SBOM Standards
CycloneDX v1.5: New Features and What They Mean for Your SBOM Program
CycloneDX v1.5 introduced formulation, machine learning BOMs, and expanded evidence. Here is what changed and how to take advantage of it.
Jun 20, 20236 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
CycloneDX v1.5 introduced formulation, machine learning BOMs, and expanded evidence. Here is what changed and how to take advantage of it.
Quantum computers threaten the cryptographic foundations of software supply chains. The time to prepare is now, not when quantum advantage arrives.
While organizations were still reeling from the first MOVEit zero-day, a second critical vulnerability was found — raising questions about the product's security.
Flask gives you room to make mistakes. This is a long look at the patterns that keep Flask apps safe in 2023, covering sessions, extensions, Werkzeug, and Jinja.
SSRF lets attackers reach internal services through your application. In cloud environments, that often means access to instance metadata and IAM credentials.
Barracuda told customers to physically replace compromised Email Security Gateway appliances. The vulnerability had been exploited since October 2022.
Security maturity models provide structure, but benchmarking against peers provides context. Here is how to build a meaningful security maturity benchmark without falling into common traps.
Every software download, package install, and API call starts with a DNS query. DNS compromise redirects your supply chain at the most fundamental level — and most organizations have no visibility.
Mobile apps ship to millions of devices and can't be patched silently. Here's how to build SBOM practices for iOS and Android development.
Weekly insights on software supply chain security, delivered to your inbox.