security-concepts
Safeguard articles tagged "security-concepts" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Application Security vs Network Security: Where the Line Is
Application security vs network security comes down to what layer you're defending — code and logic versus traffic and perimeter — and most breaches now happen in the gap between them.
Product Security vs Application Security: What's the Difference
Application security protects the code and runtime of a single piece of software; product security is the broader discipline covering that software's entire lifecycle, including hardware, supply chain, and how customers actually use it.
CVE Vulnerability Lookup and Scoring, Explained
A CVE vulnerability record is an identifier, not a severity rating on its own — here's how CVE IDs, CVSS scores, and the actual lookup process fit together.
CVE Vulnerabilities Explained: How the CVE System Works
What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.
OWASP 10 vs OWASP Top 10: Clearing Up the Confusion
"OWASP 10" isn't a separate standard — it's shorthand people search for the OWASP Top 10, and the confusion usually starts with which Top 10 they actually mean.
What Is CWE? The Common Weakness Enumeration Explained
CWE catalogs the underlying software weakness behind a vulnerability, not the specific instance of it — here's how it relates to CVE and why scanners tag findings with a CWE ID.
Malware Types: A Practitioner's Taxonomy
A reference list of all malware types by how they spread and what they do — worms, trojans, ransomware, rootkits, and the rest — because knowing the category tells you what defense actually stops it.
Symmetric vs Asymmetric Encryption, Explained
What makes an encryption algorithm symmetric is a single shared key for both encryption and decryption; asymmetric algorithms use a mathematically linked public/private key pair instead — and the difference decides which one you should reach for.
CWE Full Form: What It Actually Stands For
CWE stands for Common Weakness Enumeration — a community-maintained taxonomy of software and hardware weakness types that CVEs, SAST tools, and OWASP guidance all reference back to.