Compliance
CISA Secure by Design Pledge: Signatories in 2026
CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.
Jan 28, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.
What the FDA's 2026 premarket cybersecurity guidance actually requires for SBOMs, how reviewers evaluate them, and the patterns that cause 510(k) submissions to stall.
CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.
An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.
A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.
SBOM requirements are now embedded in regulations across the US, EU, Japan, and beyond. A practical tracker of what is required, by whom, and by when.
Healthcare, finance, energy, and defense face unique supply chain security requirements. Here is how regulated industries should approach SBOM compliance and vulnerability management.
Manual license audits cannot keep pace with modern dependency trees. Automated license detection, policy enforcement, and compliance documentation turn a legal bottleneck into a developer workflow.
CISA is building a comprehensive software identification ecosystem that ties SBOMs, vulnerabilities, and procurement together. Here is what it means for software producers and consumers.
Weekly insights on software supply chain security, delivered to your inbox.