Safeguard
Topic

Concepts

In-depth guides and analysis on concepts from the Safeguard engineering team.

116 articles

Concepts

What Is the Apache 2.0 License? A Complete Guide

The Apache License 2.0 is a permissive license with an explicit patent grant and a few conditions that set it apart from MIT and BSD. Here is what it permits, requires, and means for compliance.

Jul 1, 20266 min read
Concepts

What Is the MIT License? A Plain-English Guide

The MIT License is one of the shortest and most permissive open-source licenses in existence. Here is exactly what it lets you do, what it requires, and what it means for compliance.

Jul 1, 20267 min read
Concepts

What Is Threat Modeling?

Threat modeling is the structured practice of asking what can go wrong with a system before you build it, then designing controls to match. Here's the four-question framework, how to run a session, and where it fits supply chain security.

Jul 1, 20267 min read
Concepts

What Is Security Logging?

Security logging records security-relevant events so activity can be monitored, investigated, and audited. Learn what to log, how it works, and the common pitfalls.

May 21, 20266 min read
Concepts

What Is a Security Control?

A security control is a safeguard that prevents, detects, or responds to threats to reduce risk. Learn the types, categories, and how frameworks organize them.

Apr 9, 20266 min read
Concepts

What Is a Security Champion?

A security champion is a developer who advocates for security inside their team, bridging engineering and the security function. Learn the role, how programs work, and why they scale culture.

Mar 18, 20266 min read
Concepts

What Is Security Hardening?

Security hardening reduces a system's attack surface by removing what it does not need and configuring the rest safely. Learn the principles, benchmarks, and how to apply it.

Feb 27, 20265 min read
Concepts

What Is Patch Management?

Patch management is the process of finding, testing, and deploying software updates that fix bugs and security flaws. Learn the lifecycle, prioritization, and why it matters.

Feb 6, 20266 min read
Concepts

What Is Access Control?

Access control decides who can reach a resource and what they can do with it. Learn the common models, how enforcement works, and why least privilege is the guiding rule.

Jan 14, 20266 min read
Concepts

What Is a Build Artifact?

A build artifact is the packaged output your build process produces from source code. Here is why artifacts are a critical supply chain checkpoint and how to verify their provenance.

Dec 2, 20256 min read
Concepts

What Is a CVE Numbering Authority (CNA)?

A CNA is an organization authorized to assign CVE identifiers to vulnerabilities in its scope. Here is how CNAs work and why they shape how fast a flaw becomes citable.

Nov 11, 20255 min read
Concepts

What Is OSV (Open Source Vulnerabilities)?

OSV is an open, ecosystem-native vulnerability database that expresses affected versions in precise, machine-matchable ranges. Here is how it works and why scanners rely on it.

Oct 21, 20256 min read
Concepts (Page 6) — Supply Chain Security Blog | Safeguard