regulatory-compliance
Safeguard articles tagged "regulatory-compliance" — guides, analysis, and best practices for software supply chain and application security.
57 articles
Analysis of pickle file deserialization vulnerabilities i...
CVE-2025-32434 shows PyTorch's "safe" weights_only loading could still be bypassed for code execution — a pickle deserialization vulnerability with real supply-chain consequences.
Overview of NIST's finalized post-quantum cryptography st...
NIST finalized FIPS 203, 204, and 205 in August 2024, formalizing the first NIST post-quantum standards. Here's what changes for software supply chain security teams.
Building an AI governance framework for enterprise risk m...
A practical breakdown of what an AI governance framework needs to contain in 2026 — from NIST's AI RMF to EU AI Act deadlines — and how to build one that scales with engineering velocity.
License and Regulatory Risk in Open Source Components
Redis, HashiCorp, and Elastic all re-licensed core projects since 2021, and new rules like the EU Cyber Resilience Act now make license and SBOM gaps a regulatory problem.
Insecure Default Configurations in Applications and Frame...
Insecure default configurations caused the 2016 MongoDB ransom wave, the 2018 Tesla Kubernetes breach, and countless audit failures. Here's why defaults stay dangerous and how to fix it.
SQL Injection Prevention in C# with Entity Framework/LINQ
EF Core's LINQ layer parameterizes queries by default, but FromSqlRaw, ExecuteSqlRaw, and dynamic sort columns still open real SQL injection risk in .NET apps.
Governance Frameworks Emerging for AI-Assisted Software D...
NIST, ISO 42001, and the EU AI Act now shape how teams must govern AI-generated code. Here's what an AI code governance framework actually requires in practice.
Regulatory Pressure and the Uneven Global Adoption of SBOMs
SBOM mandates now span the US, EU, and Japan, but each uses different formats, deadlines, and penalties. Here's how the patchwork actually works.
Fintech Software Supply Chain Regulatory Map
A practical tour through the tangle of regulations, supervisory letters, and industry standards that now govern how fintech firms build, buy, and operate software.