Safeguard
Tag

open-source

Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.

138 articles

Threat Intelligence

Open Source Intelligence (OSINT) for Supply Chain Security

How OSINT techniques can uncover supply chain threats hiding in plain sight—from compromised packages to suspicious maintainer activity.

Apr 18, 20236 min read
Open Source Security

A Taxonomy of Open Source Supply Chain Attacks

Supply chain attacks on open source come in distinct flavors. Understanding the taxonomy helps defenders prioritize controls and recognize threats before they reach production.

Apr 15, 20237 min read
Open Source

Software Heritage and the Case for Source Code Preservation

Software Heritage archives the world's source code. Here is why that matters for supply chain security, reproducibility, and long-term software integrity.

Apr 8, 20237 min read
Dependency Management

Fork Maintenance and Your Security Responsibilities

Forking an open source project means inheriting its security obligations. Here is what organizations need to know before and after forking a dependency.

Jan 28, 20236 min read
Open Source Security

Responsible Disclosure in Open Source: The Messy Reality

Responsible disclosure sounds simple in theory. In practice, coordinating vulnerability disclosure across open source projects with no budgets, no SLAs, and no obligation to respond is an exercise in patience and diplomacy.

Dec 22, 20227 min read
Open Source

Open Source Funding, Sustainability, and Security

The software industry runs on open source maintained by unpaid volunteers. Until we fix the funding problem, we can't fix the security problem.

Dec 15, 20229 min read
Tool Reviews

FOSSA Review: Open Source License Compliance at Enterprise Scale

A review of FOSSA for open source license compliance and vulnerability management, covering license detection, policy automation, and enterprise integration patterns.

Dec 8, 20226 min read
Software Supply Chain

Dependency Graph Analysis: Finding Hidden Transitive Risks

Your project has 50 direct dependencies. It actually depends on 1,200 packages. Transitive dependency analysis is how you find the risks hiding three layers deep.

Dec 1, 20228 min read
Emerging Technology

5G Networks and the Software Supply Chain Risks Nobody Talks About

5G networks are software-defined infrastructure built on open-source components. The supply chain implications are enormous and under-discussed.

Nov 25, 20226 min read
Open Source

The Open Source Maintainer Burnout Crisis and Its Security Consequences

Burned-out maintainers abandon projects, accept risky PRs without review, and hand off keys to strangers. The burnout crisis is a supply chain security crisis.

Nov 20, 20226 min read
Open Source Security

Vulnerability Coordination Across the Open Source Ecosystem

When a vulnerability affects a library used by thousands of projects, coordinating the fix is harder than writing the patch. The coordination problem is open source security's biggest operational challenge.

Nov 12, 20227 min read
Best Practices

Open Source Policy Template for Enterprises

A practical template for crafting an enterprise open-source usage policy that balances developer freedom with security and compliance requirements.

Oct 20, 20226 min read
open-source (Page 10) — Safeguard Blog