Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Best Practices

The End-of-Year Dependency Audit Ritual

Most dependency audits get done in a panic after a CVE lands. A planned year-end audit is cheaper, more thorough, and produces a backlog you can actually work through in Q1.

Dec 10, 20226 min read
Software Supply Chain

Dependency Graph Analysis: Finding Hidden Transitive Risks

Your project has 50 direct dependencies. It actually depends on 1,200 packages. Transitive dependency analysis is how you find the risks hiding three layers deep.

Dec 1, 20228 min read
Vulnerability Management

Vulnerability Correlation Across Package Ecosystems

The same vulnerability often appears under different identifiers across npm, PyPI, Maven, and other ecosystems. Here is how to correlate vulnerabilities across ecosystems and why it matters.

Nov 22, 20226 min read
How-To Guide

Automating Vulnerability Remediation: A Practical Guide

Stop drowning in CVE backlogs. Learn how to build automated remediation workflows that fix vulnerabilities faster without burning out your engineering team.

Nov 8, 20226 min read
DevSecOps

VEX Explained: How Vulnerability Exploitability Exchange Cuts Through Alert Noise

VEX documents let software producers tell consumers which vulnerabilities actually affect their products. Here's how VEX works and why it matters.

Jul 20, 20227 min read
Software Supply Chain Security

Memory Safety Bugs in C/C++ Dependencies: The Hidden Risk in Your Software Supply Chain

C and C++ libraries still power critical infrastructure everywhere. Their memory safety issues are your problem whether you write C or not.

Jul 8, 20226 min read
Incident Analysis

The Log4Shell Response Playbook Six Months In

Six months after CVE-2021-44228 broke the internet, here is what worked, what didn't, and the response patterns security teams should keep as muscle memory.

Jun 12, 20226 min read
Open Source Security

Log4j and the Maintainer Burnout Crisis Nobody Talks About

The Log4Shell vulnerability exposed more than a critical flaw in Java logging. It revealed a systemic failure in how the industry treats the people who maintain critical open source infrastructure.

Jan 18, 20227 min read
Compliance & Regulations

CISA Known Exploited Vulnerabilities Catalog Launched

CISA's KEV catalog changes vulnerability management from theoretical risk to confirmed exploitation. Here's what it means and how to use it for prioritization.

Dec 20, 20215 min read
Vulnerability Analysis

Vulnerability Prioritization: Beyond CVSS Scores

CVSS scores alone lead to alert fatigue and misallocated resources. Here's how EPSS, reachability analysis, and exploit intelligence create a smarter prioritization model.

Nov 1, 20216 min read
Incident Analysis

Heartbleed at Five Years: A Practitioner Retrospective

Five years after CVE-2014-0160, Heartbleed still shapes how we think about shared cryptographic libraries, disclosure ethics, and open-source funding.

Apr 7, 20196 min read
vulnerability-management (Page 53) — Safeguard Blog