Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Concepts

How to Choose an Open Source License

Choosing a license for your project comes down to how much control you want over downstream use. This guide walks through the decision — permissive, weak copyleft, or strong copyleft.

Jul 8, 20267 min read
FAQ

SBOM Compliance Requirements FAQ: NTIA Elements, Formats, and Mandates

A precise FAQ on SBOM compliance in 2026 — the NTIA minimum elements, accepted formats, where SBOMs are actually mandated (federal, FDA, EU CRA), depth, VEX, and generation.

Jul 8, 20266 min read
Compliance & Frameworks

What AI Executive Orders Actually Mean for Enterprise Security Teams

The US revoked its AI safety EO in January 2025, but SBOM and evidence obligations under EO 14028 never went away — and the EU AI Act just got harder deadlines.

Jul 8, 20267 min read
Compliance & Frameworks

Mapping security training and roles to the NIST NICE Framework

NIST's NICE Framework sorts cybersecurity work into 7 categories and 52 work roles — most security teams have never mapped a single job description to it.

Jul 8, 20266 min read
Compliance & Frameworks

DORA compliance for application risk management

DORA became fully applicable on 17 January 2025 with no grace period, and its ICT risk-management articles map almost line-for-line onto standard AppSec practice.

Jul 8, 20266 min read
Best Practices

The four pillars every enterprise security program needs

Identity, patching, segmentation, and logging aren't a checklist — they're the four controls that determine whether a breach stays contained or becomes Log4Shell.

Jul 8, 20266 min read
Compliance & Frameworks

Japan METI's SBOM Guidance: What Software Vendors Need to Know

METI's SBOM guidance has no legal teeth, yet Ver. 2.0 already shapes procurement at Japan's largest manufacturers and critical-infrastructure buyers.

Jul 8, 20267 min read
Compliance & Frameworks

Mapping NIST CSF 2.0 to your AppSec program

NIST CSF 2.0 added a sixth function, Govern, in February 2024 — most AppSec teams still map their tooling to only three of the six.

Jul 8, 20266 min read
Compliance & Frameworks

The SEC's cybersecurity disclosure rules, explained for CISOs and boards

Since December 18, 2023, U.S. public companies must disclose material cyber incidents within four business days — and boards must now document their oversight of the risk.

Jul 8, 20266 min read
Compliance

ISO 27001 application security: the Annex A controls that govern your code

ISO/IEC 27001:2022 added and sharpened Annex A controls for secure development and technical vulnerabilities. Here's how they apply to application and supply chain security.

Jul 7, 20265 min read
FAQ

NIST SSDF FAQ: SP 800-218, the Four Practice Groups, and Attestation

A precise FAQ on the NIST Secure Software Development Framework in 2026 — the four practice groups, the CISA self-attestation form, EO 14028 lineage, the AI augmentation, and the evidence behind it.

Jul 7, 20266 min read
Concepts

Open Source License Comparison: MIT, Apache, BSD, GPL, and More

A side-by-side comparison of the major open-source licenses — MIT, BSD, Apache 2.0, MPL, LGPL, GPL, and AGPL — across permissions, conditions, copyleft strength, and patent handling.

Jul 7, 20266 min read
compliance (Page 2) — Safeguard Blog