cve-analysis
Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.
134 articles
Top 5 Docker Security Vulnerabilities
Runc escapes, exposed daemons, stale base images, privileged containers, and leaked secrets: the five Docker vulnerabilities behind most real container breaches.
Container Security vs Virtual Machine Security
Containers and VMs isolate workloads at different layers — kernel vs. hypervisor — which changes attack surface, blast radius, patch speed, and what your scanner actually needs to cover.
Ruby Security Explained
Ruby security in one place: the 2019 rest-client hijack, CVE-2022-32224's RCE, RubyGems' MFA mandate, and 2025's credential-stealing gem campaign.
Go (Golang) Security Explained
Go's memory safety stops buffer overflows, not logic bugs, typosquatted modules, or CI-pipeline compromise. Here's what actually threatens Go security.
Rust Security Explained
Rust kills most memory-safety bugs, but crates.io supply chain attacks and CVE-2024-24576 prove "written in Rust" isn't a security guarantee.
C/C++ Security Explained
C/C++ still cause ~70% of critical CVEs. From Heartbleed to the xz backdoor, here's why memory bugs persist and how to find exploitable ones fast.
What is Threat Intelligence
Threat intelligence turns raw indicators into actionable defense. Here's what it actually is, its four types, and how it applies to software supply chains.
What is Secure by Default
Secure by default means software ships in its safest state out of the box. See real breaches, standards, and pledges driving this shift.
Anatomy of a Go module supply chain compromise: lessons f...
Real incidents like the xz-utils backdoor reveal the anatomy of a go module supply chain compromise: maintainer trust, init() execution, and immutable proxy caching.
Case study: RubyGems account takeover incidents and their...
A look at real RubyGems account takeover incidents, including the rest-client hijack, and what they reveal about Ruby supply chain risk.
Case study: a malicious NuGet package compromise and its ...
Inside the Moq/SponsorLink malicious NuGet package incident: what shipped, who was exposed, and how to harden your .NET build pipeline against the next one.
Compromised npm packages in the React and Next.js build p...
A react npm supply chain incident case study: how a phishing attack on a single maintainer compromised chalk, debug, and other build-pipeline dependencies.