Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
2025 research on Go toolchain supply chain risks: module proxy abuse, replace directive attacks, cgo linker vectors, and the hardening patterns Go shops should adopt.
A senior engineer's review of academic research on fine-tune backdoor insertion, from BadNets to sleeper agents, and how the findings translate to production ML.
Nullcon Berlin 2026 delivered a dense European view of software supply chain research. Here are the themes and sessions that mattered most to defenders.
The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.
The Safeguard Research team built a risk index for transitive dependencies and ranked the ten categories that concentrate the most risk in modern stacks.
The Safeguard Research team measured how often AI coding assistants hallucinate non-existent packages, how sticky those hallucinations are, and what defenders should do.
The Safeguard Research team measured how much abandonment exists in real dependency graphs, how it correlates with risk, and what to do about it.
The Safeguard Research team ran reachability analysis across a large corpus of real codebases. This is what we learned about which CVEs actually matter.
The Safeguard Research team analyzed first-quarter 2026 malicious package telemetry across npm, PyPI, RubyGems, and crates.io. Here is what the data shows.
Weekly insights on software supply chain security, delivered to your inbox.