Safeguard
Tag

open-source-security

Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.

341 articles

Open Source Security

npm dependency confusion attacks against private package ...

How npm dependency confusion lets attackers hijack internal package names on public registries — and why private npm registry security gaps still leave teams exposed.

Jan 23, 20267 min read
Open Source Security

Maven and Gradle dependency supply chain attacks in the J...

How attackers exploit Maven Central and the Gradle Plugin Portal — dependency confusion, malicious artifacts, and plugin takeovers — and how to defend Java builds.

Jan 22, 20267 min read
Open Source Security

Auditing Spring Boot dependencies with OWASP Dependency-C...

A step-by-step spring boot dependency audit using OWASP Dependency-Check and Snyk, from Maven setup to CI automation and finding reconciliation.

Jan 21, 20267 min read
Software Supply Chain Security

What is a Malicious Commit / Compromised Maintainer Account

When an attacker steals a maintainer's credentials, every user of that package inherits the compromise. Here's how it happens and how to catch it.

Jan 19, 20267 min read
Vulnerability Analysis

XZ Utils backdoor discovery (CVE-2024-3094)

A deep dive into CVE-2024-3094, the XZ Utils backdoor: affected versions, CVSS/EPSS context, full attack timeline, and remediation steps.

Jan 16, 20267 min read
Tools

Best Free Security Tools for Bootstrapped Startups in 2026

A zero-budget security stack that actually covers the top risks: SCA, secrets scanning, SAST, container scanning, and DAST — plus what each free tool won't do.

Jan 13, 20266 min read
Incident Analysis

event-stream / flatmap-stream npm backdoor incident

How a trusted npm maintainer handoff let attackers plant a wallet-draining backdoor in event-stream, and what it still teaches security teams today.

Jan 4, 20266 min read
Open Source Security

CVE analysis: critical vulnerabilities in open source fin...

Log4Shell, Spring4Shell, and the Struts flaw behind Equifax: real CVEs still lurking in banking and fintech open source stacks, with fixes and detection tips.

Jan 3, 20268 min read
Vulnerability Analysis

urllib3 regular expression denial of service (CVE-2021-33503)

A deep dive into CVE-2021-33503, the urllib3 ReDoS flaw in Python's core HTTP library, its real-world exposure, and how to remediate it.

Dec 31, 20257 min read
Incident Analysis

ctx and colourama PyPI typosquat malware incident

The ctx and colourama PyPI typosquatting malware incident shows how account takeover and name-squatting delivered credential-stealing code to devs.

Dec 29, 20257 min read
Open Source Security

How to manage open source risk in telecom OSS/BSS softwar...

A practical guide to managing telecom OSS/BSS open source risk—from SBOM inventory to dependency scanning—so carrier billing and network software stays secure.

Dec 25, 20258 min read
Open Source Security

How to vet open source software before deployment in tele...

A seven-step process for vetting open source telecom core network components — SBOMs, signature verification, protocol fuzzing, and procurement sign-off — before they reach production.

Dec 24, 20257 min read
open-source-security (Page 13) — Safeguard Blog