overlooked.
May 28, 20236 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Bundlers transform your code and dependencies into production artifacts. The security implications of this transformation are significant and widely overlooked.
Law firms and legal tech companies handle privileged data through increasingly complex software. Here's how to manage the software supply chain risk.
HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.
Serverless architectures shift the attack surface from infrastructure to application dependencies. This guide covers the unique supply chain risks of serverless and how to address them.
How OSINT techniques can uncover supply chain threats hiding in plain sight—from compromised packages to suspicious maintainer activity.
What happens when a critical vendor disappears? Software escrow arrangements protect your business continuity, but most organizations get the implementation wrong.
FISMA's authorization framework creates strict requirements for software in federal systems. Here's how supply chain security fits into the ATO process.
Traditional threat modeling focuses on your code. Supply chain threat modeling extends to every tool, dependency, and process that touches your software. Here is how to do it systematically.
Australia's SOCI Act imposes strict cybersecurity obligations on critical infrastructure. Here's what software suppliers need to understand.
Weekly insights on software supply chain security, delivered to your inbox.