Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The FTC finalized 30-day breach notification in 2025 and pursued multi-million-dollar settlements through 2026. Non-bank financial institutions need to take the Rule seriously.
The Second Amendment to NYDFS Part 500 added universal MFA and an asset inventory mandate on November 1, 2025. The April 2026 certification reveals where covered entities stand.
A senior engineer's view of DORA third-party ICT risk in 2026: register of information, concentration risk, subcontractor depth, and the operational controls regulators actually test.
How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.
The DORA subcontracting RTS adopted on 24 March 2025 governs how ICT third-party providers may subcontract critical or important functions, in force from 22 July 2025.
The Commission published the DORA TLPT RTS on 18 June 2025 with direct effect from 8 July 2025. Tests are mandated every three years, aligned to TIBER-EU methodology.
The 30 April 2025 ESA deadline forced banks and insurers to inventory every ICT contract against 105 prescribed data points — and exposed structural gaps in third-party data.
Since May 13, 2024, non-banking financial institutions must notify the FTC within 30 days of a notification event affecting 500 or more consumers.
RansomHub maintained access to Patelco Credit Union's network from May 23 to June 29, 2024, ultimately exposing data on over one million members and triggering a $7.25M class settlement.
Weekly insights on software supply chain security, delivered to your inbox.