Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

SBOM & Compliance

How to Build a VEX Document for Your Consumers

A hands-on tutorial for producing a CSAF-VEX document that tells your customers which CVEs actually affect your product and which do not.

Jul 22, 20246 min read
Regulatory Compliance

ISO 27001 Meets NIST CSF: Integration

Running an ISMS under ISO 27001:2022 while executives want NIST CSF 2.0 reporting? These frameworks integrate cleanly if you map Annex A controls to CSF subcategories once and stop duplicating work.

Jun 25, 20246 min read
Regulatory Compliance

OSS Contributor License Agreements Reviewed

CLAs, DCOs, and the subtle differences between Apache ICLAs, Google corporate CLAs, and Eclipse ECAs shape what contributors give up and what projects can do.

May 25, 20247 min read
Regulatory Compliance

SOX IT Controls Meet Software Controls

Sarbanes-Oxley IT general controls predate modern software delivery. Here's how change management, access, and segregation of duties controls actually look when applied to CI/CD pipelines and software components.

May 20, 20247 min read
SBOM and Compliance

SBOM Visualization Tools Compared: Making Dependency Data Actionable

An SBOM in JSON or XML format is data. A visualization turns that data into insight. This comparison examines how different tools present SBOM data and which approaches work best for different audiences.

May 20, 20246 min read
SBOM & Compliance

Migrating SBOM Tooling Providers

A practical field guide to switching SBOM tooling vendors without losing historical data, breaking compliance reports, or annoying the auditors.

May 18, 20248 min read
Compliance

Types of Security Audits, Explained

There isn't one kind of security audit — compliance audits, penetration tests, code audits, and architecture reviews all answer different questions and require different evidence.

May 14, 20245 min read
Concepts

What is a Security Audit

A security audit is an evidence-based check that your controls actually meet a standard. Here's the process, the main frameworks, and how it differs from a pentest.

May 9, 20245 min read
Compliance & Frameworks

EU NIS2 Directive: What Software Supply Chain Teams Need to Know

The NIS2 Directive imposes new cybersecurity obligations across the EU, with specific requirements for supply chain risk management that affect software vendors and their customers.

Apr 25, 20247 min read
Compliance

IoT Firmware SBOMs: From Nice-to-Have to Regulatory Requirement

Government mandates and industry standards are making SBOMs mandatory for IoT firmware. Here's what manufacturers need to know to comply.

Apr 12, 20246 min read
SBOM and Compliance

Compliance Dashboard Design Patterns for Supply Chain Security

Compliance dashboards translate complex supply chain data into actionable views for auditors, executives, and engineering teams. These design patterns make the difference between a dashboard that drives action and one that collects dust.

Apr 10, 20246 min read
Regulatory Compliance

HIPAA Meets HITRUST: Supply Chain Depth

HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.

Apr 8, 20246 min read
compliance (Page 33) — Safeguard Blog