Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
BOD 22-01 (KEV) and BOD 23-02 (external attack surface) apply directly to federal civilian agencies, but their downstream contractual cascade into the software supply chain is now the more consequential effect.
CISA's Secure-by-Design pledge launched in April 2024 with seven voluntary goals. Two years later, signatories are publishing progress reports and procurement teams are starting to ask hard questions.
Translating CISA's Secure by Design pledge into operational engineering work in 2026, with the specific control mappings and evidence practices that hold up to audit.
On May 5, 2026, CISA launched CI Fortify, pushing critical infrastructure operators to plan for cyberattacks that sever their connections to the internet and telecom during a geopolitical crisis. We unpack the isolation and recovery objectives and what they demand of software supply chains.
On May 4, 2026, CISA and international partners published guidance on the secure adoption of agentic AI. We break down the named risks, the recommended controls, and how to operationalize them for AppSec and platform teams.
More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.
CISA pushed the CIRCIA final rule to May 2026. We unpack the dual-track threshold structure, the 72-hour and 24-hour timers, and what the 300,000-entity scope means.
A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.
CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.
Weekly insights on software supply chain security, delivered to your inbox.