Regulatory Compliance
PCI DSS 4.0 Supply Chain Requirements in 2026
The PCI DSS 4.0 future-dated requirements became mandatory on March 31, 2025. The supply chain expectations are the ones most QSAs are now testing in detail.
Feb 19, 20265 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The PCI DSS 4.0 future-dated requirements became mandatory on March 31, 2025. The supply chain expectations are the ones most QSAs are now testing in detail.
A retrospective on the Heroku OAuth token incident, what the public timeline revealed about supply chain trust assumptions, and the durable lessons for platform teams.
What hospitals and payers should actually require from their software vendors in 2026: HIPAA-aligned controls, SBOM expectations, and the threats now hitting clinical environments.
AI bills of materials moved from proposal to procurement requirement. A practical comparison of CycloneDX ML-BOM, SPDX 3.0 AI profile, and what to ship in 2026.
What banks, broker-dealers, and insurers should require from their software vendors in 2026: DORA, NYDFS Part 500, OCC guidance, and the operational resilience controls that actually hold up.
The Codecov bash uploader compromise was the quiet supply chain attack that exposed how CI secrets flow through every customer's pipeline. A five-year look back.
The datasets you use to evaluate model safety are themselves a supply chain, and almost nobody is treating them that way. A senior engineer's audit of how eval corpora get poisoned, contaminated, and silently drifted.
Half a decade after Sunburst, the build system compromise still defines how we think about software supply chain risk. A look at what stuck and what did not.
HHS's December 2024 NPRM rewrites the HIPAA Security Rule with explicit software supply chain, SBOM, and business associate controls set to take effect in 2025 and 2026.
Weekly insights on software supply chain security, delivered to your inbox.