Safeguard
Tag

patch-management

Safeguard articles tagged "patch-management" — guides, analysis, and best practices for software supply chain and application security.

53 articles

Best Practices

The security hygiene checklist most engineering orgs still skip

22% of breaches start with stolen credentials, per Verizon's 2025 DBIR. A quarter-long hygiene checklist — patching, MFA, secrets, least privilege — closes most of that gap.

Jul 14, 20266 min read
Supply Chain Security

A patching playbook for critical open-source CVEs

Heartbleed, the OpenSSL punycode bug, and XZ Utils each broke a different assumption in incident response. Here's an SLA-driven playbook that survives all three.

Jul 13, 20266 min read
Vulnerability Management

Inside the OpenSSL punycode bug: why CVE-2022-3602 wasn't Heartbleed

OpenSSL pre-announced a 'critical' flaw in October 2022. It shipped as HIGH severity. Here's the buffer overflow, the downgrade, and the safe patch path.

Jul 12, 20265 min read
Application Security

A hardening checklist for modern Drupal deployments

Drupal 7's 2025 end-of-life left unsupported sites exposed; here's a concrete checklist for module vetting, access control, and patch cadence on Drupal 10/11.

Jul 11, 20266 min read
Vulnerability Management

Continuous vulnerability management: the discovery-to-verification lifecycle

CISA's new BOD 26-04 gives federal agencies as little as 3 days to remediate the highest-risk flaws — a preview of the SLA pressure every engineering org now faces.

Jul 8, 20267 min read
Vulnerability Management

The CUPS RCE Chain: A Technical Breakdown of CVE-2024-47176

Four medium-severity CUPS bugs chained into unauthenticated RCE on UDP/631 — a masterclass in why CVSS scores per-CVE miss the real risk of a vulnerability chain.

Jul 8, 20266 min read
Best Practices

The four pillars every enterprise security program needs

Identity, patching, segmentation, and logging aren't a checklist — they're the four controls that determine whether a breach stays contained or becomes Log4Shell.

Jul 8, 20266 min read
Vulnerability Management

Exploitability vs. breakability: a practical rubric for vulnerability triage

CVSS says a flaw could be bad. CISA's KEV catalog, now past 1,300 entries, says one actually was exploited. Most teams still triage as if the two are the same.

Jul 8, 20267 min read
Concepts

What Is a Security Patch

A security patch is a small update that fixes a specific flaw in software. Here is what patches are, why applying them quickly matters, and how teams manage them.

Jul 4, 20266 min read
Vulnerabilities

Zero-Day Alert: Chrome V8 CVE-2026-11645 Is Being Exploited in the Wild

Google shipped an emergency Chrome update for CVE-2026-11645, an out-of-bounds memory bug in V8 already exploited in the wild. Here is what the CVE actually means and why your browser patch window just shrank to days.

Jun 10, 20267 min read
Open Source Security

Automated dependency updates and patch management

How automated dependency updates actually close the patch gap—where Mend.io's approach falls short, and what reachability, provenance, and policy-as-code add.

May 21, 20267 min read
Vulnerability Management

Upgrade Impact Analysis: Predicting Breaking Changes Befo...

Why 70% of security patches sit unapplied for months, and how diffing a package upgrade against your call graph predicts breaking changes before you run npm update.

May 16, 20267 min read
patch-management — Safeguard Blog