Tag
cwe-338
Safeguard articles tagged "cwe-338" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Vulnerability Analysis
Insecure randomness vulnerabilities explained
CWE-338 explained through the Debian OpenSSL and Android Bitcoin SecureRandom breaches — how weak PRNGs get exploited, and how to detect and fix them.
Dec 8, 20257 min read
Industry Analysis
Insecure Randomness in Security-Sensitive Code
A single deleted line broke Debian's OpenSSL keys for two years. We break down real insecure randomness vulnerabilities and how Safeguard catches weak PRNGs before attackers do.
Oct 31, 20257 min read
Industry Analysis
Secure Random Number Generation in Python with the secret...
Python's random module is predictable, not secure. Here's why CWE-338 matters, when the secrets module (PEP 506, Python 3.6) fixed it, and how to generate tokens safely.
Oct 20, 20257 min read