SBOM
CISA Minimum Elements for SBOM: 2026 Update
A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.
Mar 4, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.
How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.
The EU Cyber Resilience Act requires vendors to ship secure-by-default products, provide SBOMs, and report exploited vulnerabilities within 24 hours. Here is a concrete compliance path.
EU AI Act enforcement began in 2026. Vendors sold as "AI security tools" are now high-risk systems with documentation obligations. The shape of the documentation matters.
A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.
A senior engineer's guide to SBOM requirements for automotive suppliers under ISO/SAE 21434, UNECE WP.29 R155, and the 2026 enforcement landscape for connected vehicles.
Data residency for AI workloads has moved from nice-to-have to contractually required. The shape of the requirement is specific and worth knowing before procurement.
How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.
HIPAA's software supply chain expectations have sharpened in 2025-2026. Evidence generation is the difference between passing an audit and rerunning it.
Weekly insights on software supply chain security, delivered to your inbox.