vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
Container security best practices checklist
A practical container security checklist covering base images, scanning limits, runtime risk, and why CVE scans like Trivy alone miss most real supply chain threats.
Container escape attacks: how they happen and how to prev...
Container escapes rarely need a zero-day — privileged flags, mounted sockets, and excess capabilities do the job. Here's how they happen, real CVEs, and how to stop them.
The State of Open Source Security report (annual series)
Safeguard's annual State of Open Source Security Report finds transitive dependencies now drive most exposure, and reachability — not CVSS alone — separates mature security programs.
Vulnerability prioritization: moving beyond CVSS scores
CVSS scores flood teams with thousands of "Critical" findings, but fewer than 5% of CVEs are ever exploited. Here's how reachability and exploit data fix triage.
Risk-based vulnerability management explained
Why CVSS severity alone fails to prioritize vulnerabilities, how Trivy's default scoring falls short, and how EPSS, CISA KEV, and reachability data cut remediation backlogs by 95%+.
5 risks of open source software in 2026
Open source now makes up most enterprise code. Here are 5 risks defining open source software security in 2026 — and how to close the exploitability gap.
How to reduce alert fatigue from vulnerability scanners
Container scanners like Trivy can return thousands of CVE findings per scan. Here's why most are noise, and how reachability and exploit data cut the list to what matters.
162 vulnerabilities disclosed in Java's top 10 libraries
Safeguard's H1 2026 analysis found 162 CVEs across Java's ten most-downloaded libraries, with critical RCE risk concentrated in Tomcat and Spring.
Annual DevSecOps maturity benchmark report
Safeguard's 2026 DevSecOps Maturity Benchmark finds detection at an all-time high but remediation stuck at a 19-day median — here's what separates the top-quartile programs.
ASM vs. Penetration Testing: how they differ and work tog...
ASM and pen testing measure different things at different speeds. See how Safeguard's supply-chain-native ASM complements cloud-focused tools like Wiz—and manual testing.
Attack Surface Management Tools: 2026 comparison guide
Wiz secures your cloud footprint; Safeguard secures what ships into it. A 2026 comparison of attack surface management tools across supply chain vs. cloud scope.
Enterprise Security Services: What to Outsource and What to Own
A practical split for enterprise security services — what genuinely benefits from outsourcing and what an internal team should keep, based on where expertise decays fastest.