Safeguard
Tag

cvss

Safeguard articles tagged "cvss" — guides, analysis, and best practices for software supply chain and application security.

47 articles

Open Source Security

How the Snyk Priority Score algorithm blends CVSS, exploi...

How Snyk's Priority Score blends CVSS severity, exploit maturity, and reachability analysis into a single 1-1000 vulnerability ranking score.

Aug 26, 20257 min read
Open Source Security

How the Snyk Risk Score's 0-1000 scale is derived from CV...

How Snyk's 0-1000 Risk Score starts from the CVSS impact subscore formula, then layers in exploit maturity, social trends, and reachability data.

Aug 26, 20257 min read
Open Source Security

How Snyk's exploit maturity rating is researched and assi...

A look at how Snyk researches and assigns exploit maturity ratings — the categories, the manual research process, and how the label shapes vulnerability prioritization.

Aug 23, 20257 min read
Buyer's Guides

How Risk Scoring Models Differ Across AppSec Platforms

CVSS, EPSS, SSVC, and vendor priority scores all measure vulnerability risk differently. Here's how they diverge, with real numbers, and how reachability analysis cuts through the noise.

Jul 24, 20257 min read
Vulnerability Management

Vulnerability Prioritization in 2025: EPSS, VEX, and the End of CVSS-Only Triage

CVSS scores alone cannot tell you what to patch first. EPSS exploit prediction and VEX documents are reshaping how mature security teams prioritize vulnerabilities at scale.

May 15, 20258 min read
Vulnerability Management

Exploit Chaining: A Supply Chain Perspective

How attackers chain low and medium severity flaws across dependencies to reach critical impact, and why supply chain context changes triage priorities.

Jan 20, 20257 min read
Security Concepts

CVE Vulnerability Lookup and Scoring, Explained

A CVE vulnerability record is an identifier, not a severity rating on its own — here's how CVE IDs, CVSS scores, and the actual lookup process fit together.

Nov 19, 20245 min read
Security Concepts

CVE Vulnerabilities Explained: How the CVE System Works

What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.

Sep 17, 20246 min read
Security Concepts

The National Vulnerability Database: How to Actually Use It

The National Vulnerability Database is the US government's CVE repository — here's how to search it, read its CVSS scores, and use it in a real workflow.

May 14, 20245 min read
Vulnerability Management

Understanding EPSS: Exploit Prediction Scoring System Explained

EPSS offers a data-driven approach to vulnerability prioritization. Learn how it works, how it compares to CVSS, and why your team should care.

Mar 15, 20236 min read
Vulnerability Analysis

Vulnerability Prioritization: Beyond CVSS Scores

CVSS scores alone lead to alert fatigue and misallocated resources. Here's how EPSS, reachability analysis, and exploit intelligence create a smarter prioritization model.

Nov 1, 20216 min read
cvss (Page 4) — Safeguard Blog