vendor-risk-management
Safeguard articles tagged "vendor-risk-management" — guides, analysis, and best practices for software supply chain and application security.
29 articles
NERC CIP-013 compliance and software supply chain risk ma...
NERC CIP-013 turned vendor risk management into a mandatory grid compliance obligation. Here's what it requires, who it covers, and how to build an audit-ready supply chain plan.
Third-party risk management for OT/ICS vendors in utilities
A step-by-step guide to OT ICS vendor risk management for utilities: assessing, auditing, and monitoring SCADA and industrial control system vendors.
Best third-party and vendor risk management (TPRM) tools
A practical buyer's guide comparing six named third-party risk management tools — strengths, limitations, and where software supply chain visibility fills the gaps they miss.
Hidden Functionality and Undocumented API Endpoints
Undocumented API endpoints and hidden functionality sit outside vendor documentation entirely — here's where they come from, why attackers find them first, and how to detect them.
Why Maintainer Burnout Is a Security Metric, Not Just an ...
The xz Utils backdoor started with a burned-out maintainer, not a zero-day. Here's why maintainer fatigue belongs in your supply chain risk model.