compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
CRA Article 14: 24-Hour Early Warning and 72-Hour Reporting Explained
Article 14 of the Cyber Resilience Act mandates dual notifications to coordinating CSIRTs and ENISA within 24 hours of awareness. Reporting starts 11 September 2026.
DORA Financial Sector Supply Chain Controls
A senior engineer's view of how DORA's ICT third-party risk management requirements are reshaping software supply chain controls across European financial services.
NIS2 Supply Chain Evidence For EU Operators
NIS2 expects essential and important entities to manage supply chain risk with documented evidence. Learn how to build a program that survives competent authority review.
SBOM Incident Response: Finding Affected Products Fast
When a critical CVE drops, the only number that matters is minutes-to-blast-radius. Here is how a well-run SBOM programme answers the question in under five minutes.
SBOM-Driven Due Diligence for M&A
How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.
How to Comply With EU CRA: A Practical Checklist
The EU Cyber Resilience Act requires vendors to ship secure-by-default products, provide SBOMs, and report exploited vulnerabilities within 24 hours. Here is a concrete compliance path.
EU AI Act Alignment: Griffin AI vs Mythos
EU AI Act enforcement began in 2026. Vendors sold as "AI security tools" are now high-risk systems with documentation obligations. The shape of the documentation matters.
How to Audit Open Source Licenses for Compliance
A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.
SBOM Requirements for Automotive (ISO 21434) 2026
A senior engineer's guide to SBOM requirements for automotive suppliers under ISO/SAE 21434, UNECE WP.29 R155, and the 2026 enforcement landscape for connected vehicles.
What is AI Governance
AI governance means the policies and technical controls that keep AI models, data, and agents safe, compliant, and auditable across your software supply chain.
Crypto Exchange Supply Chain Defence 2026
Crypto exchanges remain the highest-value target for supply chain attackers. Here is the 2026 defence playbook that hardens the entire stack.
Australia Essential Eight 2026: Supply Chain
A senior engineer's view of how Australia's Essential Eight evolved through 2025 and 2026 to incorporate software supply chain expectations alongside the original mitigations.