Concepts
In-depth guides and analysis on concepts from the Safeguard engineering team.
116 articles
Zero Trust Architecture, Explained
Zero trust replaces the trusted internal network with a model that verifies every request explicitly, regardless of where it comes from. Here's what it actually means and how to move toward it.
What Is Infrastructure as Code (IaC) Security?
Infrastructure as Code (IaC) security is the practice of scanning and hardening the machine-readable files that define your cloud infrastructure — before they provision anything. Here's how it catches misconfigurations at the source.
Authentication vs Authorization: What's the Difference?
Authentication proves who you are. Authorization decides what you're allowed to do. One is the ID check at the door; the other is the list of rooms you can enter.
The Principle of Least Privilege, Explained
Least privilege means every user, service, and process gets exactly the access it needs to do its job — and nothing more. Here's why it contains breaches and how to implement it without breaking things.
Secure Design Principles Every Team Should Know
Secure design principles are the durable rules of thumb — least privilege, fail securely, defense in depth, secure defaults — that keep systems safe by construction rather than by patching. Here's the working set and how to apply them.
Threat Modeling for Developers
Threat modeling doesn't have to be a heavyweight ceremony run by a separate security team. Here's how developers can fold lightweight, per-feature threat modeling directly into pull requests and sprint work.
Understanding CVSS Scores
CVSS turns a vulnerability's characteristics into a number from 0 to 10 and a severity label. Here is what the score actually measures, how the metrics combine, and why the number alone should never drive your patching.
Understanding Dependency Trees
The libraries you install are only the tip of the iceberg. Each one pulls in its own dependencies, which pull in more, forming a tree that can run hundreds of packages deep. Understanding that tree is the first step to securing it.
What Is Defense in Depth in Security?
Defense in depth is a layered security strategy that assumes any single control will eventually fail, so it stacks independent safeguards to slow and stop attackers. Here's how the model works and how it maps to the software supply chain.
What Is Malware? Types and How It Spreads
Malware is any software built to do harm, from stealing data to locking up your files. Here's a beginner-friendly tour of the main types and how it gets in.
What Is the BSD License? 2-Clause vs 3-Clause Explained
The BSD licenses are a family of short, permissive licenses. This guide explains the 2-clause and 3-clause variants, what each permits, and what they mean for compliance.
What Is the GPL License? Copyleft Explained
The GNU General Public License is the best-known copyleft license. This guide explains what it permits, its source-disclosure obligations, GPLv2 vs GPLv3, and what it means for your project.