Compliance
White House M-22-18 SBOM Attestation Update
OMB M-22-18 and the CISA Secure Software Self-Attestation form continue to evolve. Here is what producers and federal buyers must change in 2026.
Mar 31, 20268 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
OMB M-22-18 and the CISA Secure Software Self-Attestation form continue to evolve. Here is what producers and federal buyers must change in 2026.
SLSA v1.1 sharpens the build track, adds a source track draft, and clarifies attestation semantics. Here is the practical guide for security teams.
The UK PSTI Act's first year of enforcement reveals how consumer IoT vendors are struggling with minimum security requirements, password rules, and disclosure policies.
NIST SP 800-161 Rev. 2 reshapes cyber supply chain risk management for federal contractors and commercial buyers. Here is what engineers must operationalize.
Everything you need to know about SBOM requirements under EO 14028, NIST SSDF, and emerging global regulations.
The FTC's widening enforcement posture after the MGM breach and related consent orders is reshaping software supply chain accountability for vendors and buyers.
The EU Cyber Resilience Act is already biting in 2026. Here is the enforcement timeline manufacturers, integrators, and open source stewards need to internalize now.
An anonymized look at how a US federal civilian agency assembled a complete FedRAMP High supply chain evidence pack in 30 days using Safeguard.sh.
Two years into Item 1.05 of Form 8-K, the SEC has clarified materiality, enforcement posture, and how Regulation S-K Item 106 cybersecurity narratives will be judged.
Weekly insights on software supply chain security, delivered to your inbox.