Concepts
In-depth guides and analysis on concepts from the Safeguard engineering team.
116 articles
What Is the Apache 2.0 License? A Complete Guide
The Apache License 2.0 is a permissive license with an explicit patent grant and a few conditions that set it apart from MIT and BSD. Here is what it permits, requires, and means for compliance.
What Is the MIT License? A Plain-English Guide
The MIT License is one of the shortest and most permissive open-source licenses in existence. Here is exactly what it lets you do, what it requires, and what it means for compliance.
What Is Threat Modeling?
Threat modeling is the structured practice of asking what can go wrong with a system before you build it, then designing controls to match. Here's the four-question framework, how to run a session, and where it fits supply chain security.
What Is Security Logging?
Security logging records security-relevant events so activity can be monitored, investigated, and audited. Learn what to log, how it works, and the common pitfalls.
What Is a Security Control?
A security control is a safeguard that prevents, detects, or responds to threats to reduce risk. Learn the types, categories, and how frameworks organize them.
What Is a Security Champion?
A security champion is a developer who advocates for security inside their team, bridging engineering and the security function. Learn the role, how programs work, and why they scale culture.
What Is Security Hardening?
Security hardening reduces a system's attack surface by removing what it does not need and configuring the rest safely. Learn the principles, benchmarks, and how to apply it.
What Is Patch Management?
Patch management is the process of finding, testing, and deploying software updates that fix bugs and security flaws. Learn the lifecycle, prioritization, and why it matters.
What Is Access Control?
Access control decides who can reach a resource and what they can do with it. Learn the common models, how enforcement works, and why least privilege is the guiding rule.
What Is a Build Artifact?
A build artifact is the packaged output your build process produces from source code. Here is why artifacts are a critical supply chain checkpoint and how to verify their provenance.
What Is a CVE Numbering Authority (CNA)?
A CNA is an organization authorized to assign CVE identifiers to vulnerabilities in its scope. Here is how CNAs work and why they shape how fast a flaw becomes citable.
What Is OSV (Open Source Vulnerabilities)?
OSV is an open, ecosystem-native vulnerability database that expresses affected versions in precise, machine-matchable ranges. Here is how it works and why scanners rely on it.