patch-management
Safeguard articles tagged "patch-management" — guides, analysis, and best practices for software supply chain and application security.
53 articles
Zero-Day Patch Response at Scale: Can Open Source Maintai...
Zero-day patch timelines swing from 3 hours to 10 weeks across open source projects. Here's why maintainer capacity, not tooling, is the real bottleneck.
CVE-2026-0300 in Palo Alto PAN-OS: Patch Posture & SBOM Response
PAN-OS Captive Portal pre-auth RCE scored CVSS 9.3 and landed on CISA KEV with a three-day patch deadline. Defender playbook below.
Patch management strategies for open source dependencies
A practical guide to patch management for open source dependencies: prioritizing by reachability and EPSS, not CVSS alone, and building a repeatable remediation loop.
CVE-2025-53521 in F5 BIG-IP APM: Patch Posture & SBOM Response
F5 BIG-IP APM bug reclassified from DoS to RCE at CVSS 9.8 and landed on CISA KEV. Defender playbook for the late-cycle severity surprise.
How to set up a vulnerability management program
A step-by-step guide to setting up a vulnerability management program: scanning schedules, risk-based triage, patch management, and metrics that hold up in an audit.
What Is Patch Management?
Patch management is the process of finding, testing, and deploying software updates that fix bugs and security flaws. Learn the lifecycle, prioritization, and why it matters.
CVE-2025-15467 in OpenSSL CMS: Patch Posture & SBOM Response
OpenSSL CMS pre-auth stack buffer overflow scored CVSS 9.8. Mail servers, web servers, and anything that processes S/MIME need the fix. Defender playbook below.
What is Vulnerability Remediation
Vulnerability remediation means fixing a flaw at its source, not just detecting it. Learn the workflow, real MTTR benchmarks, and prioritization.
Sudo Baron Samedit heap overflow (CVE-2021-3156)
A decade-old sudo heap overflow, CVE-2021-3156 (Baron Samedit), let any local user gain root. Here's what's affected and how to fix it.
PrintNightmare Windows Print Spooler RCE (CVE-2021-34527)
A critical Print Spooler flaw (CVE-2021-34527) enabled unauthenticated SYSTEM-level RCE on nearly every Windows host. Here's what happened and how to fix it.
HTTP/2 Rapid Reset DDoS technique (CVE-2023-44487)
CVE-2023-44487 (HTTP/2 Rapid Reset) fueled record DDoS attacks by abusing stream resets. Here's the impact, timeline, and how to remediate it.
Dirty COW Linux kernel privilege escalation (CVE-2016-5195)
Dirty COW (CVE-2016-5195) let local attackers hijack a kernel race condition for root. Nine years old, still found in fleets — here's how to find and fix it.