software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
How long does a SOC 2 audit take?
Most teams budget 3 months for SOC 2. The real number is closer to 6-12, and no automation platform, including Drata, can compress the observation period.
Who needs SOC 2 compliance? A breakdown by company stage/...
SOC 2 isn't legally required, but it's now a deal-blocker as early as seed stage. Here's a stage-by-stage, industry-by-industry breakdown of who actually needs it.
SOC 2 Trust Services Criteria explained (security, availa...
A breakdown of the five SOC 2 Trust Services Criteria, when each applies, and where Secureframe-style control mapping stops short of software supply chain evidence.
SOC 2 controls list: what controls you need to implement
A breakdown of the SOC 2 controls list across all five Trust Services Criteria, how Secureframe maps them, and what auditors actually test.
The SOC 2 audit process step by step
A step-by-step breakdown of the SOC 2 audit process — timelines, costs, Type 1 vs Type 2, and what auditors actually check — with a look at where Safeguard fits alongside tools like Secureframe.
ISO 27001 risk assessment: how to conduct one
A practical walkthrough of how to run an ISO 27001 risk assessment—scoping, scoring, Annex A mapping, and why supply chain controls need real evidence, not questionnaires.
Merkle tree in transparency logs
A Merkle tree is a hash-based data structure that lets transparency logs prove data integrity efficiently, using Merkle proofs and certificate transparency.
Risks of AI-Generated Code
AI coding assistants now write nearly half of some codebases—and research shows 45% of that code ships with exploitable flaws. Here's what security teams need to know.
Slopsquatting (AI package hallucination attack)
Slopsquatting exploits AI coding assistants that hallucinate nonexistent package names, which attackers then register as real, malicious packages.
What is AI Governance
AI governance means the policies and technical controls that keep AI models, data, and agents safe, compliant, and auditable across your software supply chain.
PASETO tokens
PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.
Post-quantum cryptography
Post-quantum cryptography protects data from future quantum attacks. See how NIST-standardized, lattice-based algorithms defend today's software supply chain.