Compliance
Executive Order 14028 at Five Years: A Comprehensive Review
Five years after President Biden signed EO 14028, we assess what it accomplished, what it missed, and what comes next.
Mar 10, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Five years after President Biden signed EO 14028, we assess what it accomplished, what it missed, and what comes next.
Executive Order 14028 attestations are now standard for federal software vendors. Build a pipeline that produces SSDF-aligned evidence on every release.
A senior engineer's view of how FTC data broker rulemaking through 2025 and 2026 intersects with software supply chain expectations for organizations handling personal data.
Vendor SBOMs arrive in every shape and size. Without disciplined normalisation, your ingest store is a junk drawer. Here is how mature programmes solve it.
A working template for legal and security teams to assess software supply chain risk against contractual, regulatory, and licensing exposure in 2026.
Software supply chain security for healthcare in 2026 means the new HIPAA Security Rule, 405(d) practices, and FDA postmarket expectations converging on SBOM.
EHR integrations move PHI between dozens of systems. This blueprint shows how to control the third-party risk surface without breaking interoperability.
Supply chain security for financial services in 2026 means DORA, NYDFS 500, FFIEC, and OCC expectations. A practical guide for banks, insurers, and fintechs.
A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.
Weekly insights on software supply chain security, delivered to your inbox.