compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
How to Build a VEX Document for Your Consumers
A hands-on tutorial for producing a CSAF-VEX document that tells your customers which CVEs actually affect your product and which do not.
ISO 27001 Meets NIST CSF: Integration
Running an ISMS under ISO 27001:2022 while executives want NIST CSF 2.0 reporting? These frameworks integrate cleanly if you map Annex A controls to CSF subcategories once and stop duplicating work.
OSS Contributor License Agreements Reviewed
CLAs, DCOs, and the subtle differences between Apache ICLAs, Google corporate CLAs, and Eclipse ECAs shape what contributors give up and what projects can do.
SOX IT Controls Meet Software Controls
Sarbanes-Oxley IT general controls predate modern software delivery. Here's how change management, access, and segregation of duties controls actually look when applied to CI/CD pipelines and software components.
SBOM Visualization Tools Compared: Making Dependency Data Actionable
An SBOM in JSON or XML format is data. A visualization turns that data into insight. This comparison examines how different tools present SBOM data and which approaches work best for different audiences.
Migrating SBOM Tooling Providers
A practical field guide to switching SBOM tooling vendors without losing historical data, breaking compliance reports, or annoying the auditors.
Types of Security Audits, Explained
There isn't one kind of security audit — compliance audits, penetration tests, code audits, and architecture reviews all answer different questions and require different evidence.
What is a Security Audit
A security audit is an evidence-based check that your controls actually meet a standard. Here's the process, the main frameworks, and how it differs from a pentest.
EU NIS2 Directive: What Software Supply Chain Teams Need to Know
The NIS2 Directive imposes new cybersecurity obligations across the EU, with specific requirements for supply chain risk management that affect software vendors and their customers.
IoT Firmware SBOMs: From Nice-to-Have to Regulatory Requirement
Government mandates and industry standards are making SBOMs mandatory for IoT firmware. Here's what manufacturers need to know to comply.
Compliance Dashboard Design Patterns for Supply Chain Security
Compliance dashboards translate complex supply chain data into actionable views for auditors, executives, and engineering teams. These design patterns make the difference between a dashboard that drives action and one that collects dust.
HIPAA Meets HITRUST: Supply Chain Depth
HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.