vulnerability
Safeguard articles tagged "vulnerability" — guides, analysis, and best practices for software supply chain and application security.
16 articles
OpenSSL CVE-2022-3602: The Critical That Wasn't (But Still Matters)
OpenSSL pre-announced a critical vulnerability that was later downgraded to high severity. The incident revealed as much about our processes as the bug itself.
Spring4Shell (CVE-2022-22965) Response Analysis
A 2010-era bypass resurfaced as CVE-2022-22965 on Spring Framework for JDK 9+. Here is how the disclosure, patch, and industry response actually went.
Zero-Day Vulnerabilities in Open Source: 2021 in Review
2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.
ChaosDB: The Microsoft Azure Cosmos DB Vulnerability That Exposed Thousands of Databases
A critical vulnerability in Azure Cosmos DB allowed any user to gain full admin access to other customers' database instances, exposing data from thousands of organizations including Fortune 500 companies.