Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

Measuring AppSec Program Effectiveness in 2026

The metrics that actually distinguish high-functioning application security programs from theater, with concrete formulas and reporting cadences for 2026.

Feb 2, 20266 min read
Best Practices

CISO FAQ: Software Supply Chain Security 2026

The questions CISOs actually ask about software supply chain security in 2026: scope, budget, reporting lines, SBOMs, AI code, and where to start.

Jan 30, 20267 min read
Best Practices

What is a Security Baseline

A security baseline is the minimum, testable set of controls every system or repo must meet — here's how it differs from policy, and how to build one for your supply chain.

Jan 30, 20267 min read
Best Practices

What is the Principle of Least Functionality

The principle of least functionality (NIST CM-7) means shipping only the ports, services, and code a system needs—nothing extra "just in case."

Jan 27, 20267 min read
Best Practices

What is Defense in Depth

Defense in depth stacks independent security layers—source, build, dependencies, artifacts, runtime—so no single failure causes a breach.

Jan 27, 20267 min read
Best Practices

What is Security by Obscurity

Security by obscurity means hiding a system instead of securing it. Here's why that bet fails, with real breaches, real CVEs, and what to build instead.

Jan 27, 20267 min read
Best Practices

What is a Trust Store

Trust stores decide which signatures your systems believe. Here's how they work, why they matter for supply chain security, and how to audit them.

Jan 27, 20266 min read
Best Practices

Build a Software Supply Chain Program in 90 Days

A pragmatic, phase-by-phase blueprint for standing up a credible software supply chain security program inside a single fiscal quarter without boiling the ocean.

Jan 26, 20266 min read
Best Practices

What is Credential Rotation

Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.

Jan 26, 20266 min read
Best Practices

The Secure Software Development Lifecycle in 2025: What Actually Changed

A practical look at how SSDLC practices evolved in 2025, what worked, what failed, and why most organizations are still getting the basics wrong.

Dec 8, 20257 min read
Best Practices

The Complete Guide to Dependency Lifecycle Management

Dependencies are not static. They are born, maintained, deprecated, and abandoned. Here is how to manage the full lifecycle of your software dependencies.

Oct 30, 20257 min read
Best Practices

Enterprise Rails Security Audit: 2025 Field Notes

After 14 Rails audits in the last 12 months, the same eight issues kept surfacing. Here's the 2025 field checklist for Rails 7.2 and 8.0 enterprise apps.

May 16, 20255 min read
Best Practices (Page 14) — Supply Chain Security Blog | Safeguard