Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
SPDX is the format auditors ask for, the format regulators reference, and the format most enterprise procurement teams standardize on. Griffin AI treats it as a first-class graph. Mythos-class tools treat it as a long document.
How Safeguard's knowledge graph unifies components, vulnerabilities, policies, and runtime evidence into a single queryable substrate that powers every product surface.
How SBOMs actually move between producers and consumers in 2026, what TEA and VEX are solving, and the distribution patterns that hold up in production.
An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.
CycloneDX 1.7 was published in October 2025 and adopted by the General Assembly in December. We unpack what the ML-BOM capability means in practice for AI inventory.
CycloneDX is not a text format to be summarized — it's a typed graph with dozens of semantically-rich fields. Griffin AI consumes it as a graph. Mythos-class tools consume it as tokens. That difference decides every downstream finding.
A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.
SBOM adoption has grown rapidly, but maturity varies wildly. Here's where the industry actually stands heading into 2026.
A detailed comparison of how Griffin AI consumes SBOMs as structured reasoning context while Mythos-class pure-LLM tools skim them as prose — and why that architectural gap determines the quality of every downstream finding.
Weekly insights on software supply chain security, delivered to your inbox.