Safeguard
Tag

cve-analysis

Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.

134 articles

Container Security

Top 5 Docker Security Vulnerabilities

Runc escapes, exposed daemons, stale base images, privileged containers, and leaked secrets: the five Docker vulnerabilities behind most real container breaches.

Mar 20, 20267 min read
Container Security

Container Security vs Virtual Machine Security

Containers and VMs isolate workloads at different layers — kernel vs. hypervisor — which changes attack surface, blast radius, patch speed, and what your scanner actually needs to cover.

Mar 17, 20267 min read
Industry Analysis

Ruby Security Explained

Ruby security in one place: the 2019 rest-client hijack, CVE-2022-32224's RCE, RubyGems' MFA mandate, and 2025's credential-stealing gem campaign.

Feb 23, 20267 min read
Industry Analysis

Go (Golang) Security Explained

Go's memory safety stops buffer overflows, not logic bugs, typosquatted modules, or CI-pipeline compromise. Here's what actually threatens Go security.

Feb 23, 20266 min read
Industry Analysis

Rust Security Explained

Rust kills most memory-safety bugs, but crates.io supply chain attacks and CVE-2024-24576 prove "written in Rust" isn't a security guarantee.

Feb 22, 20266 min read
Industry Analysis

C/C++ Security Explained

C/C++ still cause ~70% of critical CVEs. From Heartbleed to the xz backdoor, here's why memory bugs persist and how to find exploitable ones fast.

Feb 22, 20268 min read
Best Practices

What is Threat Intelligence

Threat intelligence turns raw indicators into actionable defense. Here's what it actually is, its four types, and how it applies to software supply chains.

Feb 13, 20267 min read
Application Security

What is Secure by Default

Secure by default means software ships in its safest state out of the box. See real breaches, standards, and pledges driving this shift.

Feb 6, 20266 min read
Software Supply Chain Security

Anatomy of a Go module supply chain compromise: lessons f...

Real incidents like the xz-utils backdoor reveal the anatomy of a go module supply chain compromise: maintainer trust, init() execution, and immutable proxy caching.

Feb 3, 20269 min read
Open Source Security

Case study: RubyGems account takeover incidents and their...

A look at real RubyGems account takeover incidents, including the rest-client hijack, and what they reveal about Ruby supply chain risk.

Feb 2, 20268 min read
Open Source Security

Case study: a malicious NuGet package compromise and its ...

Inside the Moq/SponsorLink malicious NuGet package incident: what shipped, who was exposed, and how to harden your .NET build pipeline against the next one.

Jan 30, 20268 min read
DevSecOps

Compromised npm packages in the React and Next.js build p...

A react npm supply chain incident case study: how a phishing attack on a single maintainer compromised chalk, debug, and other build-pipeline dependencies.

Jan 23, 20268 min read
cve-analysis (Page 4) — Safeguard Blog