Best Practices
Break-Glass Workflow Design: Audited Bypass That Works
Every policy needs a bypass path or it will be routed around. The trick is making the bypass auditable, time-bound, and rare enough to remain meaningful.
Mar 31, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Every policy needs a bypass path or it will be routed around. The trick is making the bypass auditable, time-bound, and rare enough to remain meaningful.
Dependency confusion turned five in 2026. We look at how the attack has evolved, why it still works, and what defenders have actually learned.
When your pipeline starts producing zero-days, you inherit responsible disclosure obligations. Here is how to do it well, with the artefacts the pipeline already gives you.
Public npm packages your org published years ago are now an attacker's best targets. Find them before someone else does.
A 2026 blueprint for Go modules supply chain security — from proxy and checksum database to vendoring and binary provenance — anchored by Safeguard.
Most TPRM programs tier vendors by spend. That misses the vendors who are cheap but catastrophic when they fail. Tiering by blast radius is the fix.
A technical retrospective on the 2024 Cyberhaven Chrome extension compromise: the phishing chain, the malicious OAuth flow, the exfiltration payload, and what actually changes browser-extension supply chain defense.
A senior-engineer comparison of CycloneDX and SPDX in 2026, covering field coverage, tooling, AI-BOM support, VEX, and the practical trade-offs for your programme.
PCI DSS 4.0 raises the bar for software security and supplier oversight. Learn how to satisfy Requirement 6 and 12.8 with continuous supply chain evidence.
Weekly insights on software supply chain security, delivered to your inbox.