Welcome to the second post in our series on Malicious Software Packages. This post focuses on the infection methods attackers use to spread malicious packages, and how the JFrog Security research team unveiled them. If you missed the first blog, here are some key takeaways: Third-party software packages contain vulnerabilities or malicious code delivered through …
Running machine learning (ML) inference in Edge devices close to where the data is generated offers several important advantages over running inference remotely in the cloud. These include real-time processing, lower cost, the ability to work without connectivity and with increased privacy. However, today, implementing an end-to-end ML system for edge inference and continuous deployment …
Today at swampUP, our annual DevOps conference, JFrog CTO Yoav Landman unveiled the next step toward making the Liquid Software vision of continuous, secure updates a truly universal reality. We’ve introduced JFrog Connect, a new solution designed to help developers update, manage, monitor, and secure remote Linux & Internet of Things (IoT) devices at scale. …
As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our JFrog Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline …
Always a concern for DevOps teams, security has now become a critical part of developing and releasing software – a reality reflected on the sharp increase in JFrog blogs about DevSecOps. In fact, we generated so many hard-hitting and instructive blogs about security and compliance in 2021 that we decided our DevSecOps coverage deserved its …
JFrog has been hard at work behind the scenes restructuring how we share information with the developer community. We wanted to create a one-stop resource for developers who code in a variety of languages, with a focus on DevOps, DevSecOps, and cloud native technologies. So without further ado … let me introduce you to our …
Together with the community, JFrog pioneered what we now know as DevOps with a focus on binaries (aka software packages, artifacts or images). A decade ago, no one thought binary management would be a thing — now it’s a standard most companies can’t live without. Back then, we said software universality would be necessary, and …
The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library – CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 – has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of Log4j vulnerabilities on their software, revealing multiple technical challenges …
At many organizations, the surprise discovery that the widely used Log4Shell open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this …
In our recent webinar, Log4j Log4Shell Vulnerability Explained: All You Need To Know, our Senior Director Security Research expert Shachar Menashe shared information on the security issue and how to detect and remediate it. We are happy to share additional information in the following Q&A, based on the questions raised during the webinar. The Log4j …
