In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services. In this post, we will again dive …
As businesses realized the potential of artificial intelligence (AI), the race began to incorporate machine learning operations (MLOps) into their commercial strategies. But the integration of machine learning (ML) into the real world proved challenging, and the vast gap between development and deployment was made clear. In fact, research from Gartner tells us 85% of …
We can all agree that visibility into resource usage is crucial for optimizing performance and managing costs to drive your business — especially in today’s cloud-driven world. MyJFrog is a comprehensive management portal for overseeing JFrog cloud platform instances and subscriptions. It provides a centralized control tower to manage and monitor subscriptions, resources, and usage. …
While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it …
JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. In our previous research on MLOps we noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered …
I think we can all agree that, in general, different users have different needs. For instance, we’ve found that developers generally use Artifactory to find, select, and then install packages into their development environment, while administrators tend to use Artifactory for troubleshooting, confirming package operations, and other related analyses. That’s why currently, developers and administrators …
GitHub Copilot Autofix + JFrog: Seamless Security for Developers Developers are expected to write new and more complex code to create leading-edge features in new software releases at a relenting pace. To do this they are looking for help from AI assistants like GitHub Copilot to help write better code, faster. They want to write, …
swampUP 2024, the annual JFrog DevOps Conference, was unique in it’s addressing not only more familiar DevOps and DevSecOps issues, but adding specific operational challenges, stemming from the explosive growth of GenAI and the resulting need for specialized capabilities for handling AI models and datasets, while supporting new personae such as AI/ML engineers, data scientists …
In the never-ending quest to speed up software release cycles, ensuring the security and integrity of application artifacts has never been more critical. As applications are continuously built, tested, and deployed, every element of the software pipeline—from source code to container images—needs to be trusted and verifiable. A key aspect of maintaining this trust is …
On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in the disclosure process, @evilsocket decided to advance the disclosure, and on …
