cra
Safeguard articles tagged "cra" — guides, analysis, and best practices for software supply chain and application security.
9 articles
A Practical Guide to EU Cyber Resilience Act Compliance
The CRA's 24-hour vulnerability reporting clock starts 11 September 2026. Here's how to build the SDLC changes now instead of scrambling later.
EU Cyber Resilience Act Vendor Obligations in 2026
The Cyber Resilience Act entered into force in December 2024 with a phased application schedule. The vendor obligations begin to bite in 2026 and accelerate through 2027.
The EU Cyber Resilience Act Explained for Software Vendors
What the EU CRA actually requires from software vendors — SBOMs, vulnerability handling, CE marking, timelines through 2027, and penalties up to EUR 15M.
ENISA's CRA Single Reporting Platform Goes Live September 2026
From 11 September 2026, every CRA manufacturer must file a 24-hour early warning of actively exploited vulnerabilities through one ENISA-operated portal — and the platform is being built right now.
SaaS Vendor's EU CRA Readiness Sprint
An anonymized account of how a mid-sized European SaaS vendor prepared for the EU Cyber Resilience Act using a focused 12-week Safeguard readiness sprint.
SBOM Compliance in 2025: Tracking Global Mandates and Deadlines
SBOM requirements are now embedded in regulations across the US, EU, Japan, and beyond. A practical tracker of what is required, by whom, and by when.
2025 Bug Bounty Program Reforms: What Changed
From Microsoft's AI bounty expansion to the EU CRA's good-faith researcher protections, bug bounty rules of engagement shifted meaningfully in early 2025.
Safeguard v3: Compliance-First Supply Chain Security
Safeguard v3 adds compliance framework mapping, automated evidence collection, audit-ready reporting, and VEX document support for regulatory readiness.
GDPR Meets CRA: Software Overlap
GDPR Article 32 and the EU Cyber Resilience Act look like separate regimes, but for any software handling personal data they converge at the component level. Here's where they overlap and where they diverge.