Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Compliance

How long does a SOC 2 audit take?

Most teams budget 3 months for SOC 2. The real number is closer to 6-12, and no automation platform, including Drata, can compress the observation period.

Mar 16, 20267 min read
Compliance

Who needs SOC 2 compliance? A breakdown by company stage/...

SOC 2 isn't legally required, but it's now a deal-blocker as early as seed stage. Here's a stage-by-stage, industry-by-industry breakdown of who actually needs it.

Mar 15, 20268 min read
Compliance

SOC 2 Trust Services Criteria explained (security, availa...

A breakdown of the five SOC 2 Trust Services Criteria, when each applies, and where Secureframe-style control mapping stops short of software supply chain evidence.

Mar 12, 20267 min read
Compliance

SOC 2 controls list: what controls you need to implement

A breakdown of the SOC 2 controls list across all five Trust Services Criteria, how Secureframe maps them, and what auditors actually test.

Mar 12, 20267 min read
Compliance

The SOC 2 audit process step by step

A step-by-step breakdown of the SOC 2 audit process — timelines, costs, Type 1 vs Type 2, and what auditors actually check — with a look at where Safeguard fits alongside tools like Secureframe.

Mar 11, 20268 min read
Regulatory Compliance

ISO 27001 risk assessment: how to conduct one

A practical walkthrough of how to run an ISO 27001 risk assessment—scoping, scoring, Annex A mapping, and why supply chain controls need real evidence, not questionnaires.

Mar 10, 20267 min read
Cryptography

Merkle tree in transparency logs

A Merkle tree is a hash-based data structure that lets transparency logs prove data integrity efficiently, using Merkle proofs and certificate transparency.

Mar 4, 20267 min read
AI Security

Risks of AI-Generated Code

AI coding assistants now write nearly half of some codebases—and research shows 45% of that code ships with exploitable flaws. Here's what security teams need to know.

Mar 3, 20267 min read
AI Security

Slopsquatting (AI package hallucination attack)

Slopsquatting exploits AI coding assistants that hallucinate nonexistent package names, which attackers then register as real, malicious packages.

Mar 2, 20266 min read
AI Security

What is AI Governance

AI governance means the policies and technical controls that keep AI models, data, and agents safe, compliant, and auditable across your software supply chain.

Mar 1, 20267 min read
Identity Security

PASETO tokens

PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.

Mar 1, 20267 min read
Cryptography

Post-quantum cryptography

Post-quantum cryptography protects data from future quantum attacks. See how NIST-standardized, lattice-based algorithms defend today's software supply chain.

Feb 27, 20268 min read
software-supply-chain (Page 17) — Safeguard Blog