security-research
Safeguard articles tagged "security-research" — guides, analysis, and best practices for software supply chain and application security.
4 articles
The Snyk Vulnerability Database: How It Works and Open Alternatives
The Snyk vuln db is one of the most cited advisory sources in developer security. Where its data comes from, what's proprietary, and how OSV and GitHub's database compare.
Vulnerability Disclosure Policy Template
A practical template for creating a vulnerability disclosure policy, with guidance on safe harbor provisions, response timelines, and researcher relationships.
The Economics of Vulnerability Bounties: Who Wins and Who Loses
Bug bounty programs are a billion-dollar market. But the economics do not work equally well for everyone. A look at who benefits, who gets shortchanged, and what the numbers actually say.
Open Source Security Bounty Programs: Do They Actually Work?
Bug bounty programs for open source projects promise market-driven vulnerability discovery. The reality is more complicated, with perverse incentives, quality problems, and funding gaps.