Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
From AI-generated SBOMs to regulatory enforcement and the death of CVSS-only triage, here is what the software security landscape will look like in 2026.
The 2025 annual SSCS report lands into a changed landscape. Key findings, trend lines, and what the numbers actually imply for 2026 planning.
From the CVE program funding crisis to the rise of AI-targeted supply chain attacks, 2025 reshaped the software security landscape. A comprehensive look at the year's defining events and trends.
A look back at vulnerability disclosure in 2024: counts, severity distribution, time-to-patch, and the handful of incidents that shifted practice. Numbers, not narrative.
Codes of conduct are not just social documents. They affect maintainer retention, contributor diversity, and ultimately the security posture of the project.
An industry-level look at integrating GCP Security Command Center with the rest of the security stack: which findings are signal, which are noise, and how to route the output so it actually gets actioned.
CNCF, Linux Foundation, Apache, Eclipse — each has a different governance model. A practical evaluation of what that means for projects considering adoption.
Six months after the OSS Pledge launch, adoption is climbing but uneven. Who signed, who followed through with funding, and what the pledge has actually shifted in open-source economics.
Weekly insights on software supply chain security, delivered to your inbox.