Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

AppSec

Application Vulnerability Management: Program Basics

A working definition of application vulnerability management and the five program elements that separate a real practice from a pile of scanner tickets.

Mar 11, 20256 min read
Vulnerabilities

jQuery 3.7.1 Vulnerabilities: What Actually Changed From Earlier Releases

jQuery 3.7.1 vulnerabilities are mostly inherited history, not new CVEs — the real security story is what changed across 3.4, 3.5, and 3.7.

Mar 11, 20255 min read
AppSec

What Is the NVD (National Vulnerability Database)?

The NVD is the U.S. government's repository of analyzed vulnerability data, built on top of the CVE program — here's what it actually adds, how CVE and NVD relate, and where its data comes from.

Mar 11, 20256 min read
Vulnerabilities

Node.js Vulnerabilities: Tracking and Patching at Scale

How to actually keep up with Node.js vulnerabilities across dozens of services — where advisories come from, what to automate, and what still needs a human.

Feb 19, 20255 min read
AppSec

Unrestricted File Upload Vulnerabilities: Risks and Fixes

An unrestricted file upload vulnerability lets an attacker place a working web shell on your server through a form that was only ever supposed to accept profile pictures or PDFs.

Feb 11, 20256 min read
AppSec

IAST Security: Interactive Application Security Testing Explained

IAST security instruments a running application to watch real requests flow through real code, catching vulnerabilities that static analysis and black-box scanning both miss.

Feb 10, 20256 min read
SecOps

How to Fix Vulnerabilities: A Practical Workflow

A practical, repeatable workflow for how to fix vulnerabilities once a scanner finds them — triage, verify, patch, and confirm — instead of treating every finding as equally urgent.

Feb 6, 20255 min read
SecOps

Types of Vulnerability Assessment, Explained

Not every vulnerability assessment tests the same thing. Here's how network, application, host, and wireless assessments differ, and when each one is the right call.

Feb 4, 20254 min read
SecOps

Software Security Issues: A Triage Framework

Most teams triage software security issues by severity score alone, which routinely gets the priority order wrong. A better framework weighs reachability and exposure too.

Jan 27, 20256 min read
AppSec

CVE-2023-4863: The libwebp Zero-Day That Hit Chrome and More

CVE-2023-4863 was a heap buffer overflow in libwebp's Huffman decoding that was exploited as a zero-day in the wild — and because libwebp sits inside Chrome, Firefox, and countless Electron apps, one library bug became an ecosystem-wide emergency patch.

Jan 22, 20256 min read
Vulnerability Management

Exploit Chaining: A Supply Chain Perspective

How attackers chain low and medium severity flaws across dependencies to reach critical impact, and why supply chain context changes triage priorities.

Jan 20, 20257 min read
Compliance

SOC 2 Type II for Engineering Teams: What Auditors Actually Check

Auditors don't start with your policies — they sample your PRs, tickets, and access reviews. Here's what a SOC 2 Type II observation window actually tests, control by control.

Dec 16, 20246 min read
vulnerability-management (Page 48) — Safeguard Blog