security-policy
Safeguard articles tagged "security-policy" — guides, analysis, and best practices for software supply chain and application security.
4 articles
The AppSec Program Spring-Cleaning Checklist
The xz-utils backdoor sat in a maintainer's commits for over two years before a Postgres developer's slow SSH login exposed it in March 2024. Most AppSec programs never audit for that kind of drift.
Responsible vulnerability disclosure policy comparison
Safeguard and Socket.dev both publish vulnerability disclosure policies—but their SLAs, bounty terms, and scope differ. A sourced, line-by-line comparison for vendor due diligence.
What is a Security Policy
A security policy is the documented, executive-approved rulebook auditors test against — here's what belongs in one, how often to review it, and what breaks when it isn't enforced.
CISA Secure by Design Principles: What They Mean for Software Teams
CISA's Secure by Design initiative shifts security responsibility from users to manufacturers. Here's what it means for how you build software.