Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Compliance

SOC 2 and software supply chain security: mapping the Trust Services Criteria

SOC 2 never says the words 'software bill of materials,' but auditors increasingly expect supply-chain evidence. Here's how the Trust Services Criteria map to your dependencies.

Jul 6, 20265 min read
Concepts

What Is a Security Advisory

A security advisory is an official notice that a product has a security flaw, plus how to fix it. Here is what advisories contain, who issues them, and how to act on one.

Jul 6, 20266 min read
Buyer's Guides

Snyk vs Black Duck (Synopsys) Comparison

Snyk vs Black Duck comparison for security buyers: how the two SCA platforms differ on workflow, coverage, and compliance — and where Safeguard fits.

Jul 6, 20268 min read
Solutions

Software Supply Chain Security for Product Security Teams

Product security teams own the security of what ships and stays shipped. Here is how to embed supply chain controls across the SDLC, run PSIRT for third-party CVEs, and manage security debt in released products without owning every repo yourself.

Jul 5, 20266 min read
FAQ

Vulnerability Management FAQ: Process, Tooling, and SLAs

What vulnerability management actually involves — discovery, triage, prioritization, remediation, and verification — answered as a practical FAQ for security and engineering teams.

Jul 5, 20266 min read
Concepts

What Is a CVSS Score

A CVSS score rates how severe a security flaw is on a scale of 0 to 10. Here is what the number means, how to read it, and why it is only part of the risk picture.

Jul 5, 20266 min read
Application Security

What Is Application Security (AppSec) 101

AppSec used to mean scanning code for known bugs. Here's why that's no longer enough, what CVE-matching tools like Snyk miss, and what a real supply chain security program requires.

Jul 5, 20267 min read
FAQ

Reachability Analysis FAQ: What It Is and Why It Cuts Noise

Reachability analysis decides whether a vulnerable function in a dependency is actually called by your code. Here are the common questions, answered plainly.

Jul 4, 20266 min read
Concepts

What Is a Security Patch

A security patch is a small update that fixes a specific flaw in software. Here is what patches are, why applying them quickly matters, and how teams manage them.

Jul 4, 20266 min read
Open Source Security

Software Composition Analysis (SCA) Explained

SCA finds every open-source package in your app — but knowing it's there isn't knowing it's exploitable. Here's what Log4Shell, xz, and Snyk's approach got right and wrong.

Jul 4, 20267 min read
Container Security

Container Image Scanning Best Practices

A practical guide to container image scanning: when to scan, what to block, what scanners like Snyk miss, and how to build a policy that actually gets remediated.

Jul 4, 20268 min read
Solutions

Software Supply Chain Security for AppSec Leads

AppSec leads own the program that turns scanner noise into fixed risk. Here is how to consolidate tooling, prioritize by reachability, win developer trust, and measure a program by remediation velocity instead of finding count.

Jul 3, 20266 min read
vulnerability-management (Page 6) — Safeguard Blog