vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
Vulnerability management under the EU Cyber Resilience Ac...
The EU Cyber Resilience Act sets hard deadlines for vulnerability reporting and SBOMs. Here's what changes, when, and how Safeguard stacks up against Anchore.
EU CRA SBOM requirements overview and compliance tips
The EU Cyber Resilience Act makes SBOMs mandatory for connected products by December 2027. Here is what CRA compliance actually requires, and how to prepare.
Enterprise Vulnerability Management: From Scanner Sprawl to One Queue
Most large organizations run five or more scanners that disagree with each other. The fix is not another scanner, it is a single deduplicated, prioritized remediation queue with owners.
How to Prioritize a 10,000-Finding Vulnerability Backlog
A five-digit backlog is not a ranking problem, it is a filtering problem. Here is the funnel that turns 10,000 findings into a few hundred that deserve engineering time.
Software Supply Chain Security News: How to Actually Track It
Software supply chain security news moves across a dozen disconnected sources — registries, CVE feeds, vendor blogs — here's a repeatable system for not missing the one that hits you.
What is Container Scanning
Container scanning finds known CVEs, secrets, and misconfigurations in image layers before deployment. Here's how it works and where it falls short.
Ageing Vulnerabilities: Fix vs Mitigate
Old vulnerabilities accumulate quietly until they become a compliance problem. Here is how to decide between fixing and mitigating, with evidence that holds up.
3 Steps to Secure Container Images
A stock base image ships 180+ unused packages. Learn the 3 steps to secure container images: minimize, prioritize by reachability, and enforce.
Top 5 Docker Security Vulnerabilities
Runc escapes, exposed daemons, stale base images, privileged containers, and leaked secrets: the five Docker vulnerabilities behind most real container breaches.
Dockerfile Security Best Practices
Six question-driven answers on Dockerfile hardening: pinning, root users, multi-stage builds, secrets, and the review gates that catch supply chain risk early.
A Black Duck Scan: What It Covers vs SCA Alternatives
A Black Duck scan focuses heavily on open-source license compliance and binary composition analysis — here's what it actually covers, and where modern SCA alternatives pull ahead.
State of CVE Disclosure and KEV in 2026
A senior-analyst view of CVE disclosure, KEV catalog growth, and the operational patterns that keep pace with them in 2026.