vendor-security
Safeguard articles tagged "vendor-security" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Veracode Trust Center walkthrough / vendor security trans...
What Veracode's trust center actually proves about vendor security — and why SOC 2 reports don't answer software supply chain questions like SBOM and build provenance.
Secure by Design Pledge: Reading the 2026 Progress Reports
More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.
What is Vendor Risk Management
Vendor risk management now means tracking code-level supply chain risk, not just SOC 2 reports—here's what it covers, how to tier vendors, and what regulations require it.
NIS2 Directive: What EU Software Vendors Must Do Now
NIS2 is in force, transposition is late in half the EU, and the obligations bind anyway if you're in scope. The supply chain security and 24-hour reporting duties, decoded.
Cloud Marketplace Security: What AWS and Azure Listings Actually Verify
Buying software through AWS Marketplace or Azure Marketplace feels safe. But what security verification actually happens before a listing goes live?