open-source
Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.
138 articles
OSS Trademark Policies: Security Angle
Trademarks matter in open source security because they are the signal of authentic origin. When trademark policies fail, typosquatting, impostor forks, and compromised builds follow.
Fuzzing Open Source for Supply Chain Findings
How modern coverage-guided fuzzing finds real vulnerabilities in open-source dependencies, and how to fold it into a supply-chain security program.
Maintainer Burnout: Security Implications
Exhausted maintainers are not just a welfare problem. They are a security problem. Burnout is a precondition for social engineering, delayed patches, and hostile takeovers.
Commercial OSS License Shifts: An Analysis
From MongoDB to HashiCorp, commercial open source vendors have repeatedly relicensed away from OSI-approved licenses. The pattern reveals a fundamental tension between sustainability and freedom.
npm Package Takeover: The Summer 2024 Wave
Between May and June 2024 at least 36 npm packages were hijacked via expired maintainer domains and leaked tokens. We map the cluster.
Infisical: An Open-Source Secrets Platform Review
A senior engineer's assessment of Infisical as a self-hostable secrets platform, covering architecture, operational posture, and where it fits in 2024.
Maven Central Changes in 2024 and Their Security Impact
Sonatype made several Maven Central changes in 2024 that materially affected the Java supply chain. A rundown of what changed, who was affected, and what Java teams should do.
OSS Contributor License Agreements Reviewed
CLAs, DCOs, and the subtle differences between Apache ICLAs, Google corporate CLAs, and Eclipse ECAs shape what contributors give up and what projects can do.
The OSS Pledge: Adoption Tracking at Six Months
Six months after the OSS Pledge launch, adoption is climbing but uneven. Who signed, who followed through with funding, and what the pledge has actually shifted in open-source economics.
Open Source AI Model Security: The Emerging Threat Landscape
As open source AI models proliferate, their security implications extend far beyond traditional software vulnerabilities. Model poisoning, supply chain tampering, and unsafe deserialization create new attack surfaces.
Safeguard Open Source Manager: Understanding the Health of Your Dependencies
Vulnerability counts do not tell the full story. Open Source Manager evaluates the health, maintainability, and trustworthiness of the open-source projects your software depends on.
Corporate OSS Contribution Policies
Google, Microsoft, Red Hat, and a long tail of smaller companies have built contribution policies that shape how their engineers participate in open source. The policies vary more than most assume.