Safeguard
Topic

Vulnerability Management

In-depth guides and analysis on vulnerability management from the Safeguard engineering team.

133 articles

Vulnerability Management

Static Analysis False-Positive Reduction

A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.

Aug 22, 20248 min read
Vulnerability Management

NuGet Package Vulnerabilities Dashboard

Listing every CVE in your NuGet dependency tree is easy. Turning it into a dashboard someone can act on is the work. A practical design.

Aug 15, 20245 min read
Vulnerability Management

Fuzzing Open Source for Supply Chain Findings

How modern coverage-guided fuzzing finds real vulnerabilities in open-source dependencies, and how to fold it into a supply-chain security program.

Jul 15, 20247 min read
Vulnerability Management

Mean Time to Remediation Benchmarks: How Fast Should You Be Patching?

MTTR is the most important vulnerability management metric. But what is a good MTTR? Industry benchmarks, realistic targets, and strategies for improvement.

Jul 12, 20245 min read
Vulnerability Management

bundler-audit Production Setup

A practical guide to running bundler-audit in production CI pipelines, including advisory database updates, exception handling, and integration with remediation workflows.

Jul 2, 20247 min read
Vulnerability Management

Symbolic Execution for Dependency Analysis

Symbolic execution explores program paths without concrete inputs. For supply-chain work, it answers reachability questions that fuzzing cannot.

May 28, 20247 min read
Vulnerability Management

False Positive Rates in Container Scanning: Why Your Scanner Lies to You

Container scanners produce mountains of findings. A significant percentage are false positives. Here is how to measure and manage the noise.

May 12, 20245 min read
Vulnerability Management

Coordinated Vulnerability Disclosure: A Complete Guide

Coordinated disclosure protects users while giving vendors time to fix. Here is how to run a disclosure process that works for all parties, whether you are the reporter or the vendor.

Apr 28, 20247 min read
Vulnerability Management

Taint Analysis for Zero-Day Discovery: A Primer

A practitioner's walk-through of taint analysis as a zero-day discovery technique, from classic Livshits and Lam foundations to modern flow-sensitive engines.

Apr 22, 20247 min read
Vulnerability Management

Palo Alto GlobalProtect Zero-Day: Response Timeline

CVE-2024-3400 hit GlobalProtect with pre-auth RCE and ongoing exploitation. Here is the response timeline, the UPSTYLE tradecraft, and what worked.

Apr 18, 20245 min read
Vulnerability Management

CISA KEV Catalog Growth: A 2024 Q1 Analysis

CISA added 40+ CVEs to the Known Exploited Vulnerabilities catalog in Q1 2024. We break down the vendor mix, the edge-device bias, and what to prioritize.

Mar 10, 20245 min read
Vulnerability Management

PDF Supply Chain Attack Vectors: When Documents Become Weapons

PDFs are trusted by default in most organizations. That trust makes them a potent vector for supply chain attacks. Here is how the attacks work.

Feb 22, 20245 min read
Vulnerability Management (Page 10) — Supply Chain Security Blog | Safeguard