vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
What is TLS/SSL
TLS/SSL encrypts data in transit, but outdated versions and unpatched libraries like Heartbleed-era OpenSSL still expose real risk today.
Snyk AppRisk: What It Actually Covers
Snyk AppRisk aggregates findings across Snyk's scanners into a single application-level risk view — here's what it covers, and what it doesn't replace.
The DevSecOps Metrics That Actually Predict Breaches
Finding counts and scan totals are vanity metrics. The numbers that correlate with real incidents measure exposure time, coverage gaps, and gate bypasses.
What is an Intrusion Detection System (IDS)
An IDS detects malicious network or host activity after it happens. Learn what an IDS is, how it differs from an IPS, and why supply chain attacks need more.
What is an Intrusion Prevention System (IPS)
An IPS blocks malicious traffic inline in real time, but it can't stop supply chain attacks hidden inside trusted code and dependencies.
What is Incident Response
What incident response actually means, its four NIST phases, and why supply chain attacks like Log4Shell and SolarWinds break traditional response assumptions.
What is a Data Breach
A data breach is unauthorized access to sensitive data. See real causes like MOVEit and Log4Shell, average costs, and how to prevent one.
GCP Artifact Analysis API for Vulnerability Triage
GCP's Artifact Analysis API is the most direct way to get scan results into your triage tooling. Here is how to use it without drowning your team.
What is Threat Intelligence
Threat intelligence turns raw indicators into actionable defense. Here's what it actually is, its four types, and how it applies to software supply chains.
What is MITRE ATT&CK
MITRE ATT&CK catalogs real attacker behavior into 14 tactics and 200+ techniques. Here's how it works, how it differs from CVE/CWE, and how to use it.
The End of CVSS-Only Prioritization
A single static severity score cannot tell you which vulnerability to fix first. Modern prioritization is a function of reachability, exploitability, and business context — and CVSS is only one input.
What is Attack Path Analysis
Attack path analysis maps how vulnerabilities and misconfigurations chain together into real exploit routes, cutting 10,000+ findings down to the handful that matter.