Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.
A hands-on tutorial for producing a CSAF-VEX document that tells your customers which CVEs actually affect your product and which do not.
Managing vulnerabilities across thousands of applications and millions of dependencies requires fundamentally different approaches than what works for a single team. Here is what scales.
A practical field guide to switching SBOM tooling vendors without losing historical data, breaking compliance reports, or annoying the auditors.
SBOMs for medical devices look straightforward on paper and get complicated fast in the real world. A field report on what regulators actually accept and what engineering teams actually produce.
.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.
When your application is 50 services with 50 dependency trees, SBOM management stops being simple. Here's how to handle it.
SBOMs locked in files are static inventory. SBOMs exposed through APIs become live infrastructure. Here's how to build the integration layer.
Five takeaways from the supply chain sessions at RSA Conference 2023, from SBOM adoption skepticism to attestation tooling and federal procurement pressure.
Weekly insights on software supply chain security, delivered to your inbox.