Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The Scorecard v6 proposal introduces PASS/FAIL/ATTESTED conformance against the OSPS Baseline, versioned probe mapping, and CI gating. Here is what consumers and maintainers need to know.
Heap out-of-bounds read in libcurl's cookie path comparison affects nearly every Linux distro. Defender SBOM playbook below.
When a solo maintainer disappears, entire dependency chains are at risk. How organizations should approach succession planning for critical open source projects.
libxml2 use-after-free during XPath schematron parsing scored CVSS 9.1. Defender SBOM playbook for one of the most-embedded libraries on the planet.
Vulnerability scanning is one dimension of open source risk. A true risk intelligence platform must also evaluate maintainer health, project sustainability, licensing, and malicious package threats.
An analysis of the state of open-source security in 2025. Critical infrastructure runs on projects maintained by small, often unpaid teams. Here is what the data shows and why it matters.
Codes of conduct are not just social documents. They affect maintainer retention, contributor diversity, and ultimately the security posture of the project.
Despite growing recognition that open source underpins critical infrastructure, security funding remains fragmented and insufficient. A look at the numbers and what needs to change.
CNCF, Linux Foundation, Apache, Eclipse — each has a different governance model. A practical evaluation of what that means for projects considering adoption.
Weekly insights on software supply chain security, delivered to your inbox.