Safeguard
Topic

Vulnerability Management

In-depth guides and analysis on vulnerability management from the Safeguard engineering team.

133 articles

Vulnerability Management

Citrix Bleed 2: Analysis and Mitigation

CVE-2025-5777 revived the memory-leak pattern that broke NetScaler in 2023. Here is what the 2025 variant does, who is exploiting it, and how to respond.

Jul 25, 20254 min read
Vulnerability Management

Vulnerability Prioritization in 2025: EPSS, VEX, and the End of CVSS-Only Triage

CVSS scores alone cannot tell you what to patch first. EPSS exploit prediction and VEX documents are reshaping how mature security teams prioritize vulnerabilities at scale.

May 15, 20258 min read
Vulnerability Management

AWS Service-Linked Role Abuse Techniques, 2025

Service-linked roles are the soft underbelly of AWS IAM. We catalogue the 2024-2025 abuse primitives and the detection queries that catch them.

Apr 28, 20255 min read
Vulnerability Management

How to Run Grype in Offline/Airgap Environments

A hands-on tutorial for running Grype vulnerability scans in offline and airgapped environments, including vulnerability database hosting and CI integration.

Jan 28, 20255 min read
Vulnerability Management

Exploit Chaining: A Supply Chain Perspective

How attackers chain low and medium severity flaws across dependencies to reach critical impact, and why supply chain context changes triage priorities.

Jan 20, 20257 min read
Vulnerability Management

Dataflow Analysis in Modern Codebases

Dataflow analysis is the workhorse behind most vulnerability research. Here's how it adapts to TypeScript, Rust, and the polyglot realities of modern software.

Nov 18, 20248 min read
Vulnerability Management

How to Build a Vulnerability SLA Dashboard

Track remediation SLAs across projects with a self-service dashboard that surfaces aging findings, breach risk, and team accountability — complete code inside.

Nov 14, 20245 min read
Vulnerability Management

Differential Testing for Supply Chain Vulns

Differential testing compares the behavior of multiple implementations of the same specification. In supply-chain work, it surfaces bugs that nobody else can see.

Oct 25, 20247 min read
Vulnerability Management

Vulnerability Intelligence Platforms Compared for Supply Chain Security

Vulnerability intelligence platforms aggregate, enrich, and prioritize vulnerability data. This comparison examines how leading platforms handle supply chain-specific intelligence needs.

Sep 15, 20246 min read
Vulnerability Management

Supply Chain IoC Catalog

A practical catalog of indicators of compromise for software supply chain attacks, with detection queries and false-positive notes.

Sep 14, 20246 min read
Vulnerability Management

Cisco ASA Firepower Zero-Day Trends, 2024 Edition

Six zero-days against ASA and FTD in 2024, two tied to ArcaneDoor. We chart the trend, the CVSS distribution, and the patch-to-exploit gap.

Sep 5, 20245 min read
Vulnerability Management

A Framework for Security Patch Prioritization

You cannot patch everything immediately. Here is a risk-based framework for deciding which patches to apply first when your vulnerability backlog exceeds your capacity.

Aug 28, 20247 min read
Vulnerability Management (Page 9) — Supply Chain Security Blog | Safeguard