Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

SBOM & Compliance

How to Build a VEX Document for Your Consumers

A hands-on tutorial for producing a CSAF-VEX document that tells your customers which CVEs actually affect your product and which do not.

Jul 22, 20246 min read
Open Source Security

GraalVM Native Image Supply Chain

GraalVM native images change the supply chain story in ways that most SBOM tooling has not caught up with yet. Here is what gets baked in, what gets stripped out, and what still needs to be tracked.

Jul 20, 20247 min read
Best Practices

Vulnerability Management at Enterprise Scale: What Actually Works

Managing vulnerabilities across thousands of applications and millions of dependencies requires fundamentally different approaches than what works for a single team. Here is what scales.

Jun 20, 20247 min read
Compliance

PCI DSS 4.0 Software Supply Chain Requirements Explained

PCI DSS 4.0 quietly turned component inventories, third-party code review, and payment page script control into audit line items. Here's the requirement-by-requirement map.

May 23, 20246 min read
SBOM and Compliance

SBOM Visualization Tools Compared: Making Dependency Data Actionable

An SBOM in JSON or XML format is data. A visualization turns that data into insight. This comparison examines how different tools present SBOM data and which approaches work best for different audiences.

May 20, 20246 min read
SBOM & Compliance

Migrating SBOM Tooling Providers

A practical field guide to switching SBOM tooling vendors without losing historical data, breaking compliance reports, or annoying the auditors.

May 18, 20248 min read
SBOM

SBOM for EdTech Platforms: Protecting Student Data Through Supply Chain Transparency

EdTech platforms handle some of the most sensitive data — children's information. FERPA, COPPA, and state student privacy laws demand supply chain visibility that most EdTech companies lack.

May 15, 20246 min read
Policy & Compliance

Executive Order 14028, Three Years Later: Progress, Gaps, and What Comes Next

Three years after the landmark cybersecurity executive order, SBOM adoption is growing but uneven, secure development attestation is rolling out, and the gap between policy and practice remains wide.

May 12, 20245 min read
Guides

How to Meet EO 14028 Self-Attestation Requirements Step by Step

The CISA attestation form is final and the deadlines are real. Here is the step-by-step path: scope, SSDF evidence, POA&Ms, and RSAA submission.

May 2, 20247 min read
SBOM & Compliance

Medical Device SBOM Requirements in Practice

SBOMs for medical devices look straightforward on paper and get complicated fast in the real world. A field report on what regulators actually accept and what engineering teams actually produce.

Apr 25, 20247 min read
SBOM Standards

SPDX 3.0: What Changed and Why It Matters

SPDX 3.0 is a major overhaul of the ISO-standard SBOM format. Here is a practical breakdown of the new profile system, linking model, and what it means for adoption.

Apr 15, 20246 min read
Compliance

IoT Firmware SBOMs: From Nice-to-Have to Regulatory Requirement

Government mandates and industry standards are making SBOMs mandatory for IoT firmware. Here's what manufacturers need to know to comply.

Apr 12, 20246 min read
sbom (Page 75) — Safeguard Blog