cve
Safeguard articles tagged "cve" — guides, analysis, and best practices for software supply chain and application security.
136 articles
Nginx 1.20.1 Vulnerabilities: What to Patch
Nginx 1.20.1 fixed a real, exploitable DNS resolver bug — if you're still running an older 1.20.x or 1.19.x build, here's what the fix addressed and why it matters.
Responsible Disclosure in Open Source: The Messy Reality
Responsible disclosure sounds simple in theory. In practice, coordinating vulnerability disclosure across open source projects with no budgets, no SLAs, and no obligation to respond is an exercise in patience and diplomacy.
Vulnerability Correlation Across Package Ecosystems
The same vulnerability often appears under different identifiers across npm, PyPI, Maven, and other ecosystems. Here is how to correlate vulnerabilities across ecosystems and why it matters.
Vulnerability Coordination Across the Open Source Ecosystem
When a vulnerability affects a library used by thousands of projects, coordinating the fix is harder than writing the patch. The coordination problem is open source security's biggest operational challenge.