Safeguard
Topic

Industry Analysis

In-depth guides and analysis on industry analysis from the Safeguard engineering team.

294 articles

Industry Analysis

The emerging role of the AI security engineer

OWASP's 2025 LLM Top 10 ranks prompt injection #1 and calls it structurally unfixable by parameterization — a signal that AppSec skills alone no longer cover the job.

Jul 9, 20267 min read
Industry Analysis

The State of Open Source Security: What a Year of Disclosure Data Shows

454,600+ new malicious packages hit open-source registries in 2025, and NVD still closed the year with a 27,000-CVE enrichment backlog.

Jul 8, 20266 min read
Industry Analysis

How the security industry is scaling partnerships for AI risk

No vendor covers model security, agent runtime policy, supply-chain risk, and code-level AppSec alone — partner-sourced ARR at one major vendor grew over 6x from 2023 to 2025.

Jul 7, 20266 min read
Industry Analysis

MSSP and partner program models in AppSec

Checkmarx built an MSSP and partner program around code scanning. Here's how that model works, where it misses software supply chain risk, and what to check before signing.

Jun 23, 20267 min read
Industry Analysis

The hidden cost of surface-level code security

Legacy SAST/SCA scanning piles up findings without context, quietly building code security debt whose hidden cost shows up in engineering hours, audits, and breaches.

Jun 16, 20267 min read
Industry Analysis

Application Security Strategy for 2026: AI, DevSecOps, an...

AppSec platform consolidation is reshaping 2026 strategy. See how it compares to Veracode's approach and where Safeguard fits in a unified DevSecOps stack.

Jun 15, 20267 min read
Industry Analysis

Financial services application security compliance

PCI DSS 4.0, DORA, and NYDFS 500 now demand provable SBOM and provenance evidence — see where legacy SCA tools like Black Duck fall short for financial services teams.

Jun 11, 20266 min read
Industry Analysis

Medical device software security and compliance

FDA's 2023 cybersecurity mandate turned SBOMs into a submission gate. Here's what medical device makers actually need, and where legacy SCA tools like Black Duck fall short.

Jun 11, 20267 min read
Industry Analysis

Public sector / government application security requirements

EO 14028, CISA's attestation form, and FedRAMP have made government application security compliance its own discipline. Here's what's required and where legacy SCA tools like Black Duck fall short.

Jun 11, 20268 min read
Industry Analysis

Embedded software and ISV security programs

Black Duck built its business on binary composition analysis for embedded software. Here's what that approach misses in 2026, and what a modern ISV security program needs instead.

Jun 11, 20268 min read
Industry Analysis

Automotive software security (connected/autonomous vehicles)

UN R155 and R156 are now mandatory for every vehicle sold in the EU, Japan, and Korea. Here's what automotive software security compliance actually requires, and where Black Duck falls short.

Jun 10, 20267 min read
Industry Analysis

InnerSource Practices for Enterprise Development

InnerSource speeds up enterprise code reuse, but it also turns every internal team into an unaudited package publisher. Here's where governance breaks and how to fix it.

Jun 4, 20267 min read
Industry Analysis — Supply Chain Security Blog | Safeguard