Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Compliance

PCI DSS requirements for application security programs

PCI DSS v4.0.1 Requirement 6 sets hard deadlines and evidence rules for AppSec — here's what 6.2.3, 6.3.1–6.3.3 actually demand.

May 12, 20267 min read
Compliance

FedRAMP authorization for cloud service providers explained

A concrete walkthrough of FedRAMP authorization for CSPs: impact levels, control counts, timelines, costs, FedRAMP 20x, and continuous monitoring deadlines.

May 11, 20267 min read
Compliance

NIST Secure Software Development Framework (SSDF) explained

NIST SP 800-218's 42 practices now back federal attestation law. Here's what SSDF actually requires, who must comply, and how it differs from SLSA and SOC 2.

May 11, 20265 min read
Buyer's Guides

Socket.dev vs Dependabot: beyond automated dependency upd...

Dependabot patches known CVEs; Socket.dev flags risky package behavior. Neither enforces policy or ties risk to your actual build and runtime footprint — here's where Safeguard fits.

May 11, 20267 min read
Compliance

Executive Order 14028 and software supply chain security

EO 14028 forces federal software vendors to produce SBOMs and attest to NIST's SSDF. Here's what it requires, key deadlines, and how to prove compliance.

May 11, 20268 min read
Compliance

EU Cyber Resilience Act: what developers need to know

The EU Cyber Resilience Act sets hard deadlines starting Sept 2026 for SBOMs, vulnerability reporting, and patching. Here's what developers must build.

May 11, 20267 min read
Buyer's Guides

Socket.dev pricing and plan limitations

Evaluating Socket.dev pricing and plan limits? Here's what to know about seat-based costs, feature gating, and how Safeguard compares on coverage and flexibility.

May 11, 20267 min read
Compliance

DORA regulation and operational resilience for financial software

DORA became fully applicable Jan 17, 2025. Here's what it requires of software supply chain risk, incident reporting, and SBOMs — with concrete deadlines.

May 10, 20267 min read
Compliance

NIS2 Directive compliance for software vendors

NIS2 became enforceable October 17, 2024, and Article 21 now requires software vendors to prove SBOM, CVE remediation, and disclosure practices to EU customers.

May 10, 20266 min read
Compliance

CISA's Secure by Design pledge explained

CISA's voluntary Secure by Design pledge has grown from 68 signatories to 300+, but it's unverified and self-reported. Here's what the seven goals really require.

May 10, 20267 min read
Compliance

SEC cybersecurity disclosure rules for public companies

The SEC's 2023 rules give public companies four business days to disclose material cyber incidents. Here's what triggers the clock, and how supply chain visibility keeps you compliant.

May 10, 20267 min read
Open Source Security

What is the BSD license? Top 10 questions answered

The BSD license explained: its 0-, 2-, 3-, and 4-clause variants, how it differs from MIT and GPL, and which real projects run on it.

May 9, 20268 min read
sbom (Page 23) — Safeguard Blog