Safeguard
Tag

open-source-security

Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.

341 articles

Best Practices

What is Fuzz Testing (Fuzzing)

Fuzz testing bombards software with malformed inputs to surface crashes and memory bugs. Here's how fuzzers work, what they've found, and where they fall short.

Feb 14, 20267 min read
Vulnerability Analysis

What Was the Shellshock Vulnerability

Shellshock (CVE-2014-6271) let attackers run code on millions of Bash-based systems via a single crafted header. Here's the full breakdown and fix.

Feb 12, 20268 min read
Vulnerability Analysis

The XZ Utils Backdoor Explained

A trusted maintainer, years of quiet social engineering, and one hidden SSH backdoor: how CVE-2024-3094 nearly compromised the global Linux supply chain.

Feb 11, 20268 min read
Open Source Security

What is a Software License

A software license governs how open source code can be used, modified, and redistributed — and license conflicts now carry real contract-law risk, as the Vizio GPL case shows.

Feb 9, 20269 min read
Open Source Security

What is Open Source Software

Open source software now sits in 96% of codebases. Here's what OSS actually is, how licensing works, and where the real security risk hides.

Feb 9, 20268 min read
Open Source Security

What is a Package Manager

Package managers like npm and pip automate dependency resolution — and have been the entry point for incidents from event-stream to the xz-utils backdoor.

Feb 8, 20267 min read
Open Source Security

What is npm Security

A concrete look at npm security: real 2025 supply chain attacks on chalk and debug, the Shai-Hulud worm, and how teams actually defend the npm dependency tree.

Feb 8, 20268 min read
Open Source Security

What is PyPI Security

PyPI security stops typosquats, dependency confusion, and poisoned CI builds before pip install ever runs your code.

Feb 8, 20267 min read
Open Source Security

What is Maven Security

Maven security covers vulnerable dependencies, malicious plugins, and build-time risks in Java projects -- from Log4Shell to transitive dependency sprawl.

Feb 8, 20267 min read
Open Source Security

Using cargo-audit and the RustSec Advisory Database to ca...

A hands-on cargo-audit tutorial: scan Rust dependencies against the RustSec advisory database, interpret results, and block vulnerable crates before they ship.

Feb 5, 20267 min read
Open Source Security

What is Binary Composition Analysis

Binary composition analysis identifies open source components inside compiled artifacts—no source code needed. Here's how it works and why it matters.

Feb 4, 20267 min read
Open Source Security

What is License Scanning

License scanning finds every open source license in your dependency tree before it becomes a legal or compliance problem — here's how it works and why it changed in 2024.

Feb 4, 20266 min read
open-source-security (Page 10) — Safeguard Blog