patch-management
Safeguard articles tagged "patch-management" — guides, analysis, and best practices for software supply chain and application security.
53 articles
The security hygiene checklist most engineering orgs still skip
22% of breaches start with stolen credentials, per Verizon's 2025 DBIR. A quarter-long hygiene checklist — patching, MFA, secrets, least privilege — closes most of that gap.
A patching playbook for critical open-source CVEs
Heartbleed, the OpenSSL punycode bug, and XZ Utils each broke a different assumption in incident response. Here's an SLA-driven playbook that survives all three.
Inside the OpenSSL punycode bug: why CVE-2022-3602 wasn't Heartbleed
OpenSSL pre-announced a 'critical' flaw in October 2022. It shipped as HIGH severity. Here's the buffer overflow, the downgrade, and the safe patch path.
A hardening checklist for modern Drupal deployments
Drupal 7's 2025 end-of-life left unsupported sites exposed; here's a concrete checklist for module vetting, access control, and patch cadence on Drupal 10/11.
Continuous vulnerability management: the discovery-to-verification lifecycle
CISA's new BOD 26-04 gives federal agencies as little as 3 days to remediate the highest-risk flaws — a preview of the SLA pressure every engineering org now faces.
The CUPS RCE Chain: A Technical Breakdown of CVE-2024-47176
Four medium-severity CUPS bugs chained into unauthenticated RCE on UDP/631 — a masterclass in why CVSS scores per-CVE miss the real risk of a vulnerability chain.
The four pillars every enterprise security program needs
Identity, patching, segmentation, and logging aren't a checklist — they're the four controls that determine whether a breach stays contained or becomes Log4Shell.
Exploitability vs. breakability: a practical rubric for vulnerability triage
CVSS says a flaw could be bad. CISA's KEV catalog, now past 1,300 entries, says one actually was exploited. Most teams still triage as if the two are the same.
What Is a Security Patch
A security patch is a small update that fixes a specific flaw in software. Here is what patches are, why applying them quickly matters, and how teams manage them.
Zero-Day Alert: Chrome V8 CVE-2026-11645 Is Being Exploited in the Wild
Google shipped an emergency Chrome update for CVE-2026-11645, an out-of-bounds memory bug in V8 already exploited in the wild. Here is what the CVE actually means and why your browser patch window just shrank to days.
Automated dependency updates and patch management
How automated dependency updates actually close the patch gap—where Mend.io's approach falls short, and what reachability, provenance, and policy-as-code add.
Upgrade Impact Analysis: Predicting Breaking Changes Befo...
Why 70% of security patches sit unapplied for months, and how diffing a package upgrade against your call graph predicts breaking changes before you run npm update.