Regulatory Compliance
NIST CSF 2.0 Rollout: Field Observations
NIST CSF 2.0 added the Govern function, broadened the target audience, and clarified supply chain expectations. Field observations from the first year of adoption.
Nov 22, 20246 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
NIST CSF 2.0 added the Govern function, broadened the target audience, and clarified supply chain expectations. Field observations from the first year of adoption.
CNCF, Linux Foundation, Apache, Eclipse — each has a different governance model. A practical evaluation of what that means for projects considering adoption.
The Linux Foundation, Apache Software Foundation, CNCF, and Eclipse each codify different theories of how open source projects should be governed. The differences matter more than most adopters realize.
Four years after SUNBURST, SolarWinds has rebuilt its SDLC around signed pipelines, parallel builds, and a new CSO office. How much of it is real?
Azure Policy is the enforcement layer most Azure platforms underuse. A concrete, policy-by-policy guide to wiring it into supply chain controls that actually stick.
A risk register is the backbone of supply chain risk management. Here is a practical template for identifying, scoring, tracking, and mitigating software supply chain risks.
Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.
OpenSSL's transformation from a two-person project securing half the internet to a properly governed foundation offers a blueprint for open source security governance.
A practical template for crafting an enterprise open-source usage policy that balances developer freedom with security and compliance requirements.
Weekly insights on software supply chain security, delivered to your inbox.