Concepts
In-depth guides and analysis on concepts from the Safeguard engineering team.
116 articles
What Is VEX (Vulnerability Exploitability eXchange)?
VEX is a machine-readable advisory that states whether a product is actually affected by a known vulnerability. Here's how its status values work and why it cuts SBOM-driven false positives.
What Is Software Composition Analysis (SCA)?
Software Composition Analysis (SCA) identifies the open source and third-party components in your code, then flags their known vulnerabilities and license risks. Here's how SCA works and what separates modern tools from legacy scanners.
Attack Surface Reduction: A Practical Guide
Attack surface reduction is the discipline of removing every input, interface, and privilege an attacker could reach that your system does not actually need. Here's how to inventory, shrink, and keep it small.
Cybersecurity Basics for Developers
You do not need to become a security specialist to write secure code, but a working grasp of a few core ideas prevents most common mistakes. Here are the fundamentals every developer should carry into daily work.
Introduction to Software Supply Chain Security
Modern software is assembled from far more code than any one team writes. Software supply chain security protects every dependency, build tool, and pipeline that goes into the finished product. Here is the foundational picture.
SBOM vs SCA: What's the Difference?
An SBOM is a list of what's in your software. SCA is the practice of analyzing that list for risk. One is an artifact; the other is an activity.
The STRIDE Methodology Explained
STRIDE is a threat-modeling mnemonic that turns a blank whiteboard into six specific questions: is this element vulnerable to Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, or Elevation of privilege? Here's how to apply it.
Vulnerability vs Exploit vs Threat: What's the Difference?
A vulnerability is a weakness, an exploit is the tool that abuses it, and a threat is the actor who wants to. Confusing them muddles how you prioritize risk.
What Is a CVE? Understanding Vulnerability IDs
A CVE is a unique public ID given to a specific known security weakness, so everyone can talk about the same flaw without confusion. Here's how the system works.
What Is a Vulnerability? A Plain-English Guide
A vulnerability is a weakness in software that an attacker can misuse to do something they shouldn't. Here's what that means, why it matters, and how teams find and fix them.
What Is Secrets Management?
Secrets management is the practice of securely storing, distributing, rotating, and auditing the credentials your software needs to run. Here's how it works, why leaked secrets are a top breach vector, and how to get it right in 2026.
What Is SLSA? Supply-chain Levels for Software Artifacts Explained
SLSA is an open framework of graded security levels for build integrity, letting teams prove how a software artifact was produced. Here's how the Build track levels work and how to reach them.