Safeguard
Tag

risk-management

Safeguard articles tagged "risk-management" — guides, analysis, and best practices for software supply chain and application security.

31 articles

DevSecOps

Embedding security-by-design into DevSecOps risk management across the SDLC

NIST's SSDF turns 'shift left' into eleven concrete practices — but a framework on paper doesn't stop a bad merge. Here's how to make it enforceable.

Jul 10, 20267 min read
Application Security

A practical AppSec maturity model: five stages, self-assessment included

OWASP SAMM v2 scores 15 practices on a 0–3 scale; BSIMM15 measured 121 firms and found SCA adoption up 67%. Here's a five-stage model to self-assess against.

Jul 8, 20267 min read
Solutions

Software Supply Chain Security for CISOs

The CISO does not write the vulnerable dependency, but answers for it to the board, the auditor, and the regulator. Here is how to run a supply chain program that stands up to all three.

Jul 1, 20266 min read
Concepts

What Is a Security Control?

A security control is a safeguard that prevents, detects, or responds to threats to reduce risk. Learn the types, categories, and how frameworks organize them.

Apr 9, 20266 min read
Software Supply Chain Security

Managing risk in the software supply chain

Chainguard hardens base images, but that's one slice of supply chain risk. Here's what SolarWinds, Log4Shell, and XZ Utils reveal about the gaps — and how to close them.

Apr 3, 20268 min read
Regulatory Compliance

NIST Cybersecurity Framework (CSF) explained

NIST CSF 2.0 added a Govern function and supply chain risk category in 2024. Here's what it requires, how Vanta maps it, and where build-level evidence closes the gap.

Mar 19, 20268 min read
Compliance

Who needs SOC 2 compliance? A breakdown by company stage/...

SOC 2 isn't legally required, but it's now a deal-blocker as early as seed stage. Here's a stage-by-stage, industry-by-industry breakdown of who actually needs it.

Mar 15, 20268 min read
AI Security

What is AI Governance

AI governance means the policies and technical controls that keep AI models, data, and agents safe, compliant, and auditable across your software supply chain.

Mar 1, 20267 min read
Compliance

What is the NIST Cybersecurity Framework

A breakdown of the NIST Cybersecurity Framework's six functions, its 2024 update, and why GV.SC makes it central to software supply chain security.

Feb 27, 20267 min read
Compliance

What is a Security Risk Assessment

A security risk assessment ranks real business risk, not raw CVE counts. Here's what it involves, how often it's required, and how it differs from scanning.

Feb 25, 20266 min read
Compliance

What is Compliance Automation

Compliance automation replaces manual audit evidence with continuous, API-driven monitoring — here's how it works, which frameworks it covers, and why supply chain evidence changes the equation.

Feb 25, 20267 min read
Industry Analysis

Gartner SRM Summit 2025 Recap

Gartner's 2025 Security & Risk Management Summit pushed CISOs to focus on supply chain risk, AI governance, and measurable outcomes. Here is the analyst view.

Feb 23, 20268 min read
risk-management — Safeguard Blog