vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
What is Vulnerability Triage
Vulnerability triage ranks scanner findings by real exploitability and exposure, not raw CVSS score, turning an unmanageable backlog into a short, defensible fix list.
What is Exposure Management
Exposure management goes beyond CVE lists — it's the continuous, evidence-backed way to find and fix what attackers can actually exploit today.
What is Continuous Threat Exposure Management (CTEM)
CTEM is Gartner's five-stage framework for continuously scoping, discovering, prioritizing, and validating exposures instead of relying on periodic scans.
What is Attack Surface Reduction
Attack surface reduction means shrinking every entry point attackers can use—code, network, and identity. Here's how to define, measure, and act on it.
What is a Security Baseline
A security baseline is the minimum, testable set of controls every system or repo must meet — here's how it differs from policy, and how to build one for your supply chain.
FinTech Cuts CVE Noise 80% With Reachability
An anonymized story of how a high-growth payments FinTech slashed vulnerability backlog noise by 80% using Safeguard's reachability analysis.
Reachability Noise Reduction: Findings
The Safeguard Research team ran reachability analysis across a large corpus of real codebases. This is what we learned about which CVEs actually matter.
What is the CERT Secure Coding Standard
CERT secure coding standards give C, C++, and Java developers rule-by-rule guidance — with IDs, risk scores, and fix patterns — for avoiding exploitable bugs.
Jira and Docker: Integrating Security Workflows
Jira docker integration for security teams usually means auto-filing tickets from container scan findings — here's how to wire it without flooding the backlog with noise.
Air-Gapped Vulnerability Management
No internet means no live CVE feeds, no SaaS scanners, and no auto-updates — but the vulnerabilities still arrive. How to run a real vulnerability management program inside a disconnected environment.
Security Posture Assessment: A Step-by-Step Method
A security posture assessment turns 'are we secure?' into a measured, repeatable answer. Here is a six-phase method — from asset inventory to a scored, prioritized gap list you can act on.
What is Defense in Depth
Defense in depth stacks independent security layers—source, build, dependencies, artifacts, runtime—so no single failure causes a breach.