Safeguard
Topic

Regulatory Compliance

In-depth guides and analysis on regulatory compliance from the Safeguard engineering team.

138 articles

Regulatory Compliance

FastAPI and Pydantic dependency injection security pitfalls

FastAPI's Depends() and Pydantic's type validation look airtight but hide real bypass patterns — caching bugs, extra="allow" mass assignment, and leaked test overrides.

Jan 26, 20267 min read
Regulatory Compliance

Common OAuth2 and JWT implementation mistakes in FastAPI ...

A practical walkthrough of the FastAPI JWT security mistakes that lead to broken authentication, plus concrete fixes for OAuth2 flows and token validation.

Jan 25, 20268 min read
Regulatory Compliance

NestJS dependency injection and module configuration secu...

NestJS's dependency injection container silently governs data isolation and supply-chain trust. Here's how scope, module, and factory misconfigurations turn into real security failures.

Jan 24, 20267 min read
Regulatory Compliance

Financial Services Supply Chain Controls for 2026

What banks, broker-dealers, and insurers should require from their software vendors in 2026: DORA, NYDFS Part 500, OCC guidance, and the operational resilience controls that actually hold up.

Jan 22, 20266 min read
Regulatory Compliance

Spring Boot Actuator endpoint exposure and information di...

Exposed Spring Boot actuator endpoints leak env variables, heap dumps, and credentials via a single unauthenticated request — here's why it keeps happening and how to fix it.

Jan 22, 20267 min read
Regulatory Compliance

Spring Security misconfigurations and default credential ...

Default credentials, exposed Actuator endpoints, and missed filter rules: how spring security misconfiguration quietly exposes Java apps to breach.

Jan 21, 20267 min read
Regulatory Compliance

PCI DSS software composition analysis requirements for pa...

What PCI DSS 4.0.1 actually requires for tracking third-party and open-source code in payment software, and how SBOMs and SCA tooling satisfy it.

Jan 5, 20267 min read
Regulatory Compliance

GLBA Safeguards Rule requirements for software vendor ris...

What the FTC's GLBA Safeguards Rule requires for vendor risk management: contract terms, assessment frequency, and liability when a vendor fails.

Jan 3, 20268 min read
Regulatory Compliance

HIPAA compliance and software composition analysis for he...

HIPAA doesn't name software composition analysis, but auditors increasingly expect it. Here's how healthcare teams use SCA to manage third-party risk and protect ePHI.

Jan 2, 20267 min read
Regulatory Compliance

NAIC Insurance Data Security Model Law compliance for sof...

What NAIC model law software vendor compliance means for insurtech and SaaS vendors, and how insurer TPRM programs are enforcing it in contracts today.

Dec 31, 20258 min read
Regulatory Compliance

ISO/SAE 21434 compliance for automotive software suppliers

What ISO/SAE 21434 actually requires of automotive software suppliers, why UN R155 makes it mandatory, and how Tier 1s can build compliance into engineering instead of bolting it on.

Dec 29, 20258 min read
Regulatory Compliance

UNECE WP.29 R155 software supply chain requirements for a...

A practical breakdown of UNECE WP.29 R155 compliance: CSMS certification, the SBOM requirement, and type approval cybersecurity rules automakers and suppliers now face.

Dec 29, 20257 min read
Regulatory Compliance (Page 7) — Supply Chain Security Blog | Safeguard