Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Security Concepts

The National Vulnerability Database: How to Actually Use It

The National Vulnerability Database is the US government's CVE repository — here's how to search it, read its CVSS scores, and use it in a real workflow.

May 14, 20245 min read
Vulnerability Management

False Positive Rates in Container Scanning: Why Your Scanner Lies to You

Container scanners produce mountains of findings. A significant percentage are false positives. Here is how to measure and manage the noise.

May 12, 20245 min read
Vulnerabilities

Application Vulnerabilities: The Common Classes Explained

Injection, broken access control, and misconfiguration account for most real-world breaches. Here's a plain map of the classes that matter and how each one is actually exploited.

May 9, 20245 min read
DevSecOps

Container Security Scanning in 2024: Benchmarks, Tools, and What Actually Matters

Container image scanning tools vary widely in detection rates, false positive rates, and coverage. Here is a practical assessment of the container security scanning landscape in 2024.

Apr 20, 20246 min read
Concepts

What is Fuzzing

Fuzzing feeds programs malformed input at machine speed to trigger crashes and expose memory-safety bugs. Here's how fuzz testing works and why it matters.

Apr 18, 20246 min read
Vulnerabilities

Spring4Shell: What Shipped and How to Patch It

What the Spring4Shell vulnerability actually was, which configurations were exposed, and the concrete patch and mitigation steps that closed it.

Apr 2, 20245 min read
Industry Analysis

NIST NVD Slowdown: What the Vulnerability Enrichment Backlog Means for Security Teams

NIST's National Vulnerability Database nearly stopped enriching CVEs in early 2024, creating a growing backlog that left security teams without the severity scores and metadata they depend on.

Mar 15, 20246 min read
Vulnerabilities

Apache Struts 2 Vulnerabilities: A History Worth Knowing

Apache Struts 2 has produced some of the most damaging vulnerabilities in web application history, including the flaw behind the Equifax breach. Here's what happened and why it keeps happening.

Mar 11, 20245 min read
Vulnerability Management

CISA KEV Catalog Growth: A 2024 Q1 Analysis

CISA added 40+ CVEs to the Known Exploited Vulnerabilities catalog in Q1 2024. We break down the vendor mix, the edge-device bias, and what to prioritize.

Mar 10, 20245 min read
Engineering

Security Debt: Measuring and Paying It Down

Security debt is the gap between the risk you're carrying and the risk you've decided to carry. Here's how to measure it in vuln-days and pay it down without a heroic quarter.

Mar 5, 20247 min read
Vulnerabilities

Notable CVEs of 2022: A Practitioner's Roundup

CVE-2022-31160 and a run of recursion-based denial-of-service bugs made 2022 a year defined less by exotic exploits and more by parsers that never expected deeply nested input.

Feb 14, 20245 min read
Security Concepts

CWE Full Form: What It Actually Stands For

CWE stands for Common Weakness Enumeration — a community-maintained taxonomy of software and hardware weakness types that CVEs, SAST tools, and OWASP guidance all reference back to.

Feb 8, 20245 min read
vulnerability-management (Page 50) — Safeguard Blog