Safeguard
Tag

governance

Safeguard articles tagged "governance" — guides, analysis, and best practices for software supply chain and application security.

47 articles

Industry Analysis

SolarWinds Post-Incident Governance Changes Reviewed

Four years after SUNBURST, SolarWinds has rebuilt its SDLC around signed pipelines, parallel builds, and a new CSO office. How much of it is real?

Aug 14, 20245 min read
Best Practices

Azure Policy for Supply Chain Enforcement

Azure Policy is the enforcement layer most Azure platforms underuse. A concrete, policy-by-policy guide to wiring it into supply chain controls that actually stick.

Jun 30, 20248 min read
Open Source Security

PyPI Package Namespace Governance

PyPI's flat global namespace is one of Python packaging's oldest design decisions. How it's governed today, where the tension points are, and what the PEP 752 debate means for the future.

Apr 18, 20246 min read
Risk Management

Building a Software Supply Chain Risk Register

A risk register is the backbone of supply chain risk management. Here is a practical template for identifying, scoring, tracking, and mitigating software supply chain risks.

Oct 28, 20237 min read
DevSecOps

Harness CI/CD Security Features

Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.

Jun 28, 20235 min read
Risk Management

The Shared Responsibility Model for Software Supply Chain Security

Cloud providers defined the shared responsibility model for infrastructure. Software supply chains need the same clarity about who is responsible for what.

Apr 12, 20235 min read
Open Source Security

OpenSSL Project Governance: Security Lessons from Heartbleed and Beyond

OpenSSL's transformation from a two-person project securing half the internet to a properly governed foundation offers a blueprint for open source security governance.

Jan 12, 20237 min read
Best Practices

Open Source Policy Template for Enterprises

A practical template for crafting an enterprise open-source usage policy that balances developer freedom with security and compliance requirements.

Oct 20, 20226 min read
Governance

Open Source Governance: Building an Enterprise Framework

Ad-hoc open source usage creates legal, security, and operational risk. This guide walks through building a governance framework that enables developers while managing risk.

Jun 28, 20227 min read
Risk Management

Building a Supply Chain Risk Appetite Framework

Every organization accepts some supply chain risk. The question is whether that acceptance is deliberate and documented or accidental and invisible.

Jun 18, 20226 min read
Open Source Security

Rust Foundation Formation: Security Implications

The Rust Foundation launched February 8, 2021. Here is what its formation actually changed for the security of Rust and downstream ecosystems.

Feb 10, 20216 min read
governance (Page 4) — Safeguard Blog