open-source
Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.
138 articles
colors.js and faker.js: When Maintainer Burnout Becomes a Supply Chain Crisis
Marak Squires deliberately broke two of npm's most popular packages to protest the exploitation of open source maintainers. The fallout exposed how fragile our dependency chains really are.
Zero-Day Vulnerabilities in Open Source: 2021 in Review
2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.
The ua-parser-js npm Hijack of October 2021
An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.
npm colors and faker Sabotage: When Maintainers Revolt
The maintainer of colors and faker deliberately corrupted his own packages, affecting thousands of projects. It raised uncomfortable questions about open source sustainability and trust.
Open Source Security: State of the Union 2021
Open source powers the modern internet, but its security model is under strain. Here's the 2021 landscape of open source risk, from funding to maintainer burnout to malicious packages.
Rust Foundation Formation: Security Implications
The Rust Foundation launched February 8, 2021. Here is what its formation actually changed for the security of Rust and downstream ecosystems.