memory-safety
Safeguard articles tagged "memory-safety" — guides, analysis, and best practices for software supply chain and application security.
39 articles
Native-extension vulnerabilities in Python packages
numpy, pandas, cryptography, and lxml all ship compiled C/C++ code — and a Python SCA scan that only checks package versions can miss memory-safety bugs buried in that native layer.
C++ Security Best Practices: Memory Safety, Hardening Flags, and the C/C++ Supply Chain
Microsoft attributes roughly 70% of its CVEs to memory-safety bugs, and the xz backdoor proved the C/C++ supply chain is a live target. Here is the practical hardening path for code you can't rewrite.
Rust memory safety and its security advantages
Memory safety bugs cause ~70% of Microsoft's CVEs. Here's how Rust's ownership model eliminates them at compile time, with real CVE examples.
Type-safe languages and their security benefits
Type safety eliminates entire CVE classes, not one bug at a time. Here's what the Microsoft, Google, and CISA data actually shows about the security payoff.
Bringing developer-first application security to C/C++
C/C++ still powers critical infrastructure but lags in AppSec tooling. Safeguard brings SBOM, reachability, and auto-fix to native code security.
What is a Buffer Overflow
Buffer overflows have powered exploits from the 1988 Morris Worm to WannaCry. Here's how they work, why they persist, and how to stop them.
Rust Security Explained
Rust kills most memory-safety bugs, but crates.io supply chain attacks and CVE-2024-24576 prove "written in Rust" isn't a security guarantee.
C/C++ Security Explained
C/C++ still cause ~70% of critical CVEs. From Heartbleed to the xz backdoor, here's why memory bugs persist and how to find exploitable ones fast.
Rust memory safety vulnerabilities despite the borrow che...
The borrow checker doesn't stop everything. Here's how rust unsafe code vulnerabilities slip past Rust's safety guarantees and reach production.
Buffer overflow vulnerabilities explained
Buffer overflows still make MITRE's CWE Top 25 every year. Here's how they corrupt memory, real CVEs like EternalBlue and Baron Samedit, and how to stop them.
Use-after-free vulnerabilities explained
Use-after-free bugs (CWE-416) power some of the worst zero-day exploit chains in browsers and kernels. Here's how they work and what stops them.
Integer overflow vulnerabilities explained
What integer overflow vulnerabilities are, how CWE-190 causes real breaches like Bitcoin's 2010 overflow bug, and how to detect and prevent them.