Safeguard
Tag

software-security

Safeguard articles tagged "software-security" — guides, analysis, and best practices for software supply chain and application security.

16 articles

Concepts

What Is Malware? Types and How It Spreads

Malware is any software built to do harm, from stealing data to locking up your files. Here's a beginner-friendly tour of the main types and how it gets in.

Jul 2, 20266 min read
Concepts

What Is a CVE? Understanding Vulnerability IDs

A CVE is a unique public ID given to a specific known security weakness, so everyone can talk about the same flaw without confusion. Here's how the system works.

Jul 1, 20266 min read
Concepts

What Is a Vulnerability? A Plain-English Guide

A vulnerability is a weakness in software that an attacker can misuse to do something they shouldn't. Here's what that means, why it matters, and how teams find and fix them.

Jul 1, 20267 min read
Compliance

FTC Section 5 and software security: how 'unfair practices' became a supply chain doctrine

The Federal Trade Commission has spent the last several years building a software-security enforcement theory under Section 5. Drizly, SolarWinds, and Henry Schein each contributed pieces of the framework.

May 13, 20268 min read
Compliance

India DPDP Act Software Security Implications 2026

A senior engineer's view of the Digital Personal Data Protection Act in 2026: security safeguards, significant data fiduciaries, breach notification, and software controls that actually comply.

Mar 26, 20268 min read
Policy

UK Software Security Code of Practice: The 14 Principles

Launched at CyberUK 2025 on 7 May 2025, the UK's voluntary Software Security Code of Practice sets 14 principles across four thematic areas for vendors and customers.

Jul 8, 20256 min read
Best Practices

Zero Trust Principles Applied to the Software Supply Chain

Zero trust is not just a network architecture concept. Applied to the software supply chain, it fundamentally changes how organizations verify code, dependencies, and build processes.

Nov 25, 20247 min read
Policy & Compliance

CISA's Secure by Design Pledge: Voluntary Commitments with Real Teeth

CISA launched a voluntary pledge asking software manufacturers to commit to specific security improvements. Over 100 companies signed. Here is what the pledge actually requires and whether it matters.

Apr 10, 20246 min read
Regulatory Compliance

PCI DSS 4.0 Software Security Requirements

PCI DSS 4.0 became mandatory on March 31, 2024, overhauling software security, SBOM visibility, and supply chain controls for every entity that touches cardholder data.

Mar 31, 20245 min read
Compliance & Regulations

CISA's Secure by Default: Shifting Responsibility to Software Manufacturers

CISA's Secure by Design guidance pushes software vendors to ship secure defaults and take ownership of customer security outcomes, fundamentally changing the security responsibility model.

Nov 1, 20235 min read
Compliance

SWIFT CSCF: Software Security Requirements for Financial Messaging

SWIFT's Customer Security Controls Framework sets mandatory security baselines for financial institutions. Here's the software supply chain angle.

Jun 10, 20236 min read
Compliance

HIPAA and Software Supply Chain Compliance for Health Tech

HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.

May 25, 20236 min read
software-security — Safeguard Blog