financial-services
Safeguard articles tagged "financial-services" — guides, analysis, and best practices for software supply chain and application security.
27 articles
How a Fortune 500 Bank Ran Its SBOM Program
An anonymized look at how a Fortune 500 financial services firm operationalized an enterprise SBOM program using Safeguard across 4,200 applications.
SBOM requirements for financial services under DORA
DORA now requires EU financial entities to track every software component down to the dependency level. Here's what the SBOM requirements actually mean.
DORA Subcontracting RTS: Inside Commission Delegated Regulation 2025/532
The DORA subcontracting RTS adopted on 24 March 2025 governs how ICT third-party providers may subcontract critical or important functions, in force from 22 July 2025.
DORA TLPT RTS: What the Threat-Led Penetration Testing Standard Requires
The Commission published the DORA TLPT RTS on 18 June 2025 with direct effect from 8 July 2025. Tests are mandated every three years, aligned to TIBER-EU methodology.
DORA Register of Information: Lessons From the First Submission
The 30 April 2025 ESA deadline forced banks and insurers to inventory every ICT contract against 105 prescribed data points — and exposed structural gaps in third-party data.
FTC Safeguards Rule: The 30-Day Notification Window in Effect
Since May 13, 2024, non-banking financial institutions must notify the FTC within 30 days of a notification event affecting 500 or more consumers.
Patelco Credit Union RansomHub Attack: 1M Records, $7.25M Settlement
RansomHub maintained access to Patelco Credit Union's network from May 23 to June 29, 2024, ultimately exposing data on over one million members and triggering a $7.25M class settlement.
DORA Operational Resilience: Software Implications
DORA became fully applicable January 17, 2025. Here's what Articles 6, 8, 28, and the ICT third-party RTS mean for the software you build, buy, and operate in the EU.
NYDFS 500 Meets SBOM Requirements
23 NYCRR Part 500 was amended in 2023 with stronger third-party and vulnerability management language. For covered financial entities, SBOM practice has quietly become a compliance expectation.
NYDFS Cybersecurity Regulation: Software Security Requirements for Financial Firms
New York's DFS cybersecurity regulation sets a high bar for financial institutions. Here's how the 2023 amendments affect software supply chain practices.
Bank of America Breach via Infosys McCamish Exposes 57,000 Customers
In February 2024, Bank of America disclosed that a ransomware attack on its service provider Infosys McCamish Systems had compromised the personal and financial data of over 57,000 customers, highlighting the cascading risk of vendor supply chain attacks.
Mr. Cooper Mortgage Breach Exposes 14.7 Million Customers
In November 2023, mortgage giant Mr. Cooper disclosed a cyberattack that compromised the personal and financial data of 14.7 million current and former customers, making it one of the largest financial services breaches of the year.