product-security
Safeguard articles tagged "product-security" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Software Supply Chain Security for Product Security Teams
Product security teams own the security of what ships and stays shipped. Here is how to embed supply chain controls across the SDLC, run PSIRT for third-party CVEs, and manage security debt in released products without owning every repo yourself.
EU Cyber Resilience Act Vendor Obligations in 2026
The Cyber Resilience Act entered into force in December 2024 with a phased application schedule. The vendor obligations begin to bite in 2026 and accelerate through 2027.
The EU Cyber Resilience Act Explained for Software Vendors
What the EU CRA actually requires from software vendors — SBOMs, vulnerability handling, CE marking, timelines through 2027, and penalties up to EUR 15M.
UK Product Security and Telecommunications Infrastructure Act: Software Implications
The UK's PSTI Act bans default passwords and mandates vulnerability disclosure. Here's what it means for software embedded in connected products.