Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Industry Analysis

Public sector / government application security requirements

EO 14028, CISA's attestation form, and FedRAMP have made government application security compliance its own discipline. Here's what's required and where legacy SCA tools like Black Duck fall short.

Jun 11, 20268 min read
Industry Analysis

Embedded software and ISV security programs

Black Duck built its business on binary composition analysis for embedded software. Here's what that approach misses in 2026, and what a modern ISV security program needs instead.

Jun 11, 20268 min read
AI Security

Introducing Agentic Development Security (ADS)

As AI agents now author up to half of production commits, Safeguard introduces Agentic Development Security (ADS) — a new framework for securing autonomous coding.

Jun 10, 20267 min read
Compliance

What is an Open Source Audit?

What is an open source audit, how does it compare to Black Duck's point-in-time scans, and why continuous monitoring closes the gap audits leave open.

Jun 9, 20267 min read
Compliance

What are Open Source Licenses?

Open source licenses govern how 96% of modern codebases can legally be used. Here's how license compliance works, where Black Duck's approach falls short, and how to close the gaps.

Jun 9, 20267 min read
AI Security

Securing RAG pipelines against injection attacks

RAG pipelines feed untrusted retrieved content straight into model context. Real breaches like EchoLeak show what happens when nothing checks it.

Jun 8, 20267 min read
Buyer's Guides

How to evaluate software supply chain security vendors us...

A practical framework for evaluating software supply chain security vendors on verifiable dimensions—SBOM support, provenance, deployment model—rather than analyst labels alone.

Jun 7, 20268 min read
AI Security

Protestware via prompt injection: the jqwik 1.10.0 case

jqwik 1.10.0 hid a prompt injection telling AI coding agents to delete tests. Here's how it worked, why it's protestware, and how to catch it.

Jun 7, 20267 min read
AI Security

Governments banning AI models: security implications for teams

Governments banned DeepSeek and other AI models in 2025 within days. Here's the security supply-chain risk teams face and how to find and fix it fast.

Jun 7, 20266 min read
AI Security

Building trust in AI-assisted software development

AI writes 30-50% of new code at many shops now, and 45% of it ships with security flaws. Here's how to build real trust in that pipeline.

Jun 6, 20266 min read
AI Security

Cursor's AI security agents: what they get right and what's missing

Cursor's Bugbot and MCP agents catch real bugs, but CurXecute and MCPoison show they open new attack surfaces SCA tools never had to face.

Jun 6, 20266 min read
SBOM

Software Dependency Cooldown Policies

A dependency cooldown policy delays new package versions for a set window so the ecosystem can catch malicious releases before they reach your build pipeline.

Jun 6, 20267 min read
sbom (Page 15) — Safeguard Blog