Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Vulnerability Analysis

What is a known vulnerability?

A known vulnerability is a publicly disclosed, CVE-tracked flaw — and disclosure alone doesn't mean it's fixed, patched, or harmless.

Jun 3, 20266 min read
Vulnerability Analysis

Understanding CVSS scoring for vulnerabilities

CVSS scores run 0-10, but a 9.8 doesn't always mean patch tonight. Here's how base scores are calculated and why context beats the number.

Jun 2, 20267 min read
AppSec

Application Security Management: Programs That Actually Work

What separates an application security management program that actually reduces risk from one that just generates dashboards, based on where ownership and monitoring break down.

Jun 2, 20265 min read
Vulnerability Analysis

Vulnerability vs weakness: CVE vs CWE explained

CVE identifies one specific vulnerability; CWE identifies the weakness pattern behind it. Here's how the two taxonomies connect and why both matter.

Jun 2, 20267 min read
Vulnerability Management

Vulnerability scanning tools and techniques compared

A verifiable comparison of Safeguard and JFrog Xray on scan coverage, data sourcing, reachability analysis, and CI/CD integration for vulnerability scanning.

Jun 1, 20268 min read
Vulnerability Management

CVE Numbering Authority (CNA) status: why it matters when...

JFrog has issued its own CVEs since 2021 as a CVE Numbering Authority. Here's what CNA status really controls, where it falls short, and how to verify vendor-disclosed vulnerabilities.

May 29, 20267 min read
Application Security

Zip Slip vulnerability cheat sheet

A concrete, question-driven cheat sheet on Zip Slip: how the archive-extraction path traversal bug works, real CVEs, and how to detect and fix it.

May 29, 20268 min read
Software Supply Chain Security

What is a Software Bill of Materials (SBOM) and why it ma...

A software bill of materials (SBOM) is a live inventory of every dependency in your software. Here's why it matters, how JFrog handles it, and how Safeguard does better.

May 28, 20267 min read
Application Security

Software Composition Analysis (SCA) explained: how it fin...

SCA scans your dependency tree against CVE databases to catch vulnerable open-source packages like Log4Shell before they reach production.

May 28, 20267 min read
Application Security

10 Java security best practices

10 Java security best practices security teams should enforce across dependency management, deserialization, injection, secrets, and build pipelines.

May 27, 20267 min read
Vulnerability Management

CVE explained: how vulnerabilities get identified and scored

A CVE ID and its CVSS score come from different organizations entirely. Here's how identification and severity scoring actually work, using Log4Shell and the 2024 NVD backlog as examples.

May 27, 20267 min read
Application Security

Go security cheat sheet for developers

A practical Go security cheat sheet: the real vulnerability classes, must-patch stdlib CVEs, and dependency scanning tactics developers need to know.

May 27, 20267 min read
vulnerability-management (Page 11) — Safeguard Blog