Concepts
In-depth guides and analysis on concepts from the Safeguard engineering team.
116 articles
Secure Defaults, Explained
Secure defaults mean the out-of-the-box configuration is the safe one, and weakening it requires a deliberate opt-in. Here's why the default state decides most real-world security outcomes.
Symmetric vs Asymmetric Encryption: What's the Difference?
Symmetric encryption uses one shared key for both locking and unlocking. Asymmetric encryption uses a key pair, one public and one private. One is fast; the other solves the key-sharing problem.
What Is a Security Patch
A security patch is a small update that fixes a specific flaw in software. Here is what patches are, why applying them quickly matters, and how teams manage them.
What Is an Artifact Attestation?
An artifact attestation is a signed, machine-readable claim about a software artifact, bound to it by digest. Here's how the in-toto structure works and what kinds of claims it carries.
What Is a Secure SDLC (Secure Software Development Lifecycle)?
A Secure SDLC embeds security activities into every phase of software development — from planning to production — instead of bolting a security review on at the end. Here's what each phase looks like and how to build one.
What Is the AGPL License? The Network Copyleft, Explained
The GNU Affero GPL closes the SaaS loophole: it extends copyleft to software used over a network. Here is what AGPLv3 requires, why companies treat it cautiously, and what it means for you.
Encryption vs Hashing: What's the Difference?
Encryption scrambles data so it can be unscrambled later with a key. Hashing turns data into a fixed fingerprint that can never be reversed. One protects secrets; the other verifies them.
Understanding SBOM Formats
A software bill of materials is only useful if tools can read it. Two standards dominate — SPDX and CycloneDX — and knowing what each captures, how they differ, and when to use which is the difference between an inventory that works and one that gathers dust.
What Is a Software Dependency
A software dependency is outside code your program relies on to run. Here is what dependencies are, why modern apps have so many, and why they matter for security.
What Is Open Source License Compliance?
Open source license compliance is the practice of tracking every open source component you use and honoring the legal obligations of its license. Get it wrong and you risk lawsuits, forced code disclosure, or a blocked acquisition.
What Is Software Provenance?
Software provenance is the verifiable record of where an artifact came from and how it was built. Here's what a provenance record contains, how it is proven, and why it stops build-time tampering.
What Is the Mozilla Public License (MPL 2.0)?
The Mozilla Public License 2.0 is a file-level copyleft license that sits between permissive and strong copyleft. Here is how its per-file reciprocity works and what it means for your project.