governance
Safeguard articles tagged "governance" — guides, analysis, and best practices for software supply chain and application security.
47 articles
SolarWinds Post-Incident Governance Changes Reviewed
Four years after SUNBURST, SolarWinds has rebuilt its SDLC around signed pipelines, parallel builds, and a new CSO office. How much of it is real?
Azure Policy for Supply Chain Enforcement
Azure Policy is the enforcement layer most Azure platforms underuse. A concrete, policy-by-policy guide to wiring it into supply chain controls that actually stick.
PyPI Package Namespace Governance
PyPI's flat global namespace is one of Python packaging's oldest design decisions. How it's governed today, where the tension points are, and what the PEP 752 debate means for the future.
Building a Software Supply Chain Risk Register
A risk register is the backbone of supply chain risk management. Here is a practical template for identifying, scoring, tracking, and mitigating software supply chain risks.
Harness CI/CD Security Features
Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.
The Shared Responsibility Model for Software Supply Chain Security
Cloud providers defined the shared responsibility model for infrastructure. Software supply chains need the same clarity about who is responsible for what.
OpenSSL Project Governance: Security Lessons from Heartbleed and Beyond
OpenSSL's transformation from a two-person project securing half the internet to a properly governed foundation offers a blueprint for open source security governance.
Open Source Policy Template for Enterprises
A practical template for crafting an enterprise open-source usage policy that balances developer freedom with security and compliance requirements.
Open Source Governance: Building an Enterprise Framework
Ad-hoc open source usage creates legal, security, and operational risk. This guide walks through building a governance framework that enables developers while managing risk.
Building a Supply Chain Risk Appetite Framework
Every organization accepts some supply chain risk. The question is whether that acceptance is deliberate and documented or accidental and invisible.
Rust Foundation Formation: Security Implications
The Rust Foundation launched February 8, 2021. Here is what its formation actually changed for the security of Rust and downstream ecosystems.