vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
jQuery prototype pollution vulnerability re-emerges
jQuery's prototype pollution flaw (CVE-2019-11358) keeps surfacing in 2026 dependency scans. Here's why it persists and how to remediate it.
Filesystem takeover vulnerabilities in the npm package manager
How npm and node-tar "filesystem takeover" CVEs let malicious packages overwrite files via symlinks and path traversal during install.
CVE scoring inconsistencies across vulnerability databases
Why the same CVE can carry three different severity scores across NVD, GitHub, and vendor advisories — and how to prioritize anyway.
The NVD backlog and its impact on vulnerability management
The NVD backlog leaves thousands of CVEs unscored each month, forcing security teams to rethink how they prioritize and triage vulnerabilities.
Understanding zero-day vulnerabilities and incident response
A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.
Patch management strategies for open source dependencies
A practical guide to patch management for open source dependencies: prioritizing by reachability and EPSS, not CVSS alone, and building a repeatable remediation loop.
Transitive dependency vulnerabilities explained
A vulnerability three layers deep in your dependency graph is still your problem. Here's how transitive flaws like Log4Shell hide, spread, and get fixed.
Vulnerability Management Dashboard Blueprint 2026
A 2026 blueprint for vulnerability management dashboards: which metrics belong on executive, manager, and engineer views, and how to avoid the common failure modes.
Best SBOM tools compared (including Trivy)
Trivy generates SBOMs fast at scan time. Safeguard turns those SBOMs into a versioned, queryable inventory you can match against new CVEs org-wide.
Securing IoT device firmware supply chains
How Ripple20, Mirai, and Realtek SDK flaws exposed IoT firmware supply chains, what EU CRA and FDA SBOM rules require, and what reachability adds.
Trivy's etcd exhaustion problem and scan reliability issues
Trivy's local vulnerability database runs on etcd's own bbolt engine, and its single-writer lock and unbounded growth cause CI scans to stall or fail.
Container image scanning: how it works and best tools
A practical guide to container image scanning: how layer-by-layer CVE detection works, how Trivy stacks up, and where Safeguard adds deeper coverage.