Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Secure Boot was designed to keep untrusted code from running before the operating system, but its trust anchors live in firmware that OEMs control and sometimes leak. BlackLotus and PKfail exposed the gap between the spec and the deployment.
Baseboard management controllers run their own operating system below your hypervisor, ship as binary blobs from vendors like AMI and Insyde, and almost never appear in an SBOM. The MegaRAC incidents made that gap impossible to ignore.
The MSI breach exposed Intel BootGuard private keys and OEM signing infrastructure. A look at firmware-level supply chain risk and the gaps that remain.
Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.
Not all software comes with source code. Binary analysis techniques can extract component information from compiled artifacts, firmware, and commercial software to produce SBOMs where traditional tools cannot.
Rust is moving into embedded production fast. The supply chain shape for firmware is different from server-side Rust — smaller trees, longer lifetimes, tighter regulations.
BlackTech's firmware implants in Cisco routers turned edge devices into long-dwell footholds. A look at the tradecraft and what defenders missed.
Government mandates and industry standards are making SBOMs mandatory for IoT firmware. Here's what manufacturers need to know to comply.
How UEFI Secure Boot, shim, and Microsoft third-party UEFI CA connect to software supply chain risk in OS and firmware update pipelines.
Weekly insights on software supply chain security, delivered to your inbox.