Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Industry Analysis

Benchmarking Mean Time to Remediate Across Company Size a...

MTTR benchmarks vary 2-5x by company size and industry. See how financial services, healthcare, and mid-sized firms compare — and what a realistic 2026 target looks like.

Jul 23, 20258 min read
DevSecOps

Shift Left Fatigue: Why Developers Are Pushing Back on Se...

Shift-left security handed developers new duties without removing old ones. Here's why teams are pushing back — and how better tooling fixes the real problem: noise, not ownership.

Jul 19, 20257 min read
DevSecOps

The Champion Model: Do Embedded Security Champions Actual...

Security champion programs cut vulnerabilities only under specific conditions. Here's what BSIMM, GitLab, and OWASP data show about when the champion model actually works.

Jul 18, 20257 min read
DevSecOps

Why Security and Engineering KPIs Are Still Misaligned in...

Security teams chase CVSS scores and SLA compliance while engineering chases velocity and uptime—two scorecards that were never built to agree.

Jul 18, 20257 min read
DevSecOps

Why Small Teams Often Outperform Large Enterprises on Fix...

Small teams often patch critical CVEs in hours while enterprises take weeks — not because of talent, but process. Here's why, and how to close the gap.

Jul 17, 20256 min read
Industry Analysis

The CVE Program Funding Crisis: What Happened and What It Means

The CVE program nearly lost its funding in early 2025, exposing deep structural risks in how we track vulnerabilities. Here is what happened and where we go from here.

Jul 15, 20256 min read
Industry Analysis

Log4Shell Three Years Later: Which Fixes Actually Stuck?

Three years after Log4Shell's disclosure, which fixes actually held? A look back at CVE-2021-44228's timeline, CVSS/EPSS/KEV context, and lingering exposure.

Jul 13, 20257 min read
AppSec

Spring Framework RCE Vulnerabilities: A History

From Spring4Shell to older data binding flaws, Spring framework RCE bugs keep resurfacing in the same handful of places — data binding, expression evaluation, and class loading.

Jun 24, 20256 min read
AppSec

Application Vulnerability Assessment: Scope, Method, and Reporting

Most assessment reports die unread because scope was fuzzy and findings were not verified. A working method for assessments that end in shipped fixes.

Jun 24, 20255 min read
AppSec

The OWASP API Security Top 10: Each Risk Explained

The OWASP API Top 10 is a ranked list of the most common API-specific vulnerability classes, from broken object level authorization to unsafe consumption of third-party APIs.

Jun 19, 20255 min read
Product

Safeguard Griffin AI: Autonomous Vulnerability Remediation That Actually Works

Griffin AI moves beyond scan-and-alert to autonomously generate, test, and propose vulnerability fixes. How Safeguard's remediation engine reduces mean time to fix without introducing new risk.

Jun 15, 20257 min read
AppSec

Application Security Vulnerability Management: A Working Workflow

A concrete workflow for application security vulnerability management, from scan to fix to verified close, that survives contact with a real release calendar.

Jun 11, 20255 min read
vulnerability-management (Page 46) — Safeguard Blog