Case Studies
Netflix's Open-Source Security Approach
How Netflix manages security across hundreds of open-source projects and thousands of internal dependencies while maintaining the velocity that streaming demands.
Jan 22, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
How Netflix manages security across hundreds of open-source projects and thousands of internal dependencies while maintaining the velocity that streaming demands.
A heap buffer overflow in curl's SOCKS5 proxy handshake earned a severity rating of HIGH from curl's creator Daniel Stenberg, who called it the worst curl flaw in a long time.
The latest release of OpenSSF Scorecard introduces new checks and improved accuracy, helping organizations make data-driven decisions about open source dependency risk.
npm's updated unpublish policy addresses the left-pad problem while balancing maintainer rights, but the supply chain implications go deeper than most realize.
Google expanded its OSS vulnerability rewards program in 2023, paying researchers to find bugs in critical open source projects. It's a promising model, but not a silver bullet.
A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.
A review of FOSSA for open source license compliance and vulnerability management, covering license detection, policy automation, and enterprise integration patterns.
5G networks are software-defined infrastructure built on open-source components. The supply chain implications are enormous and under-discussed.
A practical template for crafting an enterprise open-source usage policy that balances developer freedom with security and compliance requirements.
Weekly insights on software supply chain security, delivered to your inbox.