Industry Analysis
RSA Conference 2026: Supply Chain Themes
RSA Conference 2026 centered on AI governance, software supply chain regulation, and vendor consolidation. Here is the analyst view of what mattered.
Feb 9, 20268 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
RSA Conference 2026 centered on AI governance, software supply chain regulation, and vendor consolidation. Here is the analyst view of what mattered.
GitLab CI OIDC tokens are becoming the keys to cloud kingdoms. Recent research shows how workflow misconfigurations leak them in surprising ways.
The parts of container supply chain that break differently on AWS Fargate and ECS compared to Kubernetes, and what to do about each one in production.
A jailbreak in a model you ship downstream is a supply chain incident, not a trivia item. Here is how to reason about it and where the defensive controls belong.
Most SBOMs are generated, filed, and forgotten. Treating them as compliance artifacts rather than operational products is why they have not paid off — and how to fix it.
Practical answers to the most common CycloneDX vs SPDX questions: differences, tooling, regulatory preference, VEX support, and when to emit both.
Leaky Vessels bundled four CVEs that let container processes escape into the host. Two years later the class is still mispatched and misunderstood.
RAG pipelines have six or seven supply chain surfaces, and most teams are only watching one. Here is how the attacks actually look in production.
Where the OCI and CNCF image supply chain ecosystem actually sits in 2026, what has stabilized, what is still contested, and what to deploy now versus later.
Weekly insights on software supply chain security, delivered to your inbox.