Back

Andrey Polkovnichenko

JFrog Security Researcher

Andrey is an experienced security and malware researcher with over a decade of expertise in the field. He is passionate about identifying and analyzing various types of bugs and malware across diverse platforms, including mobile devices, embedded systems, and open-source software packages, to make the digital world safer.

The Latest From Andrey Polkovnichenko

  • JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories
    | 19 min read

    As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog's security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats. In former publications, we have discussed…

    Read More  

  • NPM Manifest Confusion: Six Months Later
    | 9 min read

    Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a…

    Read More