pci-dss
Safeguard articles tagged "pci-dss" — guides, analysis, and best practices for software supply chain and application security.
31 articles
Payment Processor Dependency Risks
The libraries and services that sit between a merchant and the card networks carry concentrated risk. A practical look at what goes wrong, and how to build a dependency program that catches it.
PCI DSS 4.0 Software Supply Chain Requirements Explained
PCI DSS 4.0 quietly turned component inventories, third-party code review, and payment page script control into audit line items. Here's the requirement-by-requirement map.
PCI DSS 4.0 Software Security Requirements
PCI DSS 4.0 became mandatory on March 31, 2024, overhauling software security, SBOM visibility, and supply chain controls for every entity that touches cardholder data.
Fintech Software Supply Chain Regulatory Map
A practical tour through the tangle of regulations, supervisory letters, and industry standards that now govern how fintech firms build, buy, and operate software.
SBOM for Fintech Startups: Compliance and Security from Day One
Fintech startups face intense regulatory scrutiny from the start. SBOMs are not just good practice — they are becoming a regulatory expectation that investors and partners demand.
Stripe's Dependency Security Practices
How Stripe secures its software dependencies while processing billions of dollars in payments, with a focus on Ruby ecosystem hardening and dependency isolation.
Retail and E-Commerce Software Supply Chain Security
E-commerce platforms process millions in transactions daily using open-source components. Here's how retail organizations should manage software supply chain risk.