Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Vulnerability Analysis

jQuery prototype pollution vulnerability re-emerges

jQuery's prototype pollution flaw (CVE-2019-11358) keeps surfacing in 2026 dependency scans. Here's why it persists and how to remediate it.

May 2, 20268 min read
Vulnerability Analysis

Filesystem takeover vulnerabilities in the npm package manager

How npm and node-tar "filesystem takeover" CVEs let malicious packages overwrite files via symlinks and path traversal during install.

May 1, 20267 min read
Vulnerability Analysis

CVE scoring inconsistencies across vulnerability databases

Why the same CVE can carry three different severity scores across NVD, GitHub, and vendor advisories — and how to prioritize anyway.

May 1, 20266 min read
Vulnerability Analysis

The NVD backlog and its impact on vulnerability management

The NVD backlog leaves thousands of CVEs unscored each month, forcing security teams to rethink how they prioritize and triage vulnerabilities.

May 1, 20266 min read
Vulnerability Analysis

Understanding zero-day vulnerabilities and incident response

A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.

Apr 30, 20266 min read
Open Source Security

Patch management strategies for open source dependencies

A practical guide to patch management for open source dependencies: prioritizing by reachability and EPSS, not CVSS alone, and building a repeatable remediation loop.

Apr 30, 20267 min read
Open Source Security

Transitive dependency vulnerabilities explained

A vulnerability three layers deep in your dependency graph is still your problem. Here's how transitive flaws like Log4Shell hide, spread, and get fixed.

Apr 30, 20267 min read
Best Practices

Vulnerability Management Dashboard Blueprint 2026

A 2026 blueprint for vulnerability management dashboards: which metrics belong on executive, manager, and engineer views, and how to avoid the common failure modes.

Apr 28, 20266 min read
Software Supply Chain Security

Best SBOM tools compared (including Trivy)

Trivy generates SBOMs fast at scan time. Safeguard turns those SBOMs into a versioned, queryable inventory you can match against new CVEs org-wide.

Apr 28, 20268 min read
Software Supply Chain Security

Securing IoT device firmware supply chains

How Ripple20, Mirai, and Realtek SDK flaws exposed IoT firmware supply chains, what EU CRA and FDA SBOM rules require, and what reachability adds.

Apr 28, 20267 min read
Industry Analysis

Trivy's etcd exhaustion problem and scan reliability issues

Trivy's local vulnerability database runs on etcd's own bbolt engine, and its single-writer lock and unbounded growth cause CI scans to stall or fail.

Apr 27, 20268 min read
Container Security

Container image scanning: how it works and best tools

A practical guide to container image scanning: how layer-by-layer CVE detection works, how Trivy stacks up, and where Safeguard adds deeper coverage.

Apr 26, 20267 min read
vulnerability-management (Page 16) — Safeguard Blog