Safeguard
Tag

best-practices

Safeguard articles tagged "best-practices" — guides, analysis, and best practices for software supply chain and application security.

105 articles

Best Practices

Hiring Software Supply Chain Security Engineers

What to screen for, how to structure interviews, and the signals that distinguish real supply chain security engineers from adjacent AppSec talent in 2026.

Feb 9, 20266 min read
Best Practices

How to implement password policy best practices

A step-by-step guide to implement password policy best practices: aligning with NIST guidelines, dropping outdated complexity rules, and rolling out passwordless authentication.

Feb 6, 20267 min read
Best Practices

Measuring AppSec Program Effectiveness in 2026

The metrics that actually distinguish high-functioning application security programs from theater, with concrete formulas and reporting cadences for 2026.

Feb 2, 20266 min read
Best Practices

What is a Security Baseline

A security baseline is the minimum, testable set of controls every system or repo must meet — here's how it differs from policy, and how to build one for your supply chain.

Jan 30, 20267 min read
Best Practices

What is the Principle of Least Functionality

The principle of least functionality (NIST CM-7) means shipping only the ports, services, and code a system needs—nothing extra "just in case."

Jan 27, 20267 min read
Best Practices

What is Defense in Depth

Defense in depth stacks independent security layers—source, build, dependencies, artifacts, runtime—so no single failure causes a breach.

Jan 27, 20267 min read
Best Practices

What is Security by Obscurity

Security by obscurity means hiding a system instead of securing it. Here's why that bet fails, with real breaches, real CVEs, and what to build instead.

Jan 27, 20267 min read
Best Practices

What is a Trust Store

Trust stores decide which signatures your systems believe. Here's how they work, why they matter for supply chain security, and how to audit them.

Jan 27, 20266 min read
Best Practices

Build a Software Supply Chain Program in 90 Days

A pragmatic, phase-by-phase blueprint for standing up a credible software supply chain security program inside a single fiscal quarter without boiling the ocean.

Jan 26, 20266 min read
Best Practices

What is Credential Rotation

Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.

Jan 26, 20266 min read
Container Security

Container Security Best Practices Checklist 2026

A practical container security checklist for 2026 covering base images, runtime controls, registry hygiene, and signing, with specific thresholds defenders can adopt.

Jan 22, 20265 min read
Best Practices

The Secure Software Development Lifecycle in 2025: What Actually Changed

A practical look at how SSDLC practices evolved in 2025, what worked, what failed, and why most organizations are still getting the basics wrong.

Dec 8, 20257 min read
best-practices (Page 6) — Safeguard Blog