secure-sdlc
Safeguard articles tagged "secure-sdlc" — guides, analysis, and best practices for software supply chain and application security.
20 articles
What is the OWASP Software Assurance Maturity Model (SAMM)
A concrete breakdown of OWASP SAMM's 5 functions, 15 practices, and 30 streams, how its maturity levels work, and how it compares to BSIMM.
What is Fuzz Testing (Fuzzing)
Fuzz testing bombards software with malformed inputs to surface crashes and memory bugs. Here's how fuzzers work, what they've found, and where they fall short.
What is Static Code Analysis
Static code analysis scans source code for flaws before it runs. Here's how SAST works, what it catches, and where it falls short without reachability context.
What Are Secure Coding Standards
Secure coding standards are enforceable rules — like OWASP and CERT — that stop specific CWEs before code ships. Here's what they cover and how to enforce them.
The Security Development Lifecycle (SDL): A Working Guide
The SDL turned security from a pre-release audit into a discipline applied at every phase of building software. What the lifecycle actually contains, where it came from, and how to run it without a Microsoft-sized team.
ISO 27001 Annex A Controls That Touch Your Build Pipeline
ISO 27001:2022 has 93 Annex A controls, and about a dozen land squarely on CI/CD. Here's the control-by-control map from clause number to pipeline artifact.
What Is SSDLC? The Secure Software Development Lifecycle
SSDLC builds security work into every phase of delivery instead of auditing at the end. Here is what changes at each phase, which frameworks define it, and how to adopt it without stalling releases.
Microsoft's Secure Supply Chain Practices
How Microsoft rebuilt its security posture after years of high-profile incidents, implementing supply chain controls that now protect one of the world's largest software ecosystems.