The Software Extinction Event That Wasn’t

Note: This blog post was previously published on DevOps.com Imagine if the world’s most pervasive programming language, used in the majority of organizations, services, websites and infrastructure today, was itself made to be malicious? Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container… due to the popularity of …

CVE-2024-38428 Wget Vulnerability: All you need to know

On Sunday, June 2nd 2024, a fix commit was pushed for a vulnerability in GNU’s popular Wget tool. Two weeks later, the vulnerability was assigned the ID CVE-2024-38428 and later was classified as a critical vulnerability – with a CVSS score of 9.1.  In this blog, we take a dive deep into this threat by …

Mind the Gap: The Disconnect Between Execs & Developers

Note: This blog post was previously published on Hackeroon We surveyed 1,200+ technology professionals from around the globe, including 300+ VP and C-level executives, on their AI/ML usage and software supply chain security efforts. Upon analysis, a surprising gap emerged between what executives believe is happening and what developers and engineers report is happening. Here’s …

The basics of securing GenAI and LLM development

With the rapid adoption of AI-enabled services into production applications, it’s important that organizations are able to secure the AI/ML components coming into their software supply chain. The good news is that even if you don’t have a tool specifically for scanning models themselves, you can still apply the same DevSecOps best practices to securing …

3 Key Considerations for Securing Your Software Supply Chain

An organization’s software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in …

Strengthening Software Supply Chain Security: Insights from RSA Conference 2024

It’s a wrap! RSA 2024 brought together cybersecurity experts, industry leaders, and innovators to delve into critical topics defining the future of digital security. One of the key themes that garnered significant attention at RSA 2024 was software supply chain security. The Growing Importance of Software Supply Chain Security With 61% of U.S. businesses directly …

Removing Friction Between DevOps and Security - Thumbnail

Removing Friction Between DevOps and Security is Easier than you Think

Removing friction between DevOps and Security teams can only lead to good things. By pulling in the same direction, DevOps can make sure developers continue to work with minimum interruption, while automation and background processes make security more effective and consistent than before. And, security teams have the visibility and understanding of the software development …

Leveraging Shift Left and Shift Right for End-To-End Application Security

Despite organizations’ best efforts, security threats are on the rise, with malicious actors continuously evolving their tactics. Unfortunately, the situation is only intensifying as hackers from all walks of life leverage artificial intelligence (AI) and machine learning (ML) techniques. To combat these threats, security teams need to implement gates and controls throughout their entire software …

Friction between DevOps and Security – Here’s Why it Can’t be Ignored

Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright’s blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company’s software applications. They have many common …

The State of Software Supply Chain Security in 2024

In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your …