Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A senior engineer's review of the 2025 VS Code Marketplace malware wave, including typosquats, trojanized themes, and extensions that stole npm tokens at scale.
Supply chain security for financial services in 2026 means DORA, NYDFS 500, FFIEC, and OCC expectations. A practical guide for banks, insurers, and fintechs.
A senior engineer's view of six years of npm protestware, from colors.js to peacenotwar, and the supply chain lessons that still apply to modern JavaScript shops.
The datasets you use to evaluate model safety are themselves a supply chain, and almost nobody is treating them that way. A senior engineer's audit of how eval corpora get poisoned, contaminated, and silently drifted.
HHS's December 2024 NPRM rewrites the HIPAA Security Rule with explicit software supply chain, SBOM, and business associate controls set to take effect in 2025 and 2026.
How to scope a bug bounty program when most of your attack surface lives in third-party dependencies — with guidance on payouts, triage, and upstream coordination.
The CCCS's 2024-2025 supply chain guidance and Bill C-26 reshape Canada's expectations for SBOMs, vendor assurance, and protection of critical cyber systems.
Digital health startups collide with HIPAA obligations as soon as they touch clinical data. A regulatory map of the supply chain choke points.
BlackTech's firmware implants in Cisco routers turned edge devices into long-dwell footholds. A look at the tradecraft and what defenders missed.
Weekly insights on software supply chain security, delivered to your inbox.