Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

AI Security

AI-Based Cybersecurity Tools: What to Look For

AI based cybersecurity tools range from genuinely useful triage assistants to thin wrappers around a generic model, and the difference is usually visible in how the tool handles context, not in its marketing.

May 19, 20265 min read
Application Security

Securing WordPress plugin dependencies

Real CVEs, a supply-chain hack that hit 360,000 sites, and bundled-library blind spots: what WordPress plugin security actually requires in 2026.

May 19, 20266 min read
DevSecOps

Top 8 DevSecOps best practices

Log4Shell and the xz backdoor show why DevSecOps matters. Eight concrete practices — from reachability triage to auto-fix PRs — teams can implement now.

May 19, 20267 min read
DevSecOps

How to implement DevSecOps in 4 steps

A concrete, 4-step playbook for implementing DevSecOps — pipeline gating, SBOM generation, reachability-based triage, and auto-fix PRs.

May 19, 20267 min read
DevSecOps

DevSecOps automation: principles, frameworks, and tools

A practical breakdown of DevSecOps automation frameworks — principles, standards like NIST SSDF, and the tools that turn shift-left security into a repeatable pipeline.

May 19, 20268 min read
Vulnerability Management

Upgrade Impact Analysis: Predicting Breaking Changes Befo...

Why 70% of security patches sit unapplied for months, and how diffing a package upgrade against your call graph predicts breaking changes before you run npm update.

May 16, 20267 min read
Vulnerability Management

Automated Dependency Patches: How Endor-Style Patch Gener...

Endor Labs generates automated dependency patches using reachability and AI rewrites. Here's how the pipeline works, where it breaks, and Safeguard's approach.

May 16, 20267 min read
Vulnerability Management

Patch Transparency: Auditing Automated Fix Pull Requests

Automated fix PRs from Dependabot, Renovate, and Endor Labs move fast but are rarely auditable. Here's what a real patch transparency record needs.

May 16, 20267 min read
Vulnerability Management

Zero-Day Patch Response at Scale: Can Open Source Maintai...

Zero-day patch timelines swing from 3 hours to 10 weeks across open source projects. Here's why maintainer capacity, not tooling, is the real bottleneck.

May 16, 20268 min read
SBOM & Compliance

PCI DSS Requirements for Application Security Testing

PCI DSS 4.0's March 2025 deadline made SBOMs and 30-day patch SLAs mandatory. Here's what Requirements 6.3.2, 6.4.2, and 11.3 actually demand, and where Endor Labs leaves compliance gaps.

May 14, 20267 min read
Vulnerability Management

Microsoft May 2026 Patch Tuesday: No Zero-Days, but Two CVSS 9.8 Wormable RCEs

Microsoft's May 2026 Patch Tuesday shipped without a single exploited zero-day for the first time since June 2024, but it still carried two unauthenticated CVSS 9.8 remote code execution bugs in core Windows services that every domain should treat as emergency patches.

May 13, 202613 min read
Compliance

SOC 2 compliance guide for engineering teams

SOC 2 audits fail on missing evidence, not bad intentions. Here's what engineering teams must actually build, track, and prove — with real timelines and costs.

May 13, 20267 min read
vulnerability-management (Page 13) — Safeguard Blog