Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The FTC finalized 30-day breach notification in 2025 and pursued multi-million-dollar settlements through 2026. Non-bank financial institutions need to take the Rule seriously.
HHS published the HIPAA Security Rule NPRM in January 2025. Finalization is on the agenda for 2026. Covered entities and business associates need to start work now.
The November 2023 amendments to NY DFS 23 NYCRR Part 500 tightened third-party service provider requirements and added new obligations around software supply chain risk. Covered entities are now in steady-state implementation.
The CISA Secure Software Development Attestation Form went live in March 2024. Two years and several revisions later, here is what producers actually have to attest, and where the common gotchas are.
Twenty state comprehensive privacy laws are in force by 2026. Most carry baseline security mandates that security teams - not just privacy lawyers - must operationalize.
BOD 22-01 (KEV) and BOD 23-02 (external attack surface) apply directly to federal civilian agencies, but their downstream contractual cascade into the software supply chain is now the more consequential effect.
The Federal Trade Commission has spent the last several years building a software-security enforcement theory under Section 5. Drizly, SolarWinds, and Henry Schein each contributed pieces of the framework.
CISA's Secure-by-Design pledge launched in April 2024 with seven voluntary goals. Two years later, signatories are publishing progress reports and procurement teams are starting to ask hard questions.
The SEC's Item 1.05 8-K rule has been live since December 2023, and supply-chain incidents are now the most common trigger for a four-day materiality clock. Here is what programs need to know.
Weekly insights on software supply chain security, delivered to your inbox.