Safeguard
Tag

open-source-security

Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.

341 articles

Open Source Security

Ruby supply chain security report

A report on Ruby supply chain security: malicious RubyGems campaigns, maintainer credential compromises, and 2025's RubyGems governance dispute.

Nov 21, 20257 min read
Open Source Security

Go module proxy vulnerability trends

A backdoor hid in Go's module proxy for 3+ years, and 63,000+ orphaned packages remain cached. Inside 2025's Go supply chain reckoning.

Nov 21, 20256 min read
Open Source Security

Malicious Go modules found on GitHub

Malicious Go modules keep surfacing on GitHub, exploiting the ecosystem's lack of a curated registry. Here's the pattern — and how to defend against it.

Nov 20, 20257 min read
Open Source Security

Go vulnerability database (govulncheck) trend report

Go's vulnerability database is scaling fast and stdlib CVEs are clustering. Here's what govulncheck vulnerability trends reveal about reachability, typosquats, and risk.

Nov 20, 20257 min read
Open Source Security

Typosquatting in the Go module ecosystem

Typosquatting is surging across the Go module ecosystem, exploiting decentralized import paths and an immutable checksum database that makes takedowns nearly meaningless.

Nov 20, 20257 min read
Open Source Security

Most vulnerable Go packages report

Safeguard's 2026 analysis ranks the most vulnerable Go packages by exposure-weighted risk, revealing why a handful of core modules drive most CVE impact.

Nov 20, 20257 min read
Supply Chain Attacks

The PHP Source Code Git Server Backdoor Compromise of 2021

In 2021, attackers breached PHP's git server and pushed a backdoor under forged commits from top maintainers. Here's how the PHP git server compromise unfolded.

Nov 20, 20257 min read
Open Source Security

Kubernetes and Go supply chain risk report

Kubernetes leans on thousands of Go modules. New analysis shows how typosquats and vendored code turn that dependency into real supply chain risk.

Nov 19, 20258 min read
Open Source Security

Go binary malware distribution trends

Go binaries are now a preferred malware delivery format — statically linked, cross-platform, and hard to fingerprint. Here's what the trend data shows.

Nov 19, 20256 min read
Open Source Security

Cloud-native Go services vulnerability landscape

A runc escape trilogy, a gRPC-Go bypass, and a lingering SSH auth flaw reveal how concentrated risk in Go now shapes the cloud native vulnerability landscape.

Nov 19, 20258 min read
Open Source Security

Go standard library CVE trend report

A trend analysis of Go standard library CVEs from HTTP/2 Rapid Reset to crypto/x509 parsing bugs — and why "it's stdlib" is not a safe-harbor assumption.

Nov 19, 20257 min read
Open Source Security

Go module checksum database bypass risks

Go's GOSUMDB checksum verification is meant to be on by default, but Safeguard's research found roughly 1 in 6 CI pipelines quietly disable it.

Nov 18, 20257 min read
open-source-security (Page 17) — Safeguard Blog