Safeguard
Tag

secure-development

Safeguard articles tagged "secure-development" — guides, analysis, and best practices for software supply chain and application security.

25 articles

Best Practices

Secure code review: the checklist reviewers actually need

Broken access control affects nearly every tested app and XSS remains the #1 CWE overall — both catchable in review. Here is a language-agnostic PR checklist.

Jul 16, 20267 min read
AI Security

Integrating AI Tools Without Expanding Your Attack Surface

Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.

Jul 8, 20268 min read
Application Security

Building Secure VS Code Extensions: A Developer's Guide

VS Code extensions run as trusted Node.js code with full disk and network access and no permission model to fall back on. Here is how to build one that does not become the next supply chain incident.

Jul 8, 20266 min read
FAQ

NIST SSDF FAQ: SP 800-218, the Four Practice Groups, and Attestation

A precise FAQ on the NIST Secure Software Development Framework in 2026 — the four practice groups, the CISA self-attestation form, EO 14028 lineage, the AI augmentation, and the evidence behind it.

Jul 7, 20266 min read
Concepts

Introduction to Secure Software Development

Security is not a phase you bolt on at the end — it is a set of practices woven through every stage of building software. This guide introduces the secure development lifecycle, the practices that matter at each stage, and how to get started.

Jul 5, 20266 min read
Compliance

The NIST Secure Software Development Framework (SSDF), explained

NIST SP 800-218 is the framework behind federal secure-development attestations. Here's what its four practice groups ask of you and how to produce the evidence.

Jul 5, 20265 min read
Guides

Secure Coding for Beginners: Writing Code That Resists Attack

Secure coding is not a separate discipline you bolt on later. It is a set of small habits you weave into the way you already write software. Here is a friendly introduction with a first exercise to try today.

Jul 5, 20266 min read
AI Security

Securing AI Coding Assistants: Guardrails That Hold

AI coding assistants are in nearly every IDE now. Banning them fails; trusting them blindly fails harder. The middle path is guardrails — technical controls that let assistants move fast without letting them ship the wrong thing.

Jul 5, 20265 min read
AI Security

AI Code Review and Security: Reviewer, Reviewed, or Both?

AI can review pull requests and AI can write them — sometimes in the same workflow. Both roles carry security implications teams routinely underestimate. Here is how to get the benefit without the blind spots.

Jul 4, 20266 min read
Compliance

ISO 27001 Annex A controls guide: the software and supplier set

ISO/IEC 27001:2022 restructured Annex A into 93 controls and added new ones for secure development and supply chain. Here is the subset that lands on engineering teams and how to evidence it.

Jul 3, 20266 min read
Compliance

GDPR for software developers: privacy by design in practice

GDPR is not just a legal team's problem. Data protection by design, security of processing, and processor due diligence all translate into code, dependencies, and architecture. Here is the developer's view.

Jul 2, 20266 min read
Compliance

PCI DSS 4.0 Requirement 6: the software security guide

Requirement 6 is where PCI DSS 4.0 turned application and software security into a continuous, evidenced discipline. Here is a clause-by-clause walkthrough of 6.2 through 6.5 and what auditors expect.

Jul 2, 20266 min read
secure-development — Safeguard Blog