|
By Ben Gross
On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will show why we believe that it is almost impossible to exploit this vulnerability to achieve remote code execution in any real-world setup.
|
By Shachar Menashe
In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services.
|
By Orel Bitan
An “Evil Proxy” is a malicious proxy server used by attackers to intercept and change the communication between a client and a legitimate server. It is also known as Phishing-as-a-Service (PhaaS), where the attackers attempt to deceive individuals into providing sensitive information such as usernames, passwords, and credit card numbers.
|
By Goni Golan
While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it to the Wget maintainers. A patch was released on November 11 and is included in Wget 1.25.0.
|
By Shachar Menashe
JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment.
|
By Kristian Taernhed
Developers are expected to write new and more complex code to create leading-edge features in new software releases at a relenting pace. To do this they are looking for help from AI assistants like GitHub Copilot to help write better code, faster. They want to write, debug, and secure their code simultaneously, driving the need for leading-edge products like Copilot Autofix.
|
By Asaf Ezra
In the never-ending quest to speed up software release cycles, ensuring the security and integrity of application artifacts has never been more critical. As applications are continuously built, tested, and deployed, every element of the software pipeline—from source code to container images—needs to be trusted and verifiable. A key aspect of maintaining this trust is image integrity protection and validation.
On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in the disclosure process, @evilsocket decided to advance the disclosure, and on September 26th, the vulnerabilities were disclosed in @evilsocket’s blog, along with a full proof of concept.
|
By Shlomi Ben Haim
At swampUP 2024 in Austin just a few days ago, we explored the EveryOps Matters approach with the crowd of developers, driven by a consolidated view from their companies’ boardrooms and 2024 CIO surveys. The message was clear: “EveryOps” isn’t just a strategy or tech trend — it’s a fundamental, ongoing mindset shift that must drive developers’ proactive actions in an ever-evolving software landscape. It’s not optional; it’s essential.
|
By Yonatan Arbel
Picture this: You’ve just settled in at home after a long day, ready to relax, when suddenly your phone buzzes. It’s a notification about a failed build in your latest project. Your heart sinks. Your mind starts racing to connect the dots… What went wrong? Where is it broken? There’s usually no one immediately available to answer these questions, and you know it will require a large manual effort to get to the bottom of the issue.
|
By JFrog
This JFrog webinar, hosted by our Public Sector partner Carahsoft, focused on automating the secure distribution of critical digital artifacts in air-gapped networks. For agencies, ensuring the integrity of these artifacts at the edge is paramount. Real-time access to mission-critical software for warfighters is essential, and timely software updates boost operational readiness and capabilities. Leveraging JFrog's latest tools, this approach significantly enhances operational capabilities for public sector agencies.
|
By JFrog
A deep dive into approaches and best practices integrating security into practices to comply with a shift-left strategy to release secure software.
|
By JFrog
In this executive interview with CyberRisk Alliance, JFrog’s Field CISO, Paul Davis, discusses the growing challenges of securing development workflows and the evolving role of the CISO. With an increasing focus on information security, Paul shares insights on balancing development speed with the need for robust security in today’s software environments.
|
By JFrog
Artificial intelligence (AI) is revolutionizing problem-solving and innovation in DevSecOps. Leveraging AI responsibly is essential for building secure, trustworthy systems. Governments are crafting policies to ensure AI's benefits while mitigating risks. Join JFrog's VP of Product Marketing, Jens Eckels, and BSA CEO, Victoria A. Espinel, as they explore how BSA’s Policy Solutions for Building Responsible AI provides a framework to achieve these goals, focusing on governance, innovation, and transparency.
|
By JFrog
Uncover Critical Gaps in Software Supply Chain Security A recent survey of over 300 global IT executives found that while 23% of organizations experienced software supply chain (SSC) breaches, only 30% prioritize SSC security. Our APAC tech leaders dive into these insights and offer practical solutions to enhance your security posture. Discover the latest trends and effective measures to protect your software supply chain.
|
By JFrog
Melissa McKay, JFrog Developer Advocate, and Sunil Bemarkar, AWS Sr. Partner Solutions Architect, discuss practical ways to mature your MLOps approach including bringing model use and development into your existing secure software supply chain and development processes. Watch to learn more and get a demo of the JFrog and Amazon SageMaker integration.
|
By JFrog
Artificial Intelligence and Machine Learning have hit the mainstream – particularly the use of Gen AI and LLMs to help organizations automate manual processes and analyze data at machine speed with dramatic results. How can ML and Gen AI help DevOps teams better secure the software supply chain? As the volume of code grows exponentially, these evolving technologies offer new, more efficient means to secure, deliver and scale software – but with accompanying risks that must be mitigated.
|
By JFrog
Join JFrog’s Senior Solution Engineer, Mike Holland, and Technical Success Manager, Harpreet Singh, as they showcase the power of the JFrog Software Supply Chain platform. Designed to detect third-party components, track dependencies, and enforce compliance, this platform is essential for efficient and reliable software development. In this session, you'll learn.
