vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
False Positives in Cyber Security: Why They Happen and How to Cut Them
A scanner that cries wolf gets ignored. Here's why false positives pile up in security tooling and the concrete changes that actually reduce them.
Serialization vs. Deserialization in Java: Security Implications
The difference between serialization and deserialization in Java is simple to state and dangerous to get wrong — deserialization of untrusted data has caused some of the highest-severity Java CVEs of the last decade.
Buffer Overflow Exploits: A Practical Example
A buffer overflow exploit example, walked through step by step, showing exactly how writing past the end of a fixed-size buffer can turn a simple C function into arbitrary code execution.
What Is SBOM Security, and Why Does It Matter?
SBOM security is the practice of using a software bill of materials to actually find and act on risk in your dependencies, not just to produce a compliance document.
True Positives vs False Positives in Cyber Security
A true positive is a real finding your tools caught correctly; a false positive is noise that looks like a finding but isn't — and the ratio between them decides whether your security program gets trusted or ignored.
PHP 7.3 to 7.4 Version Vulnerabilities: A Security Changelog
PHP 7.4 vulnerabilities span years of unsupported point releases; here is what changed security-wise across the 7.3 and 7.4 lines and why staying on either branch today is a standing risk.
CISA KEV Catalog in 2025: What the Data Tells Us About Real-World Exploitation
The CISA Known Exploited Vulnerabilities catalog has become the definitive list of actively exploited flaws. An analysis of 2025 KEV trends reveals which products, vulnerability types, and attack patterns dominate.
Use-After-Free Vulnerabilities: How They're Exploited
A use-after-free exploit turns a dangling pointer into arbitrary code execution — here's how the bug class works, why it still dominates browser and kernel CVEs, and how to catch it before release.
XXE Attack Walkthroughs: What a Good Demo Actually Shows
Most XXE video walkthroughs stop at proof-of-concept file reads — here's what a genuinely useful one covers, plus the Java fix that actually closes the hole.
Eclipse Jetty Vulnerabilities: What to Patch and When
Jetty's HTTP/2 handling and older 9.4.x branches have carried real denial-of-service and information-disclosure CVEs — here's what a jetty 9.4.41 exploit actually looks like and which versions close it.
Reading a Scan Report: What Actually Matters
Most scan reports bury the three fields that decide whether a finding needs action today — this is how to read one without drowning in noise.
Data Vulnerability Classes in Modern Applications
Most breaches trace back to a handful of recurring data vulnerability patterns — from unencrypted storage to broken access checks. Here's how to categorize and prioritize them.