Security
Safeguard articles tagged "Security" — guides, analysis, and best practices for software supply chain and application security.
58 articles
WebAssembly Security: New Capabilities, New Supply Chain Questions
WebAssembly is expanding beyond the browser into server-side and edge workloads. The security model and supply chain implications deserve closer scrutiny.
SpotBugs Security Detectors for Java: A Practical Guide
SpotBugs with Find Security Bugs is the most effective free security analysis tool for Java. Here is how to get real results from it.
npm Install Script Security: The Code That Runs Before Your Code
npm install scripts execute arbitrary code during package installation. They are the most exploited vector in JavaScript supply chain attacks.
TLS Library Comparison: OpenSSL vs BoringSSL vs LibreSSL vs rustls
Your TLS library choice has massive security implications. Here is an honest comparison of the major options and what each trade-off means.
The Security Implications of Semantic Versioning
Semver promises predictability in dependency management. In practice, it creates a trust model with serious security implications that most developers do not consider.
Post-Install Hooks in Package Managers: The Universal Backdoor Mechanism
Almost every package manager supports post-install hooks that run arbitrary code. This is the most abused feature in supply chain attacks.
BuildKit and Buildah: Building Containers Without Giving Away the Keys
Container build tools have direct access to your source code, secrets, and registries. BuildKit and Buildah offer security features that most teams ignore. Here is what to use and why.
Dependency Pinning vs. Ranges: The Tradeoffs
Should you pin exact dependency versions or use ranges? The answer is more nuanced than most teams think, and getting it wrong has real security implications.
Cryptographic Library Selection Guide: Choosing Wisely for Your Stack
Picking the wrong crypto library means either rolling your own crypto or using a library with a poor security track record. Here is how to choose.
PHPStan Security Analysis: Static Typing as a Security Tool for PHP
PHPStan brings static analysis to PHP. Its type checking catches entire classes of bugs that lead to security vulnerabilities in PHP applications.
Release Management Security Checklist
A pre-release security checklist that covers dependency verification, vulnerability scanning, SBOM generation, and artifact integrity for every production release.
Open Source Funding, Sustainability, and Security
The software industry runs on open source maintained by unpaid volunteers. Until we fix the funding problem, we can't fix the security problem.