Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Industry Analysis

State of SBOM Adoption Across Industries 2026

How SBOM adoption differs across finance, healthcare, public sector, manufacturing, and tech in 2026, where the real operational usage is, and where it stalls.

Jan 30, 20268 min read
AI Security

AI-BOM Awareness: Griffin AI vs Mythos

AI-BOM is how you describe an AI system's supply chain — models, datasets, prompts, inference environments. Griffin AI ingests it as structured inventory. Mythos-class tools try to talk about AI while remaining blind to the AI systems they describe.

Jan 29, 20267 min read
Compliance

What is Third-Party Risk Management

Third-party risk management explained: what it covers, why SolarWinds and MOVEit made it board-level, and how modern TPRM differs from supply chain security.

Jan 29, 20268 min read
Compliance

What is Vendor Risk Management

Vendor risk management now means tracking code-level supply chain risk, not just SOC 2 reports—here's what it covers, how to tier vendors, and what regulations require it.

Jan 29, 20267 min read
Industry Analysis

Black Hat USA 2025: Supply Chain Security Recap

Black Hat USA 2025 highlighted AI-generated code risks, build system attacks, and the maturation of SBOM tooling. Here is what mattered for supply chain teams.

Jan 28, 20268 min read
SecOps

Air-Gapped Vulnerability Management

No internet means no live CVE feeds, no SaaS scanners, and no auto-updates — but the vulnerabilities still arrive. How to run a real vulnerability management program inside a disconnected environment.

Jan 28, 20266 min read
Compliance

CISA Secure by Design Pledge: Signatories in 2026

CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.

Jan 28, 20267 min read
Compliance

FDA Premarket Cybersecurity SBOM in 2026

What the FDA's 2026 premarket cybersecurity guidance actually requires for SBOMs, how reviewers evaluate them, and the patterns that cause 510(k) submissions to stall.

Jan 28, 20267 min read
DevSecOps

SBOM Review in Pull Request Workflows

An SBOM that arrives after merge is a compliance artifact. An SBOM that shows up in the PR is a security control. Here is how to wire it up without killing velocity.

Jan 28, 20266 min read
Best Practices

What is the Principle of Least Functionality

The principle of least functionality (NIST CM-7) means shipping only the ports, services, and code a system needs—nothing extra "just in case."

Jan 27, 20267 min read
Best Practices

What is Defense in Depth

Defense in depth stacks independent security layers—source, build, dependencies, artifacts, runtime—so no single failure causes a breach.

Jan 27, 20267 min read
Best Practices

What is Security by Obscurity

Security by obscurity means hiding a system instead of securing it. Here's why that bet fails, with real breaches, real CVEs, and what to build instead.

Jan 27, 20267 min read
sbom (Page 54) — Safeguard Blog