Safeguard
Tag

open-source-security

Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.

341 articles

Open Source Security

NuGet package vulnerability trends report

NuGet's growing attack surface: typosquatting, steganographic malware, and patch lag are reshaping .NET supply chain risk in 2026 — here's what the data shows.

Nov 16, 20257 min read
Open Source Security

Malicious NuGet packages targeting .NET developers

A fresh wave of malicious NuGet packages is hitting .NET developers via typosquatting, MSBuild-triggered code, and IL weaving. Here's what's happening and how to respond.

Nov 15, 20257 min read
Open Source Security

.NET deserialization vulnerability landscape

A look at the .NET deserialization vulnerability landscape — from the 2025 ASP.NET machine key crisis to BinaryFormatter's retirement and Telerik exploits.

Nov 15, 20257 min read
Open Source Security

NuGet typosquatting campaign report

Four disclosed NuGet typosquatting campaigns since 2024 reveal a shift toward patient, audience-specific attacks — from ICS time bombs to wallet-draining homoglyphs.

Nov 15, 20257 min read
Open Source Security

Compromised NuGet author accounts

NuGet maintainer accounts are the .NET supply chain's weakest link. Here's why account takeover beats typosquatting, and how to detect it before a CVE exists.

Nov 15, 20257 min read
Open Source Security

Most vulnerable .NET libraries report

Safeguard's H1 2026 analysis of 41,000+ .NET repos reveals a small cluster of NuGet packages driving nearly half of all vulnerability findings—and most aren't even reachable.

Nov 14, 20258 min read
Open Source Security

ASP.NET Core vulnerability trends

A data-driven look at ASP.NET Core's recurring CVE patterns — DoS in Kestrel/SignalR, deserialization bugs, and NuGet supply chain risk — and how to triage what matters.

Nov 14, 20257 min read
Open Source Security

NuGet dependency confusion risk report

NuGet's default feed-resolution behavior keeps dependency confusion risk elevated across .NET orgs. Here's what the incident history shows, and how to close the gap.

Nov 14, 20257 min read
Buyer's Guides

Best open source license compliance tools

A practical comparison of open source license compliance tools—FOSSA, Mend, Black Duck, Snyk, and more—covering detection accuracy, policy engines, and SBOM support.

Nov 14, 20258 min read
Open Source Security

Composer package vulnerability trends report

Composer package vulnerabilities rose 34% YoY, with 60%+ arriving via transitive dependencies. Safeguard breaks down the trends and what security teams should do.

Nov 14, 20256 min read
Open Source Security

Malicious Composer packages on Packagist

Three malicious Composer package campaigns hit Packagist in under a year -- each sitting undetected for months. Here's what happened and how to catch the next one faster.

Nov 13, 20257 min read
Open Source Security

WordPress plugin vulnerability trends

WordPress plugin CVEs keep climbing and exploitation windows keep shrinking. Here's what the latest vulnerability trends mean for security teams in 2026.

Nov 13, 20257 min read
open-source-security (Page 18) — Safeguard Blog