serialization
Safeguard articles tagged "serialization" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Protocol Buffers (protobuf) Security Guide (2026)
Protocol Buffers is the serialization format behind gRPC and much of modern service-to-service traffic — and because parsing untrusted binary is its whole job, its real CVEs are denial-of-service by design, with a critical prototype-pollution bug in the JavaScript runtime.
Serialization vs. Deserialization in Java: Security Implications
The difference between serialization and deserialization in Java is simple to state and dangerous to get wrong — deserialization of untrusted data has caused some of the highest-severity Java CVEs of the last decade.
Protocol Buffer Security Considerations Beyond Serialization
Protobuf is everywhere in modern infrastructure. Its security implications go beyond just serialization format choice. Here is what to watch.
MessagePack Security Implications: Binary Serialization Risks
MessagePack is faster than JSON but shares some of JSON's security pitfalls while adding new ones. Here is what to watch for.