Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Open Source Security

5 risks of using open source software

Five documented open source risks — from Log4Shell to the XZ Utils backdoor — with real incidents, dates, and CVEs, plus how Safeguard closes the gap.

May 9, 20267 min read
Open Source Security

GPL vs MIT vs Apache: license security and compliance implications

Redis, Vizio, and Cisco show how GPL, MIT, and Apache 2.0 licenses create real legal and compliance exposure across your software supply chain.

May 9, 20267 min read
Open Source Security

Building an SBOM that meets NTIA minimum elements

A field-by-field breakdown of NTIA's SBOM minimum elements, who's legally required to meet them in 2026, and why conformant fields don't guarantee real dependency coverage.

May 9, 20267 min read
Open Source Security

SPDX vs CycloneDX: comparing SBOM formats

SPDX and CycloneDX both satisfy federal SBOM rules, but they solve different problems. Here's how they actually differ — with real specs, dates, and tooling.

May 8, 20267 min read
Supply Chain

Software Supply Chain Security Management: Building the Program

Software supply chain security management works as a program, not a tool purchase — it needs SBOM generation, dependency monitoring, and vendor risk scoring wired together with clear ownership.

May 8, 20265 min read
Compliance

FDA SBOM requirements for medical device software

Since Oct 2023 the FDA can reject medical device submissions missing a compliant SBOM. Here's what Section 524B actually requires, in plain terms.

May 8, 20267 min read
Compliance

Audit-readiness for open source usage policies

What auditors actually ask for in an open source usage policy review, what triggers it, and the evidence gaps that turn a written policy into a finding.

May 8, 20266 min read
Compliance

Software supply chain compliance for federal contractors

CMMC 2.0, OMB M-22-18, and SBOM mandates now hit federal contractors with overlapping deadlines and evidence demands — here's what's actually required.

May 8, 20267 min read
Compliance

CMMC compliance for software vendors

CMMC 2.0 is now contractually mandatory across the DoD supply chain. Here's what software vendors must know about levels, deadlines, costs, and SBOMs.

May 7, 20267 min read
Compliance

Board-level reporting on application security risk

Boards now face legal disclosure deadlines on cyber risk. Here's what belongs in a board-level appsec report, how often to deliver it, and what the SEC and NYDFS require.

May 7, 20267 min read
Compliance

Cyber insurance requirements for application security programs

Cyber insurers now require SBOMs, patch SLAs, and audit trails for AppSec programs. Here's what carriers actually ask for and how to pass renewal.

May 7, 20266 min read
Buyer's Guides

Aikido Security alternatives: top picks compared

A side-by-side look at Aikido Security alternatives, comparing Safeguard's supply chain security scope, SBOM depth, and CI/CD fit.

May 7, 20267 min read
sbom (Page 24) — Safeguard Blog