Safeguard
Tag

vulnerability-research

Safeguard articles tagged "vulnerability-research" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Vulnerability Analysis

Cybersecurity Research Center (CyRC): vulnerability resea...

What is Black Duck's CyRC, how does it research and disclose vulnerabilities, and where do its coverage gaps leave your open source supply chain exposed?

Jun 10, 20267 min read
Industry Analysis

Rust memory safety vulnerabilities despite the borrow che...

The borrow checker doesn't stop everything. Here's how rust unsafe code vulnerabilities slip past Rust's safety guarantees and reach production.

Feb 6, 20267 min read
Vulnerability Management

Automated Zero-Day Discovery: How AI Is Changing Vulnerability Research

AI-powered fuzzing and code analysis are accelerating zero-day discovery. Here's what that means for defenders.

Feb 3, 20266 min read
Industry Analysis

Race Conditions (TOCTOU) in Application Code

From Dirty COW to runc's CVE-2021-30465, TOCTOU race conditions keep slipping past code review. Here's why they're invisible to standard tooling — and how to catch them.

Oct 29, 20257 min read
Industry Analysis

Autocomplete Anxiety: Measuring How Often AI Coding Assis...

Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.

Aug 9, 20257 min read
Vulnerability Management

Dataflow Analysis in Modern Codebases

Dataflow analysis is the workhorse behind most vulnerability research. Here's how it adapts to TypeScript, Rust, and the polyglot realities of modern software.

Nov 18, 20248 min read
Vulnerability Management

Differential Testing for Supply Chain Vulns

Differential testing compares the behavior of multiple implementations of the same specification. In supply-chain work, it surfaces bugs that nobody else can see.

Oct 25, 20247 min read
Vulnerability Management

Symbolic Execution for Dependency Analysis

Symbolic execution explores program paths without concrete inputs. For supply-chain work, it answers reachability questions that fuzzing cannot.

May 28, 20247 min read
Vulnerability Management

Taint Analysis for Zero-Day Discovery: A Primer

A practitioner's walk-through of taint analysis as a zero-day discovery technique, from classic Livshits and Lam foundations to modern flow-sensitive engines.

Apr 22, 20247 min read
Open Source Security

Open Source Vulnerability Rewards: Can Bug Bounties Save Open Source?

Google expanded its OSS vulnerability rewards program in 2023, paying researchers to find bugs in critical open source projects. It's a promising model, but not a silver bullet.

Jul 28, 20235 min read
Offensive Security

Bug Bounty Programs with a Supply Chain Focus

Traditional bug bounty programs miss supply chain vulnerabilities. Here's how to design a bounty program that incentivizes researchers to hunt in your dependency chain.

Jul 18, 20227 min read
vulnerability-research — Safeguard Blog