Compliance
Secure by Design Pledge: Reading the 2026 Progress Reports
More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.
Apr 8, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.
The CRA offers three conformity routes: Module A self-assessment, Module B+C type examination plus production conformity, and Module H quality management system audit.
A data-grounded analysis of CISA Known Exploited Vulnerabilities catalog growth through 2025 and 2026, and the operational implications for defenders.
A 2026 enforcement update on California SB-327, the IoT security statute that set a national precedent, and what manufacturers and integrators need to know.
OMB M-22-18 and the CISA Secure Software Self-Attestation form continue to evolve. Here is what producers and federal buyers must change in 2026.
A senior engineer's view of the Digital Personal Data Protection Act in 2026: security safeguards, significant data fiduciaries, breach notification, and software controls that actually comply.
The UK PSTI Act's first year of enforcement reveals how consumer IoT vendors are struggling with minimum security requirements, password rules, and disclosure policies.
A senior engineer's guide to FDA premarket cybersecurity for medical devices in 2026: section 524B, SBOM expectations, SPDF, and what reviewers actually ask about.
The EU AI Act's 2026 obligations reshape software supply chain requirements for AI system providers, deployers, and upstream model suppliers across every sector.
Weekly insights on software supply chain security, delivered to your inbox.