Safeguard
Tag

open-source

Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.

138 articles

Open Source Security

colors.js and faker.js: When Maintainer Burnout Becomes a Supply Chain Crisis

Marak Squires deliberately broke two of npm's most popular packages to protest the exploitation of open source maintainers. The fallout exposed how fragile our dependency chains really are.

Jan 10, 20225 min read
Vulnerability Research

Zero-Day Vulnerabilities in Open Source: 2021 in Review

2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.

Nov 28, 20217 min read
Open Source Security

The ua-parser-js npm Hijack of October 2021

An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.

Oct 25, 20216 min read
Open Source Security

npm colors and faker Sabotage: When Maintainers Revolt

The maintainer of colors and faker deliberately corrupted his own packages, affecting thousands of projects. It raised uncomfortable questions about open source sustainability and trust.

Sep 15, 20216 min read
Open Source Security

Open Source Security: State of the Union 2021

Open source powers the modern internet, but its security model is under strain. Here's the 2021 landscape of open source risk, from funding to maintainer burnout to malicious packages.

Aug 1, 20216 min read
Open Source Security

Rust Foundation Formation: Security Implications

The Rust Foundation launched February 8, 2021. Here is what its formation actually changed for the security of Rust and downstream ecosystems.

Feb 10, 20216 min read
open-source (Page 12) — Safeguard Blog