Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Article 14 of the Cyber Resilience Act mandates dual notifications to coordinating CSIRTs and ENISA within 24 hours of awareness. Reporting starts 11 September 2026.
A senior engineer's view of how DORA's ICT third-party risk management requirements are reshaping software supply chain controls across European financial services.
NIS2 expects essential and important entities to manage supply chain risk with documented evidence. Learn how to build a program that survives competent authority review.
When a critical CVE drops, the only number that matters is minutes-to-blast-radius. Here is how a well-run SBOM programme answers the question in under five minutes.
How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.
The EU Cyber Resilience Act requires vendors to ship secure-by-default products, provide SBOMs, and report exploited vulnerabilities within 24 hours. Here is a concrete compliance path.
EU AI Act enforcement began in 2026. Vendors sold as "AI security tools" are now high-risk systems with documentation obligations. The shape of the documentation matters.
A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.
A senior engineer's guide to SBOM requirements for automotive suppliers under ISO/SAE 21434, UNECE WP.29 R155, and the 2026 enforcement landscape for connected vehicles.
Weekly insights on software supply chain security, delivered to your inbox.