Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

DevSecOps

A framework for scaling risk-based AppSec across many teams

40,009 CVEs were published in 2024 alone — a 38.83% jump over 2023. No security team can triage that volume by hand across dozens of engineering teams.

Jul 8, 20267 min read
DevSecOps

Building a shift-left security culture developers actually buy into

Log4Shell sat in most Java codebases for years before Dec 2021 — shift-left tooling alone didn't stop it. Culture, placement, and incentives are what make it work.

Jul 8, 20267 min read
Vulnerability Management

CVE-2022-1471: Inside the SnakeYaml Deserialization RCE

CVE-2022-1471 scored 9.8 CRITICAL under NIST's CVSS calculation — a single YAML tag could hand attackers remote code execution in any Java app parsing untrusted input.

Jul 8, 20265 min read
Vulnerability Management

How task-scheduler RCEs become cryptomining botnets

Two chained Apache Airflow CVEs and a Rundeck YAML deserialization bug show how scheduler tools turn one flaw into unauthenticated RCE and persistent mining.

Jul 8, 20266 min read
Vulnerability Management

Using EPSS scores for vulnerability remediation prioritization

EPSS predicts exploitation probability for every CVE on a 0-1 scale, updated daily. Paired with CVSS, it turns a 1,000-ticket backlog into a short, defensible list.

Jul 8, 20267 min read
Vulnerability Management

CWE vs. CVE vs. CVSS: The Vocabulary Every AppSec Team Gets Wrong

One CWE weakness class can spawn thousands of CVEs, and a single CVE can now carry two different CVSS scores at once — most teams still use the terms interchangeably.

Jul 8, 20267 min read
Vulnerability Management

The libwebp heap overflow that patched half the internet: CVE-2023-4863

One heap buffer overflow in a 15-year-old image codec forced Chrome, Firefox, Edge, Electron apps, and entire Linux distros to ship emergency patches within days.

Jul 8, 20266 min read
Guides

Vulnerability Management for Beginners: From Alert Overload to Calm Control

Scanners are good at finding problems. Vulnerability management is the calmer discipline of deciding which ones actually matter and fixing them in order. Here is a friendly guide with a first workflow to try today.

Jul 7, 20266 min read
DevSecOps

How to Report AppSec Risk to Your CISO

CVSS measures severity, not risk — and a slide of 4,000 raw findings tells a CISO nothing. Here's how to translate scan output into decisions.

Jul 7, 20267 min read
DevSecOps

Why NVD alone is not enough: the case for multi-source vulnerability intelligence

NIST now fully enriches a fraction of CVEs — on April 15, 2026 it moved to a triage model that leaves most of 2025's 48,185 published CVEs without a timely severity score.

Jul 7, 20267 min read
FAQ

AI Security Remediation FAQ: How AI-Authored Fixes Are Kept Trustworthy

How an AI can be trusted to fix security vulnerabilities — the role of reachability, validation, and human review in keeping AI-authored remediation accurate and safe.

Jul 6, 20265 min read
FAQ

False Positives in Security Scanning FAQ

Why security scanners produce so many false positives, what actually counts as one, and how reachability analysis and context reduce the noise. A practical FAQ.

Jul 6, 20266 min read
vulnerability-management (Page 5) — Safeguard Blog