Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

SBOM & Compliance

Building A Defensible SBOM Program In 90 Days

A pragmatic 90-day blueprint for standing up an SBOM program that survives auditor scrutiny, procurement reviews, and incident response without burning out your platform team.

Apr 11, 20266 min read
Application Security

Asset-First Application Security

Vulnerability-first scanning drowns teams in noise. Asset-first application security starts with a complete inventory, then layers reachability and context to cut backlogs by 90%.

Apr 11, 20266 min read
Application Security

How to Measure Application Security Success: Metrics & KPIs

Learn which AppSec metrics actually predict risk reduction — MTTR, vulnerability density, reachability, and false positive rate — with 2024-2025 benchmarks.

Apr 11, 20267 min read
Application Security

Mobile Application Security: Risks & Tools

BLASTPASS, XcodeGhost, and a 2024 OWASP supply-chain category show mobile app security is its own attack surface — here's what to fix first, and with what tools.

Apr 10, 20267 min read
Application Security

Top 10 Application Security Acronyms (Glossary)

SAST, DAST, SBOM, CVSS, CWE, SSDF — 10 AppSec acronyms defined with real CVEs, dates, and standards so you use them correctly, not interchangeably.

Apr 10, 20267 min read
Application Security

What is Attack Surface Management

Attack surface management explained: what it covers, how it differs from vulnerability management, and why CISA and Gartner now treat it as core AppSec.

Apr 9, 20266 min read
Tools

cdxgen v12: Reachability Evidence Lands in SBOMs

OWASP's cdxgen v12 ships reachability evidence powered by atom, multi-BOM generation (SBOM, CBOM, SaaSBOM, OBOM, CDXA), and CycloneDX 1.7 as the default. We tested it on a Java monorepo.

Apr 9, 20266 min read
Regulatory Compliance

Defense Software Supply Chain Under the 2026 Federal Rules

CMMC 2.0, the FAR SBOM rule, and DoD Instruction 8500.01 have reshaped what software contractors must deliver. Here is the 2026 operational baseline for defense industrial base suppliers.

Apr 9, 20266 min read
Application Security

What is an Attack Surface

An attack surface is every exposed point attackers can use to get in — code, configs, credentials, and dependencies. Here's how to define, measure, and shrink it.

Apr 9, 20267 min read
Vulnerability Analysis

What is a CVE (Common Vulnerabilities and Exposures)

A CVE is a unique ID for a known security flaw, but how it's assigned, scored, and disclosed is far messier than the name suggests.

Apr 9, 20267 min read
Software Supply Chain Security

ESSCM Buyer Guide 2026

An enterprise buyer's guide to End-to-End Software Supply Chain Management platforms in 2026, with the questions that separate marketing from working products.

Apr 8, 20265 min read
Best Practices

Discovering Shadow AI Models In Production

Engineers ship models faster than security can track them. Here is how to find shadow AI in production without slowing the teams that build it.

Apr 8, 20267 min read
sbom (Page 31) — Safeguard Blog