vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
Checkmarx SCA: Application Security from a SAST Pioneer
A review of Checkmarx SCA covering its integration with the broader Checkmarx AST platform, vulnerability detection, and exploitability analysis capabilities.
Designing a Vulnerability Triage Workflow That Works
Most vulnerability triage processes are broken. Here is how to design a workflow that reduces noise, routes issues to the right owners, and actually gets things fixed.
Runtime SBOM vs. Build-Time SBOM: Which Do You Actually Need?
Build-time SBOMs capture what goes into your software; runtime SBOMs capture what actually runs. Understanding the difference is critical for accurate vulnerability management.
Vulnerability Remediation SLAs: Best Practices for Real Teams
Setting vulnerability remediation deadlines is easy. Actually meeting them is hard. This guide covers practical SLA frameworks that balance security urgency with engineering reality.
Supply Chain Risk Scoring Algorithms: How They Work and Where They Fail
Risk scoring turns complex supply chain data into actionable numbers. But the algorithms behind these scores have assumptions and blind spots that security teams must understand.
Security Debt: Tracking and Remediation Strategies
Security debt accumulates silently—unpatched dependencies, skipped reviews, deferred upgrades. Here's how to measure it and pay it down systematically.
Snyk vs Dependabot: A Head-to-Head Comparison
Evaluate Snyk and Dependabot on vulnerability detection, ecosystem coverage, CI integration, pricing, and remediation to pick the right SCA tool for your team.
Inside the Apache Foundation's Security Practices
The Apache Software Foundation oversees 350+ projects including some of the most widely deployed software on earth. Their security practices set the standard for foundation-governed open source.
CISA KEV Catalog: One Year Analysis of Known Exploited Vulnerabilities
After one year, the CISA KEV catalog has reshaped how organizations prioritize patching. Here's what the data tells us about real-world exploitation.
Quantifying Security Debt: Methods That Actually Work
Everyone talks about security debt. Almost nobody measures it. Here are practical methods for putting numbers on the security shortcuts your organization has accumulated.
Understanding EPSS: Exploit Prediction Scoring System Explained
EPSS offers a data-driven approach to vulnerability prioritization. Learn how it works, how it compares to CVSS, and why your team should care.
Setting Up Continuous Dependency Monitoring From Scratch
Point-in-time dependency scans miss vulnerabilities disclosed between scans. Here is how to set up continuous monitoring that catches new threats as they emerge.