vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
Coordinated Disclosure Zero-Day Playbook
A playbook for coordinated disclosure of zero-day vulnerabilities, covering timelines, stakeholder management, embargo discipline, and the judgement calls in between.
CVE-2011-4969: The jQuery XSS Bug, a Decade Later
CVE-2011-4969 is a cross-site scripting flaw in jQuery versions before 1.6.3, triggered by unsanitized attribute-selector input — it's a small, old bug, but the reasons it lingered in codebases for years are still relevant.
CWE Full Form: How the Common Weakness Enumeration Works
CWE stands for Common Weakness Enumeration — a community catalog of software and hardware weakness types. Here is what CWE means, how it differs from CVE, and how to use it.
CVE Vulnerabilities Explained: How the CVE System Works
What a CVE vulnerability actually is, who assigns the IDs, how CVSS scoring and the KEV catalog fit in, and why a CVE number is a label, not a verdict.
A Framework for Security Patch Prioritization
You cannot patch everything immediately. Here is a risk-based framework for deciding which patches to apply first when your vulnerability backlog exceeds your capacity.
NuGet Package Vulnerabilities Dashboard
Listing every CVE in your NuGet dependency tree is easy. Turning it into a dashboard someone can act on is the work. A practical design.
Adobe Flash's End of Life: Security Lessons From a Decade of Patching
Adobe Flash security was a running joke in the industry for a decade before its 2020 end-of-life — the real lesson wasn't Flash itself, it was how long a critical dependency can outlive its own security model.
CVE-2020-15250: The JUnit Temp File Vulnerability
CVE-2020-15250 shows how a test-only utility class in JUnit 4 created world-readable temp files on Unix systems, and why it still shows up in scans of projects that never touched production code paths.
Safeguard Auto-Fix: Automated Vulnerability Remediation That Respects Your Codebase
Auto-Fix generates pull requests that update vulnerable dependencies with compatibility checks, test validation, and rollback safety. Remediation at the speed of disclosure.
Mean Time to Remediation Benchmarks: How Fast Should You Be Patching?
MTTR is the most important vulnerability management metric. But what is a good MTTR? Industry benchmarks, realistic targets, and strategies for improvement.
Vulnerability Management at Enterprise Scale: What Actually Works
Managing vulnerabilities across thousands of applications and millions of dependencies requires fundamentally different approaches than what works for a single team. Here is what scales.
The SnakeYAML Deserialization Vulnerability, Explained
SnakeYAML's default Constructor could instantiate arbitrary Java classes from YAML input — CVE-2022-1471 turned a config-parsing library into a remote code execution path.