patching
Safeguard articles tagged "patching" — guides, analysis, and best practices for software supply chain and application security.
8 articles
Renovate Bot Configuration Recipes for 2026
Renovate is the more powerful dependency-update bot, and its config surface is large. Here are the recipes worth knowing and the defaults worth overriding.
Dependabot Security Update Policies for 2026
A pragmatic guide to configuring Dependabot for security updates: which knobs matter, which defaults are wrong, and how to avoid drowning teams in PRs.
nginx 1.22.1 Vulnerabilities: What Actually Affects You
Worried about nginx 1.22.1 vulnerabilities? Here is what genuinely affects this release, what does not, and how to decide whether you need to upgrade.
Is There an Nginx 1.18.0 Exploit? What the Known CVEs Actually Mean
Nginx 1.18.0 is an unmaintained stable release with real CVEs against it. Here is which flaws are genuinely exploitable, which need specific config, and how to upgrade.
The Java Developer Kit Explained: Security Risks and How to Harden Your JDK
The Java Developer Kit is more than a compiler and runtime. Here is how to treat the JDK as part of your attack surface and keep it patched.
CVE-2023-5363 Explained: The OpenSSL Key and IV Length Flaw
CVE-2023-5363 is an OpenSSL bug where key and IV length parameters get processed too late, risking confidentiality in GCM, CCM and OCB modes. Here is who is affected and how to fix it.
Mean Time to Remediation Benchmarks: How Fast Should You Be Patching?
MTTR is the most important vulnerability management metric. But what is a good MTTR? Industry benchmarks, realistic targets, and strategies for improvement.
Log4Shell Impact Assessment and Remediation Guide
You know Log4Shell is bad. Now here's how to find every instance in your environment and fix it — including the edge cases everyone misses.