vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
What is Security by Obscurity
Security by obscurity means hiding a system instead of securing it. Here's why that bet fails, with real breaches, real CVEs, and what to build instead.
Prototype pollution vulnerabilities in Node.js and NestJS...
How prototype pollution reaches NestJS apps through lodash, qs, tough-cookie, and dotenv-expand — and how Safeguard catches it before it merges.
State of Open Source Security Report Overview
Open source vulnerabilities tripled in six years, but 70-85% aren't even reachable. A data-driven look at the real state of open source security in 2026.
Next-Generation Software Composition Analysis: Beyond Dependency Lists
Traditional SCA tools tell you what's in your software. Next-gen SCA tells you what matters. Here's how the category is evolving.
Why Scanning Alone Doesn't Work Anymore
Scanners generate findings. Programs produce outcomes. After a decade of dashboards and CVE counts, it is time to admit the gap between the two is the actual security problem.
Network Security Automation: What to Automate First
Network security automation pays off fastest on the repetitive, high-volume tasks — not on the judgment calls teams are tempted to automate first.
A Tale of Two Scanners: Siloed Scanning vs AI-Powered Correlation
Siloed scanners flood teams with disconnected alerts. Here's why AI powered vulnerability correlation is becoming the industry's answer to alert fatigue.
CISA Secure by Design Pledge: Practical Impact
An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.
What is Vulnerability Remediation
Vulnerability remediation means fixing a flaw at its source, not just detecting it. Learn the workflow, real MTTR benchmarks, and prioritization.
What is Auto-Remediation (AI-Powered Fixes)
Auto-remediation uses AI to generate and PR real fixes for vulnerabilities — not just flag them. Here's how it decides what's safe to auto-fix.
What is a Fix PR (Automated Fix Pull Request)
Fix PRs auto-generate code changes for known CVEs, but without reachability analysis they can flood queues with noise or reintroduce risk on merge.
What is Software Supply Chain Risk Scoring
CVSS alone can't tell you what to fix first. Here's how supply chain risk scoring blends exploitability, reachability, and provenance into one actionable number.