Safeguard
Tag

risk-scoring

Safeguard articles tagged "risk-scoring" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Application Security

ASPM fundamentals: what application security posture management actually aggregates

Gartner coined the ASPM term in May 2023 and projects over 40% of organizations building software will adopt it by 2026 — here is what it actually does.

Jul 8, 20266 min read
Application Security

What to Evaluate in an ASPM Solution: A 2026 Buyer's Guide

Gartner named Application Security Posture Management a category in May 2023 — three years later, most RFPs still can't distinguish a real ASPM from a dashboard bolted onto old scanners.

Jul 8, 20268 min read
Cloud Security

Common Configuration Scoring System (CCSS) explained

NIST published CCSS in December 2010 to score misconfigurations the way CVSS scores bugs — most cloud teams have never applied it.

Jul 8, 20266 min read
Vulnerability Management

CVSS 4.0 vs. 3.1: what actually changed, and why your priority list should too

CVSS 4.0 killed the Scope metric, added Attack Requirements, and split scoring into CVSS-B/BT/BE/BTE labels — here's what that means for triage.

Jul 8, 20266 min read
Comparisons

Reachability Analysis vs EPSS vs CVSS: Prioritization Showdown

CVSS scores severity, EPSS predicts exploitation, reachability proves applicability. A spec-level comparison of the three signals — and the order to apply them.

Apr 14, 20266 min read
Buyer's Guides

Best open source project risk scoring tools

A practical buyer's guide comparing open source project risk scoring tools like OpenSSF Scorecard, Snyk, and Sonatype on signal quality and coverage.

Nov 12, 20258 min read
Software Supply Chain Security

Best software supply chain risk scoring and rating platforms

A practical, no-hype guide to choosing software supply chain risk scoring platforms — evaluation criteria plus a fair roundup of six real vendors, strengths and limitations included.

Nov 5, 20258 min read
Buyer's Guides

How Risk Scoring Models Differ Across AppSec Platforms

CVSS, EPSS, SSVC, and vendor priority scores all measure vulnerability risk differently. Here's how they diverge, with real numbers, and how reachability analysis cuts through the noise.

Jul 24, 20257 min read
Software Supply Chain Security

Supply Chain Risk Scoring Algorithms: How They Work and Where They Fail

Risk scoring turns complex supply chain data into actionable numbers. But the algorithms behind these scores have assumptions and blind spots that security teams must understand.

Jul 18, 20237 min read
Risk Management

Software Vendor Risk Scoring Methodology

A practical framework for scoring and ranking software vendor risk based on supply chain security posture, vulnerability history, and development practices.

Dec 18, 20227 min read
risk-scoring — Safeguard Blog