vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
Continuous container vulnerability scanning with Amazon I...
How Amazon Inspector's continuous container scanning actually works, where Inspector vs Trivy differs, and the ECR blind spots teams need to cover.
GCP Artifact Registry Vulnerability Scanning: Integrating the Findings
Artifact Analysis on Artifact Registry produces a steady stream of findings. The discipline is in what you do with them. We map the workflows that actually reduce risk.
Log4Shell Five Years Later: What CVE-2021-44228 Taught Us About Transitive Risk
Five years after Log4Shell, the technical details still matter, but the lasting lessons are about transitive dependencies, SBOM accuracy, and the long tail of unpatched internal tooling.
sudo -e/sudoedit privilege escalation bypass (CVE-2019-14287)
CVE-2019-14287 let sudo users bypass "run as any user except root" rules via `sudo -u#-1`, gaining full root. Here's how it worked and how to fix it.
libwebp animated WebP overflow (CVE-2023-5129)
CVE-2023-5129 exposed a critical libwebp heap overflow, then got rejected as a duplicate of CVE-2023-4863 — leaving two CVE trails for one flaw.
CVE analysis: critical vulnerabilities in open source fin...
Log4Shell, Spring4Shell, and the Struts flaw behind Equifax: real CVEs still lurking in banking and fintech open source stacks, with fixes and detection tips.
tough-cookie prototype pollution (CVE-2023-26136)
CVE-2023-26136: a prototype pollution flaw in tough-cookie hides deep in transitive Node.js dependencies. Impact, timeline, and remediation steps.
Python setuptools package_index ReDoS (CVE-2022-40897)
CVE-2022-40897 is a ReDoS flaw in setuptools' package_index.py that can hang CI pipelines when parsing crafted index pages. Here's how to detect and fix it.
SBOM adoption in underwriting and actuarial software
Insurers price risk with software built on unvetted open-source code. Here's how SBOM underwriting software closes that blind spot.
SBOM for automotive ECU firmware and embedded software
How automotive ECU firmware SBOMs help OEMs and suppliers track embedded components, manage vehicle firmware vulnerabilities, and secure OTA updates.
How to manage open source risk in telecom OSS/BSS softwar...
A practical guide to managing telecom OSS/BSS open source risk—from SBOM inventory to dependency scanning—so carrier billing and network software stays secure.
Analysis of known MCP server CVEs and disclosed vulnerabi...
Two critical CVEs — in mcp-remote and Anthropic's MCP Inspector — reveal how MCP server vulnerabilities let untrusted servers execute code on client machines.