Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Regulatory Compliance

UNECE WP.29 R155 software supply chain requirements for a...

A practical breakdown of UNECE WP.29 R155 compliance: CSMS certification, the SBOM requirement, and type approval cybersecurity rules automakers and suppliers now face.

Dec 29, 20257 min read
Vulnerability Analysis

Python tarfile extraction path traversal, the 15-year-old flaw (CVE-2007-4559)

CVE-2007-4559, a path traversal flaw in Python's tarfile module, still lurks in hundreds of thousands of repos. Here's the impact, timeline, and fix.

Dec 29, 20258 min read
SBOM

SBOM for automotive ECU firmware and embedded software

How automotive ECU firmware SBOMs help OEMs and suppliers track embedded components, manage vehicle firmware vulnerabilities, and secure OTA updates.

Dec 29, 20257 min read
Buyer's Guides

Buyer's guide: automotive-grade SBOM and SCA tools

A practical buyer's guide to automotive SBOM and SCA tools: evaluation criteria for ISO 21434 compliance, and an honest roundup of six named vendors.

Dec 28, 20258 min read
Regulatory Compliance

CMMC 2.0 software supply chain security requirements for ...

CMMC 2.0 now folds SBOMs, third-party component risk, and build-pipeline integrity into defense contractor assessments. Here's what's required, when, and how to prove it.

Dec 27, 20257 min read
Software Supply Chain Security

Securing avionics software supply chains under DO-178C

DO-178C verifies that avionics code behaves correctly — but says almost nothing about where its components came from. Here's the supply chain gap and how to close it.

Dec 27, 20257 min read
Vulnerability Analysis

CVE analysis: nation-state supply chain attacks on defens...

CVE analysis of nation-state supply chain attacks on defense contractors: SolarWinds SUNBURST and Ivanti Connect Secure exploitation, CVSS, KEV, and fixes.

Dec 26, 20258 min read
Software Supply Chain Security

Software supply chain security for telecom network infras...

Why telecom network software supply chain security demands continuous SBOMs and vendor risk oversight — from 5G base stations to core networks — and how carriers are closing the gap.

Dec 26, 20257 min read
Open Source Security

How to manage open source risk in telecom OSS/BSS softwar...

A practical guide to managing telecom OSS/BSS open source risk—from SBOM inventory to dependency scanning—so carrier billing and network software stays secure.

Dec 25, 20258 min read
Open Source Security

How to vet open source software before deployment in tele...

A seven-step process for vetting open source telecom core network components — SBOMs, signature verification, protocol fuzzing, and procurement sign-off — before they reach production.

Dec 24, 20257 min read
Software Supply Chain Security

Software supply chain security for critical energy infras...

From Ukraine's 2015 blackout to Volt Typhoon's grid intrusions, attackers exploit trusted vendor software. Here's what utilities need to know about supply chain risk.

Dec 22, 20257 min read
Regulatory Compliance

NERC CIP-013 compliance and software supply chain risk ma...

NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.

Dec 22, 20258 min read
sbom (Page 59) — Safeguard Blog