Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

DevSecOps

Policy Bypass Culture: What Happens When Deadlines Beat G...

When deadlines collide with security gates, developers bypass them quietly and often. Here's how policy bypass culture forms, what it costs, and how to stop it.

Jul 18, 20258 min read
Application Security

Why Systems Integrators Are Becoming Central to Enterpris...

As regulations like NIST SSDF, DORA, and the EU Cyber Resilience Act raise the bar, systems integrators are taking the lead role in enterprise AppSec rollouts.

Jul 14, 20257 min read
Compliance

Compliance Reporting with Safeguard: From Raw Data to Audit-Ready Documents

How to use Safeguard's compliance reporting engine to generate audit-ready documentation for SOC 2, ISO 27001, NIST SSDF, and other frameworks without weeks of manual work.

Jul 8, 20256 min read
Compliance

NIS2 in Italy: Legislative Decree 138/2024 and the Tiered Sanctions Regime

Italy's NIS2 transposition entered into force on 16 October 2024 via Decree 138/2024, with fines reaching 10 million EUR or 2% of global turnover for essential entities.

Jun 18, 20256 min read
Cloud Security

Encryption Services: Managed vs Self-Hosted

Choosing between a managed key management service and a self-hosted encryption stack comes down to who you trust to hold the keys and who you trust to patch the software.

May 22, 20256 min read
Compliance

BSD 3-Clause License Explained

The BSD 3-clause license is one of the most permissive open source licenses in wide use — here's what its three conditions actually require and how it differs from MIT and Apache 2.0.

May 6, 20256 min read
Compliance

Software Transparency Goes Global: Regulatory Developments in 2025

From the EU Cyber Resilience Act to Japan's software security guidelines, governments worldwide are mandating software transparency. A comprehensive overview of the global regulatory landscape.

Apr 10, 20255 min read
Compliance

The SBOM Compliance Landscape in 2025: What You Need to Know

From the US Executive Order to the EU Cyber Resilience Act, SBOM requirements are becoming law. Here is where things stand in 2025 and what organizations need to do to comply.

Jan 18, 20256 min read
Regulatory Compliance

Digital Health HIPAA Supply Chain Intersection

Digital health startups collide with HIPAA obligations as soon as they touch clinical data. A regulatory map of the supply chain choke points.

Dec 22, 20247 min read
Regulatory Compliance

NYDFS 500 Meets SBOM Requirements

23 NYCRR Part 500 was amended in 2023 with stronger third-party and vulnerability management language. For covered financial entities, SBOM practice has quietly become a compliance expectation.

Nov 25, 20247 min read
Regulatory Compliance

NIST CSF 2.0 Rollout: Field Observations

NIST CSF 2.0 added the Govern function, broadened the target audience, and clarified supply chain expectations. Field observations from the first year of adoption.

Nov 22, 20246 min read
Comparisons

CycloneDX vs SPDX in Practice: Choosing an SBOM Format

Both formats are standards, both are mandated somewhere, and your tooling probably emits both. What actually differs when you run CycloneDX and SPDX in production.

Oct 23, 20246 min read
compliance (Page 31) — Safeguard Blog