open-source
Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.
138 articles
Open Source Intelligence (OSINT) for Supply Chain Security
How OSINT techniques can uncover supply chain threats hiding in plain sight—from compromised packages to suspicious maintainer activity.
A Taxonomy of Open Source Supply Chain Attacks
Supply chain attacks on open source come in distinct flavors. Understanding the taxonomy helps defenders prioritize controls and recognize threats before they reach production.
Software Heritage and the Case for Source Code Preservation
Software Heritage archives the world's source code. Here is why that matters for supply chain security, reproducibility, and long-term software integrity.
Fork Maintenance and Your Security Responsibilities
Forking an open source project means inheriting its security obligations. Here is what organizations need to know before and after forking a dependency.
Responsible Disclosure in Open Source: The Messy Reality
Responsible disclosure sounds simple in theory. In practice, coordinating vulnerability disclosure across open source projects with no budgets, no SLAs, and no obligation to respond is an exercise in patience and diplomacy.
Open Source Funding, Sustainability, and Security
The software industry runs on open source maintained by unpaid volunteers. Until we fix the funding problem, we can't fix the security problem.
FOSSA Review: Open Source License Compliance at Enterprise Scale
A review of FOSSA for open source license compliance and vulnerability management, covering license detection, policy automation, and enterprise integration patterns.
Dependency Graph Analysis: Finding Hidden Transitive Risks
Your project has 50 direct dependencies. It actually depends on 1,200 packages. Transitive dependency analysis is how you find the risks hiding three layers deep.
5G Networks and the Software Supply Chain Risks Nobody Talks About
5G networks are software-defined infrastructure built on open-source components. The supply chain implications are enormous and under-discussed.
The Open Source Maintainer Burnout Crisis and Its Security Consequences
Burned-out maintainers abandon projects, accept risky PRs without review, and hand off keys to strangers. The burnout crisis is a supply chain security crisis.
Vulnerability Coordination Across the Open Source Ecosystem
When a vulnerability affects a library used by thousands of projects, coordinating the fix is harder than writing the patch. The coordination problem is open source security's biggest operational challenge.
Open Source Policy Template for Enterprises
A practical template for crafting an enterprise open-source usage policy that balances developer freedom with security and compliance requirements.