sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
UNECE WP.29 R155 software supply chain requirements for a...
A practical breakdown of UNECE WP.29 R155 compliance: CSMS certification, the SBOM requirement, and type approval cybersecurity rules automakers and suppliers now face.
Python tarfile extraction path traversal, the 15-year-old flaw (CVE-2007-4559)
CVE-2007-4559, a path traversal flaw in Python's tarfile module, still lurks in hundreds of thousands of repos. Here's the impact, timeline, and fix.
SBOM for automotive ECU firmware and embedded software
How automotive ECU firmware SBOMs help OEMs and suppliers track embedded components, manage vehicle firmware vulnerabilities, and secure OTA updates.
Buyer's guide: automotive-grade SBOM and SCA tools
A practical buyer's guide to automotive SBOM and SCA tools: evaluation criteria for ISO 21434 compliance, and an honest roundup of six named vendors.
CMMC 2.0 software supply chain security requirements for ...
CMMC 2.0 now folds SBOMs, third-party component risk, and build-pipeline integrity into defense contractor assessments. Here's what's required, when, and how to prove it.
Securing avionics software supply chains under DO-178C
DO-178C verifies that avionics code behaves correctly — but says almost nothing about where its components came from. Here's the supply chain gap and how to close it.
CVE analysis: nation-state supply chain attacks on defens...
CVE analysis of nation-state supply chain attacks on defense contractors: SolarWinds SUNBURST and Ivanti Connect Secure exploitation, CVSS, KEV, and fixes.
Software supply chain security for telecom network infras...
Why telecom network software supply chain security demands continuous SBOMs and vendor risk oversight — from 5G base stations to core networks — and how carriers are closing the gap.
How to manage open source risk in telecom OSS/BSS softwar...
A practical guide to managing telecom OSS/BSS open source risk—from SBOM inventory to dependency scanning—so carrier billing and network software stays secure.
How to vet open source software before deployment in tele...
A seven-step process for vetting open source telecom core network components — SBOMs, signature verification, protocol fuzzing, and procurement sign-off — before they reach production.
Software supply chain security for critical energy infras...
From Ukraine's 2015 blackout to Volt Typhoon's grid intrusions, attackers exploit trusted vendor software. Here's what utilities need to know about supply chain risk.
NERC CIP-013 compliance and software supply chain risk ma...
NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.