Regulatory Compliance
SLSA v1.1 Framework Update: What's New
SLSA v1.1 sharpens the build track, adds a source track draft, and clarifies attestation semantics. Here is the practical guide for security teams.
Mar 30, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
SLSA v1.1 sharpens the build track, adds a source track draft, and clarifies attestation semantics. Here is the practical guide for security teams.
CISA and DHS's October 2025 software assurance guidance refines federal expectations on SBOMs, attestation, and secure-by-design, and signals what is next.
The October 31, 2025 ISO/IEC 27001:2022 transition deadline is weeks away. Here's what auditors will look for in Annex A controls, statements of applicability, and evidence packs.
HHS's December 2024 NPRM rewrites the HIPAA Security Rule with explicit software supply chain, SBOM, and business associate controls set to take effect in 2025 and 2026.
Twelve months after the NIS2 transposition deadline, enforcement is uneven, fines are real, and software supply chain obligations are starting to bite.
Japan's AMED, METI, and PMDA guidance now converges on SBOMs and supply chain controls, reshaping how medical and industrial software is built, shipped, and maintained.
OWASP ASVS 5.0 restructured the verification levels and added new requirements for modern stacks. A practical adoption guide for teams using ASVS as their security baseline.
Oracle's February 2025 Critical Control Baseline for critical infrastructure customers reshapes SCRM obligations. Here's what legal and security teams must know.
FedRAMP 20x demands real-time ConMon. Here's how to automate monthly POA&M, vulnerability deviation, and SBOM attestation without a 20-person team.
Weekly insights on software supply chain security, delivered to your inbox.