Safeguard
Tag

cisa

Safeguard articles tagged "cisa" — guides, analysis, and best practices for software supply chain and application security.

35 articles

Incident Analysis

Sisense Data Breach: When Your Analytics Platform Becomes the Threat

CISA issued a rare advisory urging Sisense customers to reset credentials after attackers compromised the business intelligence platform, potentially accessing customer data across thousands of organizations.

Apr 15, 20245 min read
Policy & Compliance

CISA's Secure by Design Pledge: Voluntary Commitments with Real Teeth

CISA launched a voluntary pledge asking software manufacturers to commit to specific security improvements. Over 100 companies signed. Here is what the pledge actually requires and whether it matters.

Apr 10, 20246 min read
Compliance

CISA Secure Software Development Attestation: What Vendors Must Know

CISA now requires software vendors selling to the US government to attest to secure development practices. Here's what the form demands and how to prepare.

Mar 11, 20246 min read
Compliance & Frameworks

CISA's Memory-Safe Languages Roadmap: What It Means for Software Development

CISA publishes a roadmap urging the industry to transition to memory-safe programming languages, targeting the root cause of roughly 70% of critical vulnerabilities.

Feb 26, 20246 min read
Compliance & Regulations

CISA's Secure by Default: Shifting Responsibility to Software Manufacturers

CISA's Secure by Design guidance pushes software vendors to ship secure defaults and take ownership of customer security outcomes, fundamentally changing the security responsibility model.

Nov 1, 20235 min read
Vulnerability Analysis

CISA KEV Catalog: One Year Analysis of Known Exploited Vulnerabilities

After one year, the CISA KEV catalog has reshaped how organizations prioritize patching. Here's what the data tells us about real-world exploitation.

Apr 25, 20236 min read
Compliance & Regulations

CISA Secure by Design Principles: What They Mean for Software Teams

CISA's Secure by Design initiative shifts security responsibility from users to manufacturers. Here's what it means for how you build software.

Apr 20, 20236 min read
Compliance & Regulations

CISA Self-Attestation Form: What Software Producers Need to Know

OMB M-22-18 requires software producers selling to the federal government to self-attest to secure development practices. Here's what's required.

Oct 8, 20226 min read
Compliance & Regulations

The Open Source Software Security Act of 2022: What It Means for Developers

The U.S. Senate introduced legislation directing CISA to secure open source software used by the federal government. Here's what the bill contains.

Sep 22, 20226 min read
Compliance & Regulations

CISA SBOM Guidance: What Government Agencies Need to Know

CISA's evolving SBOM requirements are reshaping how government agencies procure and manage software. Here's what the guidance says and how to operationalize it.

May 10, 20225 min read
Compliance & Regulations

CISA Known Exploited Vulnerabilities Catalog Launched

CISA's KEV catalog changes vulnerability management from theoretical risk to confirmed exploitation. Here's what it means and how to use it for prioritization.

Dec 20, 20215 min read
cisa (Page 3) — Safeguard Blog