Log4shell Vulnerability Explained

Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

On Thursday, Dec 9th 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. โ€ฆ

The Vulnerability Conundrum: Improving the Disclosure Process

The vulnerability disclosure process involves reporting security flaws in software or hardware, and can be complex. Cooperation between the organization responsible for the software or hardware, and the security researcher who discovers the vulnerability can be complicated.  In this blog weโ€™ll look at the vulnerability disclosure process, the parties involved and how they can collaborate โ€ฆ

JFrog Xray + Splunk + SIEM: Towards Implementing a Complete DevSecOps Strategy

Making security an intrinsic part of a DevOps pipeline is a โ€œmust-haveโ€ for organizations looking to secure their applications earlier in the development process.  The combination of JFrog Artifactory and JFrog Xray enables organizations to build security into all phases of their software development lifecycle, so they can proactively detect and mitigate open source software โ€ฆ

How to set up Software Security and Compliance for Your Artifacts

The simplest way to ensure the safety of all the open source (OSS) components used by your teams and sites, is with a software composition analysis (SCA) tool. You need an automated and reliable way to manage and keep track of your open source usage. With JFrog Xray, you can set up vulnerability and license โ€ฆ

What's New in JFrog Artifactory and Xray

Whatโ€™s New with JFrog Artifactory and Xray

TL;DR Get the latest on self-hosted Docker rate limits, cutting through violation noise and new package type support. Without doubt, 2020 has been one of the most challenging years for everyone in recent history, but especially for those in the world of DevOps. JFrog has strived to continue developing and innovating at the same pace, โ€ฆ

7 Tips to Evaluate and Choose the Right DevSecOps Solution

Demand for DevSecOps products has been growing strongly, as more companies realize the importance of integrating security into their DevOps pipelines. However, IT and DevOps pros who dive into the DevSecOps market looking for options quickly realize that the number of DevSecOps tools and frameworks is vast and confusing. This overabundance of choices often leaves โ€ฆ

Major Vulnerabilities Discovered and Patched in Realtek RTL8195A Wi-Fi Module

In a recent supply chain security assessment, the JFrog security research team (formerly Vdoo) analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and responsibly disclosed six major vulnerabilities in Realtekโ€™s RTL8195A Wi-Fi module that these devices were based on. An attacker that exploits the discovered vulnerabilities can gain remote โ€ฆ

Stay Alert to Security With Xray and PagerDuty

When securing your software development against open-source vulnerabilities, the earlier action occurs โ€” by the right person โ€” the safer you and your enterprise will be. Many IT departments rely on the PagerDuty incident response platform to improve visibility and agility across the organization. The enterprise-quality incident management system provides reliable notifications, automatic escalations, on-call โ€ฆ

JFrog-Google Cloud devsecops webinar

Worried about DevOps Security? Come to Our Webinar and Overcome Your Fears

Are you afraid of inadvertently releasing unsafe code? Do you worry about hackers breaching your critical application โ€” and creating mayhem for your business and its customers? Are you overwhelmed by SDLC security concerns? Youโ€™re not alone. DevOps teams know they canโ€™t overlook security or treat it as an afterthought. Doing so, they realize, puts โ€ฆ