cve
Safeguard articles tagged "cve" — guides, analysis, and best practices for software supply chain and application security.
136 articles
The 2024 End-of-Year Vulnerability Disclosure Report
A look back at vulnerability disclosure in 2024: counts, severity distribution, time-to-patch, and the handful of incidents that shifted practice. Numbers, not narrative.
Vulnerability Exploitation Trends in 2024: What the Data Shows
Analysis of 2024 vulnerability exploitation patterns reveals faster weaponization timelines, shifting target profiles, and the growing importance of edge device vulnerabilities.
CWE Full Form: How the Common Weakness Enumeration Works
CWE stands for Common Weakness Enumeration — a community catalog of software and hardware weakness types. Here is what CWE means, how it differs from CVE, and how to use it.
NIST NVD Recovery: The New Consortium Reshaping Vulnerability Data
After months of processing backlogs and community frustration, NIST announces a new consortium to modernize and sustain the National Vulnerability Database.
Vulnerability Intelligence Platforms Compared for Supply Chain Security
Vulnerability intelligence platforms aggregate, enrich, and prioritize vulnerability data. This comparison examines how leading platforms handle supply chain-specific intelligence needs.
What Is CWE? The Common Weakness Enumeration Explained
CWE catalogs the underlying software weakness behind a vulnerability, not the specific instance of it — here's how it relates to CVE and why scanners tag findings with a CWE ID.
Safeguard SCA: Vulnerability Scanning Built for the Supply Chain
Safeguard SCA goes beyond basic CVE matching with multi-source intelligence, version-range precision, and exploitability context that cuts through vulnerability noise.
The National Vulnerability Database: How to Actually Use It
The National Vulnerability Database is the US government's CVE repository — here's how to search it, read its CVSS scores, and use it in a real workflow.
Coordinated Vulnerability Disclosure: A Complete Guide
Coordinated disclosure protects users while giving vendors time to fix. Here is how to run a disclosure process that works for all parties, whether you are the reporter or the vendor.
How to Audit Python Dependencies with pip-audit (and What It Misses)
pip-audit checks your Python dependencies against the PyPA advisory database in one command. Here is how to run it well in CI, and the four gaps it leaves open.
NIST NVD Slowdown: What the Vulnerability Enrichment Backlog Means for Security Teams
NIST's National Vulnerability Database nearly stopped enriching CVEs in early 2024, creating a growing backlog that left security teams without the severity scores and metadata they depend on.
Apache Struts 2 Vulnerabilities: A History Worth Knowing
Apache Struts 2 has produced some of the most damaging vulnerabilities in web application history, including the flaw behind the Equifax breach. Here's what happened and why it keeps happening.