security-fundamentals
Safeguard articles tagged "security-fundamentals" — guides, analysis, and best practices for software supply chain and application security.
19 articles
CVE vs CWE: What's the Difference?
A CVE identifies one specific vulnerability in one product; a CWE names the underlying type of weakness that caused it. Here's how the two systems differ and how they work together.
DevSecOps Fundamentals
DevSecOps folds security into the fast, automated flow of modern development instead of bolting it on at the end. This guide explains what DevSecOps really means, how the pipeline works stage by stage, and the practices that make it stick.
Container Security Fundamentals
Containers made shipping software faster, but every image is a stack of inherited software with its own attack surface. This guide covers the fundamentals: what a container really is, where the risks live, and the practices that keep images and runtimes safe.
Understanding Open Source Security Risk
Open source powers nearly every modern application, but the code you inherit brings risks you did not write. This guide explains where open source risk comes from, how it reaches your product, and how to manage it without abandoning the ecosystem.
What Is a Security Advisory
A security advisory is an official notice that a product has a security flaw, plus how to fix it. Here is what advisories contain, who issues them, and how to act on one.
Introduction to Secure Software Development
Security is not a phase you bolt on at the end — it is a set of practices woven through every stage of building software. This guide introduces the secure development lifecycle, the practices that matter at each stage, and how to get started.
What Is a CVSS Score
A CVSS score rates how severe a security flaw is on a scale of 0 to 10. Here is what the number means, how to read it, and why it is only part of the risk picture.
Introduction to Vulnerability Scanning
Vulnerability scanning is how teams find known weaknesses before attackers do. This guide explains what a scanner actually does, the main types, how a scan works end to end, and how to turn a wall of findings into a short list of things worth fixing.
What Is a Security Patch
A security patch is a small update that fixes a specific flaw in software. Here is what patches are, why applying them quickly matters, and how teams manage them.
Understanding SBOM Formats
A software bill of materials is only useful if tools can read it. Two standards dominate — SPDX and CycloneDX — and knowing what each captures, how they differ, and when to use which is the difference between an inventory that works and one that gathers dust.
What Is a Software Dependency
A software dependency is outside code your program relies on to run. Here is what dependencies are, why modern apps have so many, and why they matter for security.
Understanding CVSS Scores
CVSS turns a vulnerability's characteristics into a number from 0 to 10 and a severity label. Here is what the score actually measures, how the metrics combine, and why the number alone should never drive your patching.