Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Compliance

What is FedRAMP

FedRAMP governs how federal agencies vet cloud software. Here's what it requires, what it costs, how long it takes, and what FedRAMP 20x changes.

Feb 26, 20267 min read
Research

SBOM Quality Across Ecosystems: 2026 Report

The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.

Feb 26, 20268 min read
Compliance

What is the NIST Secure Software Development Framework (SSDF)

NIST SSDF (SP 800-218) explained: its four practice groups, the EO 14028 origin, federal attestation deadlines, and how it differs from SLSA and SP 800-53.

Feb 26, 20266 min read
Compliance

What is Executive Order 14028

EO 14028 forced federal software vendors to prove what's in their code. Here's what it requires, who it binds, and what's changed since 2021.

Feb 26, 20266 min read
Compliance

What is the EU Cyber Resilience Act

The EU Cyber Resilience Act sets binding cybersecurity rules for digital products, with reporting due by Sept 2026 and full compliance by Dec 2027.

Feb 26, 20266 min read
SBOM

SBOMs for Firmware and IoT Devices: The Hard Problem

Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.

Feb 25, 20266 min read
Compliance

DORA for Financial Services Software Supply Chain

How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.

Feb 25, 20266 min read
Compliance

What is Compliance Automation

Compliance automation replaces manual audit evidence with continuous, API-driven monitoring — here's how it works, which frameworks it covers, and why supply chain evidence changes the equation.

Feb 25, 20267 min read
Industry Analysis

JavaScript Security Explained

JavaScript security means managing three attack surfaces: runtime bugs, browser XSS, and npm supply chain compromise — the last of which caused 2025's biggest incidents.

Feb 24, 20267 min read
Industry Analysis

Node.js Security Best Practices

Node.js supply chain attacks like event-stream, ua-parser-js, and Shai-Hulud show why dependency depth is the real risk -- here's what actually reduces it.

Feb 24, 20266 min read
Industry Analysis

Python Security Explained

How Python's install-time code execution and open PyPI namespace fuel real supply chain attacks — and what actually reduces the risk.

Feb 24, 20267 min read
Industry Analysis

C# and .NET Security Explained

C# and .NET security explained: real CVEs, NuGet supply-chain attacks, BinaryFormatter risk, and the SolarWinds lesson every .NET team needs.

Feb 23, 20267 min read
sbom (Page 47) — Safeguard Blog