Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Container Security

Continuous container vulnerability scanning with Amazon I...

How Amazon Inspector's continuous container scanning actually works, where Inspector vs Trivy differs, and the ECR blind spots teams need to cover.

Jan 19, 20267 min read
Cloud Security

GCP Artifact Registry Vulnerability Scanning: Integrating the Findings

Artifact Analysis on Artifact Registry produces a steady stream of findings. The discipline is in what you do with them. We map the workflows that actually reduce risk.

Jan 15, 20267 min read
Vulnerability Analysis

Log4Shell Five Years Later: What CVE-2021-44228 Taught Us About Transitive Risk

Five years after Log4Shell, the technical details still matter, but the lasting lessons are about transitive dependencies, SBOM accuracy, and the long tail of unpatched internal tooling.

Jan 9, 20265 min read
Vulnerability Analysis

sudo -e/sudoedit privilege escalation bypass (CVE-2019-14287)

CVE-2019-14287 let sudo users bypass "run as any user except root" rules via `sudo -u#-1`, gaining full root. Here's how it worked and how to fix it.

Jan 7, 20268 min read
Vulnerability Analysis

libwebp animated WebP overflow (CVE-2023-5129)

CVE-2023-5129 exposed a critical libwebp heap overflow, then got rejected as a duplicate of CVE-2023-4863 — leaving two CVE trails for one flaw.

Jan 7, 20268 min read
Open Source Security

CVE analysis: critical vulnerabilities in open source fin...

Log4Shell, Spring4Shell, and the Struts flaw behind Equifax: real CVEs still lurking in banking and fintech open source stacks, with fixes and detection tips.

Jan 3, 20268 min read
Vulnerability Analysis

tough-cookie prototype pollution (CVE-2023-26136)

CVE-2023-26136: a prototype pollution flaw in tough-cookie hides deep in transitive Node.js dependencies. Impact, timeline, and remediation steps.

Jan 2, 20268 min read
Vulnerability Analysis

Python setuptools package_index ReDoS (CVE-2022-40897)

CVE-2022-40897 is a ReDoS flaw in setuptools' package_index.py that can hang CI pipelines when parsing crafted index pages. Here's how to detect and fix it.

Dec 31, 20257 min read
SBOM

SBOM adoption in underwriting and actuarial software

Insurers price risk with software built on unvetted open-source code. Here's how SBOM underwriting software closes that blind spot.

Dec 30, 20257 min read
SBOM

SBOM for automotive ECU firmware and embedded software

How automotive ECU firmware SBOMs help OEMs and suppliers track embedded components, manage vehicle firmware vulnerabilities, and secure OTA updates.

Dec 29, 20257 min read
Open Source Security

How to manage open source risk in telecom OSS/BSS softwar...

A practical guide to managing telecom OSS/BSS open source risk—from SBOM inventory to dependency scanning—so carrier billing and network software stays secure.

Dec 25, 20258 min read
AI Security

Analysis of known MCP server CVEs and disclosed vulnerabi...

Two critical CVEs — in mcp-remote and Anthropic's MCP Inspector — reveal how MCP server vulnerabilities let untrusted servers execute code on client machines.

Dec 18, 20258 min read
vulnerability-management (Page 34) — Safeguard Blog