Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Compliance

NIST SP 800-53 control mapping for AppSec

How NIST SP 800-53's SA, RA, and SR control families map to modern AppSec — and where legacy scanners like Veracode leave supply-chain evidence gaps.

Jun 17, 20267 min read
Compliance

SOC 2 Type II reporting for AppSec vendors and buyers

A SOC 2 Type II badge isn't enough due diligence for AppSec vendors. Here's what to actually check in the report—scope, exceptions, and subservice carve-outs—before you trust one.

Jun 17, 20268 min read
AI Security

Building Securely with AI (secure AI-assisted development)

AI coding assistants ship code fast — Veracode found 45% of AI-generated code contains security flaws. Here's what secure AI-assisted development actually requires.

Jun 16, 20267 min read
AI Security

AIBOM in 2026: Treating AI Models as a Software Supply Chain

The AI bill of materials is graduating from optional security artifact to procurement requirement. Here is what AIBOM/ML-BOM actually tracks in 2026, how it ties to the EU AI Act, and where it still falls short.

Jun 15, 20267 min read
Industry Events

Black Hat USA 2026 Preview: Agentic AI Security Takes Mandalay Bay

A preview of Black Hat USA 2026 at Mandalay Bay, Aug 1-6. Why agentic AI security, the software supply chain, and post-quantum readiness are the threads to watch before the briefings begin.

Jun 15, 20267 min read
Vulnerability Management

Reachability-based vulnerability prioritization (Polaris ...

Reachability analysis cuts CVE noise by confirming which vulnerabilities are exploitable. Here's how Black Duck's Polaris reachability compares to Safeguard's pipeline-native approach.

Jun 15, 20268 min read
Compliance

What open source scans miss in M&A due diligence

Open source composition scans like Black Duck catch known packages and licenses — but M&A due diligence needs to catch what those scans miss too.

Jun 15, 20268 min read
AI Security

Agent hijacking: the real-world impact of prompt injection

From a zero-click Microsoft 365 Copilot breach to poisoned MCP servers, AI agent hijacking is now a real, documented software supply chain threat.

Jun 14, 20267 min read
AI Security

Can AI write secure code? Auditing AI-generated code

AI writes code fast, but studies from 2021 to 2025 show it also reproduces insecure patterns and invents fake dependencies. Here's what the data says.

Jun 13, 20267 min read
Application Security

Enterprise AppSec risk management at scale

Black Duck built its platform on decades of license-compliance SCA and acquired tools. Safeguard built a unified, reachability-aware supply-chain risk platform from day one.

Jun 13, 20267 min read
AI Security

How Copilot amplifies insecure codebases

Copilot writes ~46% of code where enabled, and studies show ~40% of its security-relevant suggestions are vulnerable. Here's the data on the risk.

Jun 12, 20266 min read
AI Security

AI-Generated Code Security: risks and controls

AI now writes up to 40%+ of new code, and models hallucinate nonexistent packages in 5-22% of outputs. Here's why Black Duck-style SCA misses that risk, and what controls actually work.

Jun 12, 20267 min read
software-supply-chain (Page 4) — Safeguard Blog