Regulatory Compliance
In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.
138 articles
FastAPI and Pydantic dependency injection security pitfalls
FastAPI's Depends() and Pydantic's type validation look airtight but hide real bypass patterns — caching bugs, extra="allow" mass assignment, and leaked test overrides.
Common OAuth2 and JWT implementation mistakes in FastAPI ...
A practical walkthrough of the FastAPI JWT security mistakes that lead to broken authentication, plus concrete fixes for OAuth2 flows and token validation.
NestJS dependency injection and module configuration secu...
NestJS's dependency injection container silently governs data isolation and supply-chain trust. Here's how scope, module, and factory misconfigurations turn into real security failures.
Financial Services Supply Chain Controls for 2026
What banks, broker-dealers, and insurers should require from their software vendors in 2026: DORA, NYDFS Part 500, OCC guidance, and the operational resilience controls that actually hold up.
Spring Boot Actuator endpoint exposure and information di...
Exposed Spring Boot actuator endpoints leak env variables, heap dumps, and credentials via a single unauthenticated request — here's why it keeps happening and how to fix it.
Spring Security misconfigurations and default credential ...
Default credentials, exposed Actuator endpoints, and missed filter rules: how spring security misconfiguration quietly exposes Java apps to breach.
PCI DSS software composition analysis requirements for pa...
What PCI DSS 4.0.1 actually requires for tracking third-party and open-source code in payment software, and how SBOMs and SCA tooling satisfy it.
GLBA Safeguards Rule requirements for software vendor ris...
What the FTC's GLBA Safeguards Rule requires for vendor risk management: contract terms, assessment frequency, and liability when a vendor fails.
HIPAA compliance and software composition analysis for he...
HIPAA doesn't name software composition analysis, but auditors increasingly expect it. Here's how healthcare teams use SCA to manage third-party risk and protect ePHI.
NAIC Insurance Data Security Model Law compliance for sof...
What NAIC model law software vendor compliance means for insurtech and SaaS vendors, and how insurer TPRM programs are enforcing it in contracts today.
ISO/SAE 21434 compliance for automotive software suppliers
What ISO/SAE 21434 actually requires of automotive software suppliers, why UN R155 makes it mandatory, and how Tier 1s can build compliance into engineering instead of bolting it on.
UNECE WP.29 R155 software supply chain requirements for a...
A practical breakdown of UNECE WP.29 R155 compliance: CSMS certification, the SBOM requirement, and type approval cybersecurity rules automakers and suppliers now face.