software-security
Safeguard articles tagged "software-security" — guides, analysis, and best practices for software supply chain and application security.
16 articles
What Is Malware? Types and How It Spreads
Malware is any software built to do harm, from stealing data to locking up your files. Here's a beginner-friendly tour of the main types and how it gets in.
What Is a CVE? Understanding Vulnerability IDs
A CVE is a unique public ID given to a specific known security weakness, so everyone can talk about the same flaw without confusion. Here's how the system works.
What Is a Vulnerability? A Plain-English Guide
A vulnerability is a weakness in software that an attacker can misuse to do something they shouldn't. Here's what that means, why it matters, and how teams find and fix them.
FTC Section 5 and software security: how 'unfair practices' became a supply chain doctrine
The Federal Trade Commission has spent the last several years building a software-security enforcement theory under Section 5. Drizly, SolarWinds, and Henry Schein each contributed pieces of the framework.
India DPDP Act Software Security Implications 2026
A senior engineer's view of the Digital Personal Data Protection Act in 2026: security safeguards, significant data fiduciaries, breach notification, and software controls that actually comply.
UK Software Security Code of Practice: The 14 Principles
Launched at CyberUK 2025 on 7 May 2025, the UK's voluntary Software Security Code of Practice sets 14 principles across four thematic areas for vendors and customers.
Zero Trust Principles Applied to the Software Supply Chain
Zero trust is not just a network architecture concept. Applied to the software supply chain, it fundamentally changes how organizations verify code, dependencies, and build processes.
CISA's Secure by Design Pledge: Voluntary Commitments with Real Teeth
CISA launched a voluntary pledge asking software manufacturers to commit to specific security improvements. Over 100 companies signed. Here is what the pledge actually requires and whether it matters.
PCI DSS 4.0 Software Security Requirements
PCI DSS 4.0 became mandatory on March 31, 2024, overhauling software security, SBOM visibility, and supply chain controls for every entity that touches cardholder data.
CISA's Secure by Default: Shifting Responsibility to Software Manufacturers
CISA's Secure by Design guidance pushes software vendors to ship secure defaults and take ownership of customer security outcomes, fundamentally changing the security responsibility model.
SWIFT CSCF: Software Security Requirements for Financial Messaging
SWIFT's Customer Security Controls Framework sets mandatory security baselines for financial institutions. Here's the software supply chain angle.
HIPAA and Software Supply Chain Compliance for Health Tech
HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.