vulnerability-remediation
Safeguard articles tagged "vulnerability-remediation" — guides, analysis, and best practices for software supply chain and application security.
17 articles
Detecting weak cryptographic algorithms in code
SHAttered proved a SHA-1 collision for ~$110,000 in 2017. NIST retires SHA-1 entirely by Dec 31, 2030 — here's how to find and fix MD5/SHA-1 in your code now.
AI-assisted vulnerability remediation patterns: what to verify before you merge
GitHub reports its Copilot Autofix suggestions resolve two-thirds of flagged vulnerabilities with little or no editing — but the other third is where merges go wrong.
How to validate AI-generated autofix suggestions before you merge them
319 LLM patches for 64 real CVEs were graded in 2026: only 24.8% were both secure and functional. Speed without validation just merges bugs faster.
LLM-assisted vulnerability autofixing: approaches and how to validate the patches
At DARPA's AIxCC finals in August 2025, AI systems patched 68% of vulnerabilities they found — up from 25% at semifinals. Here's how the approaches differ and why validation still matters most.
Auto-Fix Vulnerabilities FAQ: Patching Code and Containers Automatically
How automated vulnerability fixing works across source code and container images — direct and transitive dependencies, breaking-change safety, and where human review belongs.
The XZ Utils backdoor CVE-2024-3094 explained
CVE-2024-3094 hid a remote-access backdoor inside xz-utils via a years-long social engineering campaign. Here's the timeline, impact, and fix.
How Copilot Autofix generates AI-powered vulnerability fi...
Copilot Autofix pairs CodeQL with an LLM to patch code-scanning alerts up to 3x faster. Here's how it works, its limits, and where supply chain risk still slips through.
Fixing vulnerabilities in Maven projects
Maven vulnerability remediation isn't just running mvn versions:use-latest — here's how to triage, patch, and verify fixes without breaking builds.
Automated dependency updates and patch management
How automated dependency updates actually close the patch gap—where Mend.io's approach falls short, and what reachability, provenance, and policy-as-code add.
Log4Shell remediation cheat sheet
A practical, no-fluff Log4Shell remediation cheat sheet: affected versions, CVSS/EPSS/KEV context, timeline, and the exact steps to close CVE-2021-44228.
What is Vulnerability Remediation
Vulnerability remediation means fixing a flaw at its source, not just detecting it. Learn the workflow, real MTTR benchmarks, and prioritization.
How Snyk Agent Fix's agentic retry loop self-corrects fai...
A technical look at how Snyk's Agent Fix uses a bounded, feedback-driven retry loop to validate and self-correct AI-generated vulnerability fixes before they reach a pull request.