Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

SecOps

False Positives in Cyber Security: Why They Happen and How to Cut Them

A scanner that cries wolf gets ignored. Here's why false positives pile up in security tooling and the concrete changes that actually reduce them.

Jun 11, 20255 min read
AppSec

Serialization vs. Deserialization in Java: Security Implications

The difference between serialization and deserialization in Java is simple to state and dangerous to get wrong — deserialization of untrusted data has caused some of the highest-severity Java CVEs of the last decade.

Jun 10, 20256 min read
AppSec

Buffer Overflow Exploits: A Practical Example

A buffer overflow exploit example, walked through step by step, showing exactly how writing past the end of a fixed-size buffer can turn a simple C function into arbitrary code execution.

May 27, 20257 min read
Supply Chain

What Is SBOM Security, and Why Does It Matter?

SBOM security is the practice of using a software bill of materials to actually find and act on risk in your dependencies, not just to produce a compliance document.

May 14, 20254 min read
SecOps

True Positives vs False Positives in Cyber Security

A true positive is a real finding your tools caught correctly; a false positive is noise that looks like a finding but isn't — and the ratio between them decides whether your security program gets trusted or ignored.

Apr 14, 20256 min read
AppSec

PHP 7.3 to 7.4 Version Vulnerabilities: A Security Changelog

PHP 7.4 vulnerabilities span years of unsupported point releases; here is what changed security-wise across the 7.3 and 7.4 lines and why staying on either branch today is a standing risk.

Mar 19, 20256 min read
Threat Intelligence

CISA KEV Catalog in 2025: What the Data Tells Us About Real-World Exploitation

The CISA Known Exploited Vulnerabilities catalog has become the definitive list of actively exploited flaws. An analysis of 2025 KEV trends reveals which products, vulnerability types, and attack patterns dominate.

Mar 18, 20255 min read
AppSec

Use-After-Free Vulnerabilities: How They're Exploited

A use-after-free exploit turns a dangling pointer into arbitrary code execution — here's how the bug class works, why it still dominates browser and kernel CVEs, and how to catch it before release.

Mar 18, 20256 min read
Vulnerabilities

XXE Attack Walkthroughs: What a Good Demo Actually Shows

Most XXE video walkthroughs stop at proof-of-concept file reads — here's what a genuinely useful one covers, plus the Java fix that actually closes the hole.

Mar 18, 20255 min read
AppSec

Eclipse Jetty Vulnerabilities: What to Patch and When

Jetty's HTTP/2 handling and older 9.4.x branches have carried real denial-of-service and information-disclosure CVEs — here's what a jetty 9.4.41 exploit actually looks like and which versions close it.

Mar 18, 20256 min read
AppSec

Reading a Scan Report: What Actually Matters

Most scan reports bury the three fields that decide whether a finding needs action today — this is how to read one without drowning in noise.

Mar 18, 20255 min read
Vulnerabilities

Data Vulnerability Classes in Modern Applications

Most breaches trace back to a handful of recurring data vulnerability patterns — from unencrypted storage to broken access checks. Here's how to categorize and prioritize them.

Mar 14, 20256 min read
vulnerability-management (Page 47) — Safeguard Blog