Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Open Source Security

What a Decade of Open Source Vulnerability Data Tells Us ...

CVEs grew sixfold in a decade. Here is what a decade of open source vulnerability trends reveals about ecosystem maturity, from Log4Shell to the xz backdoor.

Aug 11, 20258 min read
Open Source Security

The Economics of Free Riding in Open Source Security

Open source runs on unpaid labor while billion-dollar companies use it for free. Here's the economics behind Log4Shell, xz-utils, and the free rider problem.

Aug 10, 20258 min read
Open Source Security

From Log4Shell to Now: What Changed and What Didn't in Su...

Three years after Log4Shell, Log4j is still found in production systems. Here is what the industry fixed, what it didn't, and why the risk persists.

Aug 10, 20258 min read
Open Source Security

Do Bug Bounties Actually Reduce Open Source Risk? An Inde...

Bug bounties didn't catch Log4Shell or the XZ Utils backdoor. An independent look at what OSS bounty programs actually cover — and where they structurally fall short.

Aug 9, 20257 min read
SBOM

Binary SBOM Analysis: Creating Software Bills of Materials Without Source Code

Not all software comes with source code. Binary analysis techniques can extract component information from compiled artifacts, firmware, and commercial software to produce SBOMs where traditional tools cannot.

Aug 8, 20257 min read
Industry Analysis

The False Sense of Security Effect in AI-Assisted Develop...

AI coding assistants make developers write faster and trust more — even when the code is less secure. Here's what the data shows, and how to close the gap.

Aug 6, 20257 min read
Regulatory Compliance

Governance Frameworks Emerging for AI-Assisted Software D...

NIST, ISO 42001, and the EU AI Act now shape how teams must govern AI-generated code. Here's what an AI code governance framework actually requires in practice.

Aug 6, 20258 min read
Container Security

Startups vs Enterprises: Why Smaller Cloud Footprints Are...

Smaller cloud footprints feel safer, but startups often face a higher per-workload security incident rate than enterprises. Here's why size is the wrong safety proxy.

Aug 4, 20258 min read
Container Security

Runtime Detection vs Static Scanning: Closing the Cloud-t...

Static scanners miss what only shows up at runtime. See why the cloud-to-code visibility gap causes months-long breach dwell times, and how to close it.

Aug 3, 20257 min read
Container Security

The Cost Multiplier Effect of Fixing Vulnerabilities in P...

A misconfigured base image caught at build time costs minutes to fix. Found in production, the same CVE triggers incident response and audits.

Aug 3, 20258 min read
Container Security

Why Container Registries Are an Underexamined Supply Chai...

Registries decide what code actually runs in production, yet most security programs treat them as passive storage. Here's why that's a costly blind spot.

Aug 2, 20256 min read
SBOM

SBOM Quality Metrics: Moving Beyond Completeness

Most SBOM quality discussions stop at completeness. Real quality requires measuring accuracy, freshness, depth, and actionability. Here is a practical framework.

Aug 1, 20256 min read
sbom (Page 70) — Safeguard Blog