Safeguard
Tag

cve

Safeguard articles tagged "cve" — guides, analysis, and best practices for software supply chain and application security.

136 articles

Industry Analysis

The 2024 End-of-Year Vulnerability Disclosure Report

A look back at vulnerability disclosure in 2024: counts, severity distribution, time-to-patch, and the handful of incidents that shifted practice. Numbers, not narrative.

Dec 18, 20246 min read
Threat Intelligence

Vulnerability Exploitation Trends in 2024: What the Data Shows

Analysis of 2024 vulnerability exploitation patterns reveals faster weaponization timelines, shifting target profiles, and the growing importance of edge device vulnerabilities.

Dec 15, 20246 min read
Security Concepts

CWE Full Form: How the Common Weakness Enumeration Works

CWE stands for Common Weakness Enumeration — a community catalog of software and hardware weakness types. Here is what CWE means, how it differs from CVE, and how to use it.

Nov 19, 20246 min read
Industry News

NIST NVD Recovery: The New Consortium Reshaping Vulnerability Data

After months of processing backlogs and community frustration, NIST announces a new consortium to modernize and sustain the National Vulnerability Database.

Nov 1, 20246 min read
Vulnerability Management

Vulnerability Intelligence Platforms Compared for Supply Chain Security

Vulnerability intelligence platforms aggregate, enrich, and prioritize vulnerability data. This comparison examines how leading platforms handle supply chain-specific intelligence needs.

Sep 15, 20246 min read
Security Concepts

What Is CWE? The Common Weakness Enumeration Explained

CWE catalogs the underlying software weakness behind a vulnerability, not the specific instance of it — here's how it relates to CVE and why scanners tag findings with a CWE ID.

Aug 6, 20245 min read
Product

Safeguard SCA: Vulnerability Scanning Built for the Supply Chain

Safeguard SCA goes beyond basic CVE matching with multi-source intelligence, version-range precision, and exploitability context that cuts through vulnerability noise.

Jul 1, 20247 min read
Security Concepts

The National Vulnerability Database: How to Actually Use It

The National Vulnerability Database is the US government's CVE repository — here's how to search it, read its CVSS scores, and use it in a real workflow.

May 14, 20245 min read
Vulnerability Management

Coordinated Vulnerability Disclosure: A Complete Guide

Coordinated disclosure protects users while giving vendors time to fix. Here is how to run a disclosure process that works for all parties, whether you are the reporter or the vendor.

Apr 28, 20247 min read
Guides

How to Audit Python Dependencies with pip-audit (and What It Misses)

pip-audit checks your Python dependencies against the PyPA advisory database in one command. Here is how to run it well in CI, and the four gaps it leaves open.

Apr 26, 20246 min read
Industry Analysis

NIST NVD Slowdown: What the Vulnerability Enrichment Backlog Means for Security Teams

NIST's National Vulnerability Database nearly stopped enriching CVEs in early 2024, creating a growing backlog that left security teams without the severity scores and metadata they depend on.

Mar 15, 20246 min read
Vulnerabilities

Apache Struts 2 Vulnerabilities: A History Worth Knowing

Apache Struts 2 has produced some of the most damaging vulnerabilities in web application history, including the flaw behind the Equifax breach. Here's what happened and why it keeps happening.

Mar 11, 20245 min read
cve (Page 11) — Safeguard Blog