Safeguard
Topic

Concepts

In-depth guides and analysis on concepts from the Safeguard engineering team.

116 articles

Concepts

What Is VEX (Vulnerability Exploitability eXchange)?

VEX is a machine-readable advisory that states whether a product is actually affected by a known vulnerability. Here's how its status values work and why it cuts SBOM-driven false positives.

Jul 2, 20266 min read
Concepts

What Is Software Composition Analysis (SCA)?

Software Composition Analysis (SCA) identifies the open source and third-party components in your code, then flags their known vulnerabilities and license risks. Here's how SCA works and what separates modern tools from legacy scanners.

Jul 1, 20266 min read
Concepts

Attack Surface Reduction: A Practical Guide

Attack surface reduction is the discipline of removing every input, interface, and privilege an attacker could reach that your system does not actually need. Here's how to inventory, shrink, and keep it small.

Jul 1, 20267 min read
Concepts

Cybersecurity Basics for Developers

You do not need to become a security specialist to write secure code, but a working grasp of a few core ideas prevents most common mistakes. Here are the fundamentals every developer should carry into daily work.

Jul 1, 20266 min read
Concepts

Introduction to Software Supply Chain Security

Modern software is assembled from far more code than any one team writes. Software supply chain security protects every dependency, build tool, and pipeline that goes into the finished product. Here is the foundational picture.

Jul 1, 20266 min read
Concepts

SBOM vs SCA: What's the Difference?

An SBOM is a list of what's in your software. SCA is the practice of analyzing that list for risk. One is an artifact; the other is an activity.

Jul 1, 20266 min read
Concepts

The STRIDE Methodology Explained

STRIDE is a threat-modeling mnemonic that turns a blank whiteboard into six specific questions: is this element vulnerable to Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, or Elevation of privilege? Here's how to apply it.

Jul 1, 20267 min read
Concepts

Vulnerability vs Exploit vs Threat: What's the Difference?

A vulnerability is a weakness, an exploit is the tool that abuses it, and a threat is the actor who wants to. Confusing them muddles how you prioritize risk.

Jul 1, 20266 min read
Concepts

What Is a CVE? Understanding Vulnerability IDs

A CVE is a unique public ID given to a specific known security weakness, so everyone can talk about the same flaw without confusion. Here's how the system works.

Jul 1, 20266 min read
Concepts

What Is a Vulnerability? A Plain-English Guide

A vulnerability is a weakness in software that an attacker can misuse to do something they shouldn't. Here's what that means, why it matters, and how teams find and fix them.

Jul 1, 20267 min read
Concepts

What Is Secrets Management?

Secrets management is the practice of securely storing, distributing, rotating, and auditing the credentials your software needs to run. Here's how it works, why leaked secrets are a top breach vector, and how to get it right in 2026.

Jul 1, 20267 min read
Concepts

What Is SLSA? Supply-chain Levels for Software Artifacts Explained

SLSA is an open framework of graded security levels for build integrity, letting teams prove how a software artifact was produced. Here's how the Build track levels work and how to reach them.

Jul 1, 20266 min read
Concepts (Page 5) — Supply Chain Security Blog | Safeguard