Vulnerability Management
In-depth guides and analysis on vulnerability management from the Safeguard engineering team.
133 articles
Fortinet FortiOS CVE-2024-21762: Exploitation Patterns
CVE-2024-21762 gave attackers pre-auth RCE on FortiGate SSL VPN. We trace the exploitation patterns, scanner behavior, and who got hit first.
Vulnerability SLA Compliance Tracking That Actually Works
Most organizations define vulnerability SLAs and then fail to meet them. The problem is not motivation. It is measurement and process.
Firmware Analysis and Reverse Engineering for Security Teams
Firmware is the forgotten attack surface. Here are the techniques security teams use to uncover hidden vulnerabilities in embedded software.
govulncheck in Production Integration
govulncheck is the best vulnerability scanner the Go ecosystem has ever had, but turning it from a demo into a production gate takes more than adding a CI step.
A History of Browser Sandbox Escapes and What They Teach Us
Browser sandboxes are the last line of defense against web-based attacks. When they fail, everything is exposed. Here is what the major escapes reveal.
Vulnerability Remediation SLAs: Best Practices for Real Teams
Setting vulnerability remediation deadlines is easy. Actually meeting them is hard. This guide covers practical SLA frameworks that balance security urgency with engineering reality.
OSV Schema: The Open Source Vulnerability Database Format Explained
OSV provides a standardized format for vulnerability data that is purpose-built for open-source ecosystems. Here is how it works and why it is better than NVD for dependency scanning.
Vulnerability Chaining: Real-World Examples and Defense Strategies
Individual vulnerabilities rarely tell the full story. This deep dive examines how attackers chain low-severity bugs into devastating exploits and how defenders can break the chain.
Understanding EPSS: Exploit Prediction Scoring System Explained
EPSS offers a data-driven approach to vulnerability prioritization. Learn how it works, how it compares to CVSS, and why your team should care.
Vulnerability Correlation Across Package Ecosystems
The same vulnerability often appears under different identifiers across npm, PyPI, Maven, and other ecosystems. Here is how to correlate vulnerabilities across ecosystems and why it matters.
CPE Naming Convention and the Vulnerability Matching Problem
CPE is the backbone of NVD vulnerability matching, and it is deeply flawed. Understanding its limitations is essential for accurate vulnerability management.
Image Parsing Vulnerabilities in Dependencies: The Pixel-Level Threat
Every application that processes images depends on parsing libraries with a long history of memory corruption bugs. Here is what is at stake.