Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Best Practices

Coordinated Disclosure Zero-Day Playbook

A playbook for coordinated disclosure of zero-day vulnerabilities, covering timelines, stakeholder management, embargo discipline, and the judgement calls in between.

Dec 12, 20248 min read
Vulnerabilities

CVE-2011-4969: The jQuery XSS Bug, a Decade Later

CVE-2011-4969 is a cross-site scripting flaw in jQuery versions before 1.6.3, triggered by unsanitized attribute-selector input — it's a small, old bug, but the reasons it lingered in codebases for years are still relevant.

Nov 19, 20245 min read
Security Concepts

CWE Full Form: How the Common Weakness Enumeration Works

CWE stands for Common Weakness Enumeration — a community catalog of software and hardware weakness types. Here is what CWE means, how it differs from CVE, and how to use it.

Nov 19, 20246 min read
Security Concepts

CVE Vulnerabilities Explained: How the CVE System Works

What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.

Sep 17, 20246 min read
Vulnerability Management

A Framework for Security Patch Prioritization

You cannot patch everything immediately. Here is a risk-based framework for deciding which patches to apply first when your vulnerability backlog exceeds your capacity.

Aug 28, 20247 min read
Vulnerability Management

NuGet Package Vulnerabilities Dashboard

Listing every CVE in your NuGet dependency tree is easy. Turning it into a dashboard someone can act on is the work. A practical design.

Aug 15, 20245 min read
Vulnerabilities

Adobe Flash's End of Life: Security Lessons From a Decade of Patching

Adobe Flash security was a running joke in the industry for a decade before its 2020 end-of-life — the real lesson wasn't Flash itself, it was how long a critical dependency can outlive its own security model.

Aug 15, 20245 min read
Vulnerabilities

CVE-2020-15250: The JUnit Temp File Vulnerability

CVE-2020-15250 shows how a test-only utility class in JUnit 4 created world-readable temp files on Unix systems, and why it still shows up in scans of projects that never touched production code paths.

Aug 6, 20244 min read
Product

Safeguard Auto-Fix: Automated Vulnerability Remediation That Respects Your Codebase

Auto-Fix generates pull requests that update vulnerable dependencies with compatibility checks, test validation, and rollback safety. Remediation at the speed of disclosure.

Jul 15, 20246 min read
Vulnerability Management

Mean Time to Remediation Benchmarks: How Fast Should You Be Patching?

MTTR is the most important vulnerability management metric. But what is a good MTTR? Industry benchmarks, realistic targets, and strategies for improvement.

Jul 12, 20245 min read
Best Practices

Vulnerability Management at Enterprise Scale: What Actually Works

Managing vulnerabilities across thousands of applications and millions of dependencies requires fundamentally different approaches than what works for a single team. Here is what scales.

Jun 20, 20247 min read
Vulnerabilities

The SnakeYAML Deserialization Vulnerability, Explained

SnakeYAML's default Constructor could instantiate arbitrary Java classes from YAML input — CVE-2022-1471 turned a config-parsing library into a remote code execution path.

Jun 19, 20245 min read
vulnerability-management (Page 49) — Safeguard Blog