security-architecture
Safeguard articles tagged "security-architecture" — guides, analysis, and best practices for software supply chain and application security.
13 articles
Data Flow Diagrams for Threat Modeling
A data flow diagram maps how data moves through a system and where trust changes — the foundation most threat modeling is built on. Here's how to draw one that actually surfaces threats.
The Security Design Review: A Practical Guide
A security design review examines a system's architecture before it is built to find flaws that no code scanner can catch. Here's how to run one that finds real problems while they are still cheap to fix.
Secure Defaults, Explained
Secure defaults mean the out-of-the-box configuration is the safe one, and weakening it requires a deliberate opt-in. Here's why the default state decides most real-world security outcomes.
Zero Trust Architecture, Explained
Zero trust replaces the trusted internal network with a model that verifies every request explicitly, regardless of where it comes from. Here's what it actually means and how to move toward it.
The Principle of Least Privilege, Explained
Least privilege means every user, service, and process gets exactly the access it needs to do its job — and nothing more. Here's why it contains breaches and how to implement it without breaking things.
Secure Design Principles Every Team Should Know
Secure design principles are the durable rules of thumb — least privilege, fail securely, defense in depth, secure defaults — that keep systems safe by construction rather than by patching. Here's the working set and how to apply them.
What Is Defense in Depth in Security?
Defense in depth is a layered security strategy that assumes any single control will eventually fail, so it stacks independent safeguards to slow and stop attackers. Here's how the model works and how it maps to the software supply chain.
Attack Surface Reduction: A Practical Guide
Attack surface reduction is the discipline of removing every input, interface, and privilege an attacker could reach that your system does not actually need. Here's how to inventory, shrink, and keep it small.
The STRIDE Methodology Explained
STRIDE is a threat-modeling mnemonic that turns a blank whiteboard into six specific questions: is this element vulnerable to Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, or Elevation of privilege? Here's how to apply it.
What Is Threat Modeling?
Threat modeling is the structured practice of asking what can go wrong with a system before you build it, then designing controls to match. Here's the four-question framework, how to run a session, and where it fits supply chain security.
Buy, Build, or Hybrid: Supply Chain Security in 2026
The build-it-yourself era of supply chain security is ending. The full-stack vendor era has not arrived. The right architecture in 2026 is hybrid — and the decisions are different than they look.
Security Architecture Review Process: A Practical Framework
Architecture reviews catch security issues before code is written. Most organizations skip them or do them poorly. Here is a process that works.