Safeguard
Tag

open-source

Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.

138 articles

Open Source Security

OSS Trademark Policies: Security Angle

Trademarks matter in open source security because they are the signal of authentic origin. When trademark policies fail, typosquatting, impostor forks, and compromised builds follow.

Aug 10, 20247 min read
Vulnerability Management

Fuzzing Open Source for Supply Chain Findings

How modern coverage-guided fuzzing finds real vulnerabilities in open-source dependencies, and how to fold it into a supply-chain security program.

Jul 15, 20247 min read
Open Source Security

Maintainer Burnout: Security Implications

Exhausted maintainers are not just a welfare problem. They are a security problem. Burnout is a precondition for social engineering, delayed patches, and hostile takeovers.

Jul 8, 20247 min read
Open Source Security

Commercial OSS License Shifts: An Analysis

From MongoDB to HashiCorp, commercial open source vendors have repeatedly relicensed away from OSI-approved licenses. The pattern reveals a fundamental tension between sustainability and freedom.

Jun 25, 20246 min read
Open Source Security

npm Package Takeover: The Summer 2024 Wave

Between May and June 2024 at least 36 npm packages were hijacked via expired maintainer domains and leaked tokens. We map the cluster.

Jun 20, 20245 min read
Best Practices

Infisical: An Open-Source Secrets Platform Review

A senior engineer's assessment of Infisical as a self-hostable secrets platform, covering architecture, operational posture, and where it fits in 2024.

May 30, 20247 min read
Open Source Security

Maven Central Changes in 2024 and Their Security Impact

Sonatype made several Maven Central changes in 2024 that materially affected the Java supply chain. A rundown of what changed, who was affected, and what Java teams should do.

May 28, 20246 min read
Regulatory Compliance

OSS Contributor License Agreements Reviewed

CLAs, DCOs, and the subtle differences between Apache ICLAs, Google corporate CLAs, and Eclipse ECAs shape what contributors give up and what projects can do.

May 25, 20247 min read
Open Source Security

The OSS Pledge: Adoption Tracking at Six Months

Six months after the OSS Pledge launch, adoption is climbing but uneven. Who signed, who followed through with funding, and what the pledge has actually shifted in open-source economics.

May 14, 20246 min read
Emerging Threats

Open Source AI Model Security: The Emerging Threat Landscape

As open source AI models proliferate, their security implications extend far beyond traditional software vulnerabilities. Model poisoning, supply chain tampering, and unsafe deserialization create new attack surfaces.

May 5, 20246 min read
Product

Safeguard Open Source Manager: Understanding the Health of Your Dependencies

Vulnerability counts do not tell the full story. Open Source Manager evaluates the health, maintainability, and trustworthiness of the open-source projects your software depends on.

May 1, 20247 min read
Industry Analysis

Corporate OSS Contribution Policies

Google, Microsoft, Red Hat, and a long tail of smaller companies have built contribution policies that shape how their engineers participate in open source. The policies vary more than most assume.

Apr 22, 20247 min read
open-source (Page 7) — Safeguard Blog