Safeguard
Tag

Policy

Safeguard articles tagged "Policy" — guides, analysis, and best practices for software supply chain and application security.

23 articles

Regulation

EU Cyber Solidarity Act: Regulation 2025/38 in Force

Regulation (EU) 2025/38 entered into force on 4 February 2025, establishing an EU Cybersecurity Reserve, alert system of cross-border hubs, and ENISA-led incident review mechanism.

Mar 17, 20257 min read
Open Source Security

RubyGems Reserved Namespace Claims

A look at how organizations can claim reserved namespace prefixes on RubyGems.org, what the policy currently supports, and where it falls short for real enterprise use cases.

Dec 18, 20248 min read
Container Security

GCP Binary Authorization Policy Patterns

Policy design patterns for GCP Binary Authorization that hold up in production: attestor topology, exception handling, continuous validation, and the shapes that stop a deploy-time compromise without blocking legitimate rollouts.

Sep 28, 20247 min read
SBOM & Compliance

Cosign Verification Policies in Production

Writing cosign verification policies that actually pass production deployment gates requires more precision than the examples suggest. Here is what we have learned.

Jul 30, 20246 min read
Policy & Compliance

Executive Order 14028, Three Years Later: Progress, Gaps, and What Comes Next

Three years after the landmark cybersecurity executive order, SBOM adoption is growing but uneven, secure development attestation is rolling out, and the gap between policy and practice remains wide.

May 12, 20245 min read
Policy & Compliance

CISA's Secure by Design Pledge: Voluntary Commitments with Real Teeth

CISA launched a voluntary pledge asking software manufacturers to commit to specific security improvements. Over 100 companies signed. Here is what the pledge actually requires and whether it matters.

Apr 10, 20246 min read
Open Source Security

Ruby Gem Reserved Names Policy

How RubyGems.org handles reserved gem names, what protections exist for trademark holders, and where the policy creates friction for legitimate namespace claims.

Mar 15, 20248 min read
Policy & Compliance

Software Liability in 2024: The Shift From Caveat Emptor to Vendor Accountability

Governments worldwide are moving to hold software vendors liable for security failures. Here is what the shifting liability landscape means for software producers and consumers.

Mar 5, 20245 min read
Ransomware

The Ransomware Payment Ban Debate: Arguments, Evidence, and Unintended Consequences

Should governments ban ransomware payments? The debate intensified through 2023 as attacks escalated, with strong arguments on both sides and no clear consensus.

Aug 28, 20237 min read
Best Practices

Open Source Policy Template for Enterprises

A practical template for crafting an enterprise open-source usage policy that balances developer freedom with security and compliance requirements.

Oct 20, 20226 min read
Container Security

Kubernetes Admission Controllers for Supply Chain Policy

Admission controllers are the only Kubernetes enforcement point that sees every workload before it runs. That makes them the right place to enforce image provenance, signing, and SBOM policies.

Sep 18, 20226 min read
Policy (Page 2) — Safeguard Blog