Welcome to the JFrog Blog

Empowering DevSecOps: JFrog’s Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

Empowering DevSecOps: JFrog’s Enterprise-Ready Platform for Federal NIST SP 800-218 Compliance

As an integrator or government agency providing mission-critical software, the question to ask yourself is “Is my software development environment NIST SP 800-218 compliant?”. Compliance with NIST SP 800-218 and the SSDF (Secure Software Development Framework) is mandatory, and it’s time to ensure your software supply chain is compliant. Learn more about JFrog's DevSecOps solutions…
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library - CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find…
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library - CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find…
Top JFrog Security Research Blogs of the Year

Top JFrog Security Research Blogs of the Year

With over 29,000 CVEs and 5.5 billion malware attacks recorded in the past year, it's no wonder that software supply chain security is a top priority for enterprise developers on a global scale. That is also why JFrog Security Research has been instrumental in identifying and analyzing the biggest threats and devising methods to protect…
What is JFrog Security?

What is JFrog Security?

The security of the software supply chain is rapidly becoming a paramount concern for organizations — and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted…
SSH protocol flaw – Terrapin Attack CVE-2023-48795: All you need to know

SSH protocol flaw – Terrapin Attack CVE-2023-48795: All you need to know

The SSH Terrapin attack (CVE-2023-48795) has recently caught attention, targeting the SSH protocol security by truncating cryptographic information. The inherent flaw in the SSH protocol itself affects a wide range of SSH client and server implementations. Following our initial research communication, this post will detail its fundamentals and impact. Affected Implementations Terrapin Attack Exploitation Impacts…
N-Day Hijack: Analyzing the lifespan of package hijacking attacks

N-Day Hijack: Analyzing the lifespan of package hijacking attacks

Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case…
How to Combine Speed and Trust in Enterprise Software Development

How to Combine Speed and Trust in Enterprise Software Development

Software development begins with code, which is then integrated, compiled, tested, and in the end distributed to users. This is often the secret sauce of innovation that organizations must protect to keep their competitive edge. With the software application development market growing at almost 30% per year and the average project taking just 4-6 months…
Unlock 2024 at DevSecOps EMEA this November in London

Unlock 2024 at DevSecOps EMEA this November in London

It’s November already, and while some may think it’s a perfect time to start winding down the year, here at JFrog we’re getting warmed up to bring Europe - and more specifically the U.K. - all sorts of DevSecOps excitement this winter! It’s no secret that Europe as a whole has been a pioneer in…