sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
5 risks of using open source software
Five documented open source risks — from Log4Shell to the XZ Utils backdoor — with real incidents, dates, and CVEs, plus how Safeguard closes the gap.
GPL vs MIT vs Apache: license security and compliance implications
Redis, Vizio, and Cisco show how GPL, MIT, and Apache 2.0 licenses create real legal and compliance exposure across your software supply chain.
Building an SBOM that meets NTIA minimum elements
A field-by-field breakdown of NTIA's SBOM minimum elements, who's legally required to meet them in 2026, and why conformant fields don't guarantee real dependency coverage.
SPDX vs CycloneDX: comparing SBOM formats
SPDX and CycloneDX both satisfy federal SBOM rules, but they solve different problems. Here's how they actually differ — with real specs, dates, and tooling.
Software Supply Chain Security Management: Building the Program
Software supply chain security management works as a program, not a tool purchase — it needs SBOM generation, dependency monitoring, and vendor risk scoring wired together with clear ownership.
FDA SBOM requirements for medical device software
Since Oct 2023 the FDA can reject medical device submissions missing a compliant SBOM. Here's what Section 524B actually requires, in plain terms.
Audit-readiness for open source usage policies
What auditors actually ask for in an open source usage policy review, what triggers it, and the evidence gaps that turn a written policy into a finding.
Software supply chain compliance for federal contractors
CMMC 2.0, OMB M-22-18, and SBOM mandates now hit federal contractors with overlapping deadlines and evidence demands — here's what's actually required.
CMMC compliance for software vendors
CMMC 2.0 is now contractually mandatory across the DoD supply chain. Here's what software vendors must know about levels, deadlines, costs, and SBOMs.
Board-level reporting on application security risk
Boards now face legal disclosure deadlines on cyber risk. Here's what belongs in a board-level appsec report, how often to deliver it, and what the SEC and NYDFS require.
Cyber insurance requirements for application security programs
Cyber insurers now require SBOMs, patch SLAs, and audit trails for AppSec programs. Here's what carriers actually ask for and how to pass renewal.
Aikido Security alternatives: top picks compared
A side-by-side look at Aikido Security alternatives, comparing Safeguard's supply chain security scope, SBOM depth, and CI/CD fit.