Safeguard
Tag

governance

Safeguard articles tagged "governance" — guides, analysis, and best practices for software supply chain and application security.

47 articles

Best Practices

Measuring AppSec Program Effectiveness in 2026

The metrics that actually distinguish high-functioning application security programs from theater, with concrete formulas and reporting cadences for 2026.

Feb 2, 20266 min read
Best Practices

CISO FAQ: Software Supply Chain Security 2026

The questions CISOs actually ask about software supply chain security in 2026: scope, budget, reporting lines, SBOMs, AI code, and where to start.

Jan 30, 20267 min read
AI Security

Enterprise RAG Security Rollout Antipatterns

Retrieval-augmented generation systems are where enterprise AI meets enterprise data, and where most security rollouts stumble. A catalog of the antipatterns we keep seeing.

Jan 26, 20267 min read
Best Practices

Build a Software Supply Chain Program in 90 Days

A pragmatic, phase-by-phase blueprint for standing up a credible software supply chain security program inside a single fiscal quarter without boiling the ocean.

Jan 26, 20266 min read
AI Security

Enterprise AI Security Rollout: The Governance Gap

Most enterprises rolled out AI-for-security tools faster than their governance processes could keep up. The resulting gap is where most of the pain from 2025 deployments lives.

Jan 10, 20267 min read
AI Security

Gemini 2.5 Pro and the Late Safety Report

Google released Gemini 2.5 Pro Experimental on March 25, 2025 without a contemporaneous safety report. The UK reaction set a precedent.

Sep 12, 20256 min read
Open Source

Open Source Maintainer Succession Planning: A Supply Chain Imperative

When a solo maintainer disappears, entire dependency chains are at risk. How organizations should approach succession planning for critical open source projects.

Aug 10, 20256 min read
Industry Analysis

The CVE Program Funding Crisis: What Happened and What It Means

The CVE program nearly lost its funding in early 2025, exposing deep structural risks in how we track vulnerabilities. Here is what happened and where we go from here.

Jul 15, 20256 min read
Governance

Writing a Deprecation Policy for Third-Party Components

End-of-life libraries leave codebases only when something forces them out. A written component deprecation policy with triggers, timelines, and CI gates does the forcing on your schedule, not an attacker's.

Jun 24, 20255 min read
Regulatory Compliance

NIST CSF 2.0 Rollout: Field Observations

NIST CSF 2.0 added the Govern function, broadened the target audience, and clarified supply chain expectations. Field observations from the first year of adoption.

Nov 22, 20246 min read
Industry Analysis

Foundation-Neutral Governance Evaluation

CNCF, Linux Foundation, Apache, Eclipse — each has a different governance model. A practical evaluation of what that means for projects considering adoption.

Oct 25, 20246 min read
Industry Analysis

Open Source Foundation Governance Models

The Linux Foundation, Apache Software Foundation, CNCF, and Eclipse each codify different theories of how open source projects should be governed. The differences matter more than most adopters realize.

Sep 22, 20246 min read
governance (Page 3) — Safeguard Blog