Safeguard
Tag

open-source

Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.

138 articles

Vulnerability Response

CVE-2025-9086 in cURL: Patch Posture & SBOM Response

Heap out-of-bounds read in libcurl's cookie path comparison affects nearly every Linux distro. Defender SBOM playbook below.

Sep 12, 20257 min read
Open Source

Open Source Maintainer Succession Planning: A Supply Chain Imperative

When a solo maintainer disappears, entire dependency chains are at risk. How organizations should approach succession planning for critical open source projects.

Aug 10, 20256 min read
Vulnerability Response

CVE-2025-49794 in libxml2: Patch Posture & SBOM Response

libxml2 use-after-free during XPath schematron parsing scored CVSS 9.1. Defender SBOM playbook for one of the most-embedded libraries on the planet.

Jul 15, 20256 min read
Open Source Security

Building an Open Source Risk Intelligence Platform: Beyond Vulnerability Scanning

Vulnerability scanning is one dimension of open source risk. A true risk intelligence platform must also evaluate maintainer health, project sustainability, licensing, and malicious package threats.

Jun 25, 20257 min read
Industry Analysis

Open Source Security Census 2025: Who Maintains the Code We All Depend On?

An analysis of the state of open-source security in 2025. Critical infrastructure runs on projects maintained by small, often unpaid teams. Here is what the data shows and why it matters.

Mar 8, 20255 min read
Industry Analysis

OSS Code of Conduct: Security Impact

Codes of conduct are not just social documents. They affect maintainer retention, contributor diversity, and ultimately the security posture of the project.

Dec 12, 20246 min read
Industry Analysis

Open Source Security Funding in 2024: Who Pays for the Code We All Depend On

Despite growing recognition that open source underpins critical infrastructure, security funding remains fragmented and insufficient. A look at the numbers and what needs to change.

Dec 10, 20247 min read
Best Practices

Forking Strategy for Enterprise OSS

Forking was once a last resort. In 2024 it became a standard response to license changes, governance failures, and stalled projects. A good forking strategy is now an enterprise competency.

Nov 2, 20246 min read
Industry Analysis

Foundation-Neutral Governance Evaluation

CNCF, Linux Foundation, Apache, Eclipse — each has a different governance model. A practical evaluation of what that means for projects considering adoption.

Oct 25, 20246 min read
Open Source Security

OpenSSF Scorecard Adoption Metrics: Late 2024

OpenSSF Scorecard crossed 1M scanned repos in October 2024. We break down adoption, score drift, and which checks are actually predictive.

Oct 24, 20245 min read
Industry Analysis

Open Source Foundation Governance Models

The Linux Foundation, Apache Software Foundation, CNCF, and Eclipse each codify different theories of how open source projects should be governed. The differences matter more than most adopters realize.

Sep 22, 20246 min read
Industry Analysis

Labyrinth Chollima and Open Source Targeting

Labyrinth Chollima's operations show a specific pattern — poisoned open source packages as initial access. A profile of the tradecraft and the defensive response.

Aug 28, 20246 min read
open-source (Page 6) — Safeguard Blog