open-source-security
Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.
341 articles
Launching Zero-Day Discovery: How Safeguard's Multi-Agent TAOR Deep Think AI Engine Finds Vulnerabilities Before Anyone Else
Safeguard launches its Zero-Day Discovery Engine, powered by the Multi-Agent TAOR Deep Think AI Engine — a multi-lead, multi-sub-agent architecture that performs deep CWE analysis on open-source packages to uncover vulnerabilities that traditional scanners miss.
What is Software Supply Chain Security
SolarWinds, Log4Shell, and XZ Utils show why software supply chain security now spans code, dependencies, and build pipelines alike.
Malicious dependency attacks in the software supply chain
Dependency confusion attacks let attackers hijack builds by publishing malicious packages with higher version numbers to public registries. Here's how they work and how to stop them.
What is Typosquatting
Typosquatting tricks developers into installing malicious lookalike packages. Learn how it works, real npm/PyPI attacks, and how to detect it.
What Are Transitive Dependencies
Transitive dependencies are the packages your code never directly imports but inherits anyway — and where 84% of open source CVEs actually live.
Direct vs Transitive Dependencies
Most known vulnerabilities live in transitive dependencies, not the ones in your manifest. Here's how to tell them apart and prioritize what's exploitable.
Open Source License Compliance
Redis, Elasticsearch, and Terraform all changed licenses in the last three years. Here's how license compliance actually breaks, and how to catch it before you ship.
Types of Open Source Licenses
A breakdown of permissive, copyleft, and source-available license types—MIT, GPL, AGPL, SSPL—and why misclassified licenses create hidden supply chain risk.
Software supply chain security: threat vectors & solutions
Real incidents, real numbers: how modern software supply chain threat vectors work, why SBOMs alone don't stop them, and what actually closes the gap.
Software Dependencies: How to Manage Them at Scale
Most apps run 10-20x more dependencies than engineers chose. Here's how reachability analysis and automation manage that risk at scale.
What is Dependency Management
Dependency management means tracking, scanning, and patching the open source packages your app relies on -- here's how it works and why it matters.
Known Vulnerabilities in Dependencies
Known vulnerabilities in dependencies cause most supply-chain breaches, not because they're undetected but because teams can't tell which ones are reachable.