Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filtering by tag:#cisa19 articles

Filter

All (19)AI Security (384)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Supply Chain Attacks (54)Threat Intelligence (47)SBOM (41)Product (35)Tools (32)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed

Compliance

CISA Secure by Design Pledge: Practical Impact

An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.

Jan 21, 20267 min read

Compliance

EO 14028 Two Years In: What Actually Shipped

A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.

Jan 14, 20267 min read

Regulatory Compliance

DHS Software Assurance Guidance: A Review

CISA and DHS's October 2025 software assurance guidance refines federal expectations on SBOMs, attestation, and secure-by-design, and signals what is next.

Oct 28, 20254 min read

Regulation

CIRCIA Final Rule Slips to May 2026: What Changes

CISA pushed the CIRCIA final rule deadline from October 2025 to May 2026, citing 24,000 public comments and harmonization work with other federal cyber reporting frameworks.

Oct 2, 20255 min read

Industry

CISA Secure by Design Pledge: Reading the One-Year Progress Reports

The CISA Secure by Design pledge crossed its one-year mark in May 2025 with over 150 signatories. We analyze the published progress reports and where vendors are quietly falling short.

Jun 4, 20257 min read

Threat Intelligence

CISA KEV Catalog in 2025: What the Data Tells Us About Real-World Exploitation

The CISA Known Exploited Vulnerabilities catalog has become the definitive list of actively exploited flaws. An analysis of 2025 KEV trends reveals which products, vulnerability types, and attack patterns dominate.

Mar 18, 20255 min read

Incident Analysis

American Water Cyberattack: Largest U.S. Utility Forced Offline

American Water Works discovered unauthorised network access on October 3, 2024, shutting down its MyWater customer portal and billing systems serving 14 million people across 24 states.

Feb 26, 20256 min read

Compliance & Frameworks

CISA's SBOM Sharing Lifecycle: A Framework for Practical Adoption

CISA releases updated guidance on SBOM sharing practices, addressing the full lifecycle from generation to consumption across supplier and buyer relationships.

Oct 15, 20246 min read

Compliance & Frameworks

CISA's Memory-Safe Languages Roadmap: What It Means for Software Development

CISA publishes a roadmap urging the industry to transition to memory-safe programming languages, targeting the root cause of roughly 70% of critical vulnerabilities.

Feb 26, 20246 min read

Page 2 of 3

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights