Regulatory Compliance
India CERT-In Software Supply Chain Update
A senior engineer's view of how CERT-In directives in 2025 and 2026 are reshaping software supply chain expectations for organizations operating in India.
Mar 19, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A senior engineer's view of how CERT-In directives in 2025 and 2026 are reshaping software supply chain expectations for organizations operating in India.
Container image supply chain incidents have grown in frequency and impact. We analyze the 2026 patterns, the registry tradecraft, and what defenders should change.
Vector databases are now central infrastructure for retrieval-augmented AI. The 2026 attack trend targets the index itself, not the model — and most defenders are not watching the right layer.
A senior engineer's view of the second-year impact of SEC cybersecurity disclosure rules, what filings actually look like, and where supply chain risk fits in.
Fine-tuning a model on an attacker-controlled dataset can implant behaviour that only activates under specific conditions. The threat is quiet because detection is hard.
Code signing key theft has surged across 2025 and 2026. We trace the recurring incident patterns, the operator tradecraft, and the structural defenses that work.
AI bills of materials moved from voluntary best practice to regulatory requirement in 2026. Multiple jurisdictions now require disclosure of model, data, and component lineage for high-impact AI systems.
A senior engineer's view of how FTC data broker rulemaking through 2025 and 2026 intersects with software supply chain expectations for organizations handling personal data.
Ransomware operators increasingly enter victims through software supply chain pathways. We analyze the 2026 patterns, the affiliate dynamics, and what defenders should do.
Weekly insights on software supply chain security, delivered to your inbox.