Safeguard
Tag

license-compliance

Safeguard articles tagged "license-compliance" — guides, analysis, and best practices for software supply chain and application security.

58 articles

Open Source Security

Building an OSPO security governance model for license and vulnerability risk

77% of large organizations now run an OSPO, and 91% say it owns security issues — but most still track license and CVE risk in separate spreadsheets.

Jul 15, 20266 min read
Open Source Security

Building an Open-Source License Compliance Program That Flags Copyleft Risk in CI

Software Freedom Conservancy's suit against Vizio is headed to trial in August 2026 — proof that copyleft violations are litigated, not theoretical.

Jul 10, 20266 min read
Open Source Security

The 4 dimensions of open-source dependency risk

Open-source risk isn't one problem — CVEs, malware, license exposure, and abandonment each fail differently, and Sonatype logged 454,600+ malicious packages in 2025 alone.

Jul 9, 20267 min read
AI Security

The supply-chain and IP risk hiding inside AI coding assistants

GitHub has disclosed that Copilot suggestions match training-set code verbatim about 1% of the time — and a class action over it is still being argued in 2026.

Jul 8, 20267 min read
Supply Chain Security

Enriching SBOMs with Vulnerability and License Metadata

A base SBOM only lists what's in your build — OSV.dev, EPSS, and OpenSSF Scorecard turn that inventory into a prioritized risk decision.

Jul 8, 20267 min read
AI Security

The Hidden Risks of AI Coding Assistants

A 2021 NYU study found 40% of Copilot-generated code contained exploitable bugs — and that's before counting leaked secrets or hallucinated packages.

Jul 8, 20266 min read
AI Security

Secure AI-Assisted Development: A Best-Practices Guide

Samsung banned ChatGPT company-wide in May 2023 after engineers pasted proprietary source code into it three times in 20 days. Here's how to adopt AI coding assistants without repeating that mistake.

Jul 8, 20266 min read
AI Security

Securing AI-Generated Code: The New Risk Surface

40.73% of Copilot's suggested code contains a vulnerability, and one 2024 study found nearly 1 in 5 AI-recommended packages simply don't exist.

Jul 8, 20266 min read
AI Security

Security Practices for GitHub Copilot and AI Coding Assistants

Copilot suggested 2,702 hardcoded secrets from just 900 prompts in one study, and at least 200 were live credentials — adoption without policy is a leak waiting to happen.

Jul 8, 20266 min read
Open Source Security

Managing Open Source Component Risk at Scale

A modern app's dozen direct dependencies can resolve into thousands of transitive packages — and CVE-2024-3094 proved a single unmaintained one is enough to backdoor SSH itself.

Jul 7, 20268 min read
Buyer's Guides

Best License Compliance Tools in 2026: An Honest Buyer's Guide

A balanced 2026 comparison of the leading open-source license compliance tools — FOSSA, Black Duck, Mend, Snyk, and the ScanCode/FOSSology open-source stack — with an honest look at where Safeguard fits.

Jul 6, 20266 min read
Buyer's Guides

Black Duck Alternatives in 2026: An Honest Buyer's Guide

A balanced comparison of the leading Black Duck alternatives in 2026 — Snyk, Mend, Sonatype, FOSSA, Trivy, and Safeguard — with candid pros, cons, and a framework for choosing.

Jul 4, 20266 min read
license-compliance — Safeguard Blog