|
By JFrog
The JFrog Software Supply Chain Platform is the single source of truth to accelerate delivery of trusted software releases.
|
By JFrog
Together, JFrog and Qwak instill governance, transparency, visibility, and security into every facet of the development and deployment lifecycle for ML models. From managing dependencies to ensuring compliance and optimizing storage, this integration empowers your organization to embrace the future of machine learning with confidence and efficiency. Watch this demo for an overview of the integration.
|
By JFrog
Cloud DevOps tools offer greater flexibility, rapid deployment, cloud automation, reduced IT costs, and low upfront costs with subscription pricing. Setting up your environment with Artifactory on the cloud on your choice provides unlimited scalability allowing you to grow according to your needs and is easily achieved by using cloud storage providers (Amazon AWS, Google GCP or Microsoft Azure) in your environment with Artifactory.
|
By JFrog
Software businesses of every industry and all sizes, from small startups to large enterprises, are looking for ways to accelerate their software development process in the race to innovate and deliver their offerings to their customers ahead of their competition.
|
By JFrog
Today, we live in a very connected world, where our devices, homes and cars all communicate with each other, and every company with a product or service has the need to develop software. It is one of the primary mediums by which they strive to provide better products, services and solutions, and has become paramount to a company's success. To continuously improve their software, companies must have sound DevOps or DevSecOps practices in place.
|
By JFrog
In today's enterprises, software is your company's everyday face, whether through the desktop, the cloud, or a mobile device, to all parts of the globe. Cars are computers on wheels. Thermostats are data terminals. Banks live in your phone. In this new world, software updates serve customer's demands. Each one you deliver is your opportunity to renew - or, if botched, destroy - their trust. How can you make every update top-notch at top speed?
|
By JFrog
Over the last several years, software development has evolved from deploying products periodically to building them on an ongoing basis using CI servers. A company's end product may be built on a daily or even hourly basis. This means that DevOps must support the continual flow of code from the individual developer's machine to the organization's production environment.
|
By JFrog
Two numbers are shaking the foundations of business. What do these two figures mean to your business? They mean that, odds are your competitive landscape is irrevocably changed - already. To start, expectations for delivery speed for new products, services, and everything are faster. The new table stakes in the DevOps world have raised the bar on collaboration, cross-organizational visibility, efficiency, even company culture. Another thing these two simple stats mean is that most businesses are already there, or heading there now.
- December 2024 (2)
- November 2024 (4)
- October 2024 (5)
- September 2024 (5)
- August 2024 (6)
- July 2024 (4)
- June 2024 (2)
- May 2024 (8)
- April 2024 (2)
- March 2024 (4)
- February 2024 (5)
- January 2024 (9)
- December 2023 (10)
- November 2023 (7)
- October 2023 (5)
- September 2023 (12)
- August 2023 (5)
- July 2023 (3)
- June 2023 (6)
- May 2023 (5)
- April 2023 (6)
- March 2023 (6)
- February 2023 (5)
- January 2023 (2)
- December 2022 (3)
- November 2022 (8)
- October 2022 (9)
- September 2022 (6)
- August 2022 (11)
- July 2022 (4)
- June 2022 (8)
- May 2022 (15)
- April 2022 (7)
- March 2022 (9)
- February 2022 (10)
- January 2022 (3)
- December 2021 (17)
- November 2021 (3)
- October 2021 (6)
- September 2021 (7)
- August 2021 (4)
- July 2021 (5)
- June 2021 (8)
- May 2021 (4)
- April 2021 (1)
- March 2021 (2)
- February 2021 (5)
- December 2020 (2)
- November 2020 (1)
- October 2020 (4)
- September 2020 (1)
- July 2020 (4)
- June 2020 (1)
- May 2020 (4)
- April 2020 (4)
- March 2020 (1)
- February 2020 (2)
- January 2020 (6)
- December 2019 (2)
- November 2019 (2)
JFrog products seamlessly integrate with practically any development environment on Earth, from legacy code to the most recent containers and micro-services.
JFrog's end-to-end platform provides a fully automated pipeline for distributing trusted software releases. Connecting all developers, DevOps engineers and product owners to end devices, the JFrog Platform ensures software flows quickly and free from interruption.
End-to-End Universal DevOps Platform:
- JFrog Artifactory: The undisputed software repository leader for integrated, universal artifact management at enterprise scale.
- JFrog Container Registry: The world’s most flexible, hybrid container registry, with enterprise-grade resiliency backed by JFrog Artifactory.
- JFrog XRay: Universal security vulnerability & compliance analysis, natively integrated with Artifactory for continuous governance across the DevOps pipeline.
- JFrog Pipelines: Universally orchestrate software releases and master the entire CI/CD pipeline from code to production.
- JFrog Distribution: Secure and validate your software releases, allowing trusted, optimized software distribution on a global scale.
- JFrog Mission Control: A single access point providing a centralized dashboard to oversee your DevOps pipeline.
Universal Artifact Management for DevOps Acceleration.