*nix libX11: Uncovering and exploiting a 35-year-old vulnerability โ€“ Part 2 of 2

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library โ€“ CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11โ€™s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find โ€ฆ

JFrog CTF 2023 cybersecurity competition

How Capture the Flag Raises Security Awareness and Enhances Enforcement

While many are familiar with championship sports teams like Manchester United, the New York Yankees and Montreal Canadiens, the real question is whether you have ever heard of perennial champions such as โ€œPlaid Parliament of Pwningโ€, โ€œMore Smoked Leet Chickenโ€ and โ€œDragon Sectorโ€. If not, then get ready to meet the leading teams in the โ€ฆ

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability โ€“ Part 1 of 2

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library โ€“ CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11โ€™s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find โ€ฆ

Top 7 ML Model Monitoring Tools in 2024

Taking a machine learning model to production from the proof of concept stage is a complex journey. Deploying the model is only the tip of the iceberg when it comes to operationalizing machine learning (ML) models. After the initial deployment, maintaining deployed models and continuously improving them requires specialized tools and systems. ML model monitoring โ€ฆ

Top JFrog Security Blogs 2023

Top JFrog Security Research Blogs of the Year

With over 29,000 CVEs and 5.5 billion malware attacks recorded in the past year, itโ€™s no wonder that software supply chain security is a top priority for enterprise developers on a global scale. That is also why JFrog Security Research has been instrumental in identifying and analyzing the biggest threats and devising methods to protect โ€ฆ

what is jfrog security

What is JFrog Security?

The security of the software supply chain is rapidly becoming a paramount concern for organizations โ€” and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted โ€ฆ

The JFrog Platform Empowers AI Model Development and Security

Navigating AIโ€™s New Horizons: Empowering AI Model Development, Security and Compliance

The Wake-Up Call The rapid rise of artificial intelligence, more specifically, generative AI systems such as OpenAIโ€™s ChatGPT, has simultaneously spurred intense development and concern over the past year. On the 30th of October, President Joe Biden signed an Executive Order that urges new federal standards for AI development, safety, security, and trustworthiness that also โ€ฆ

2023 Best of JFrog Software Supply Chain Blogs

2023 was a big year. There were many interesting challenges and exciting developments within our industry, like the continued evolution of AI/ML, the discovery and remediation of widespread CVEs, and major leaps forward in the realm of end-to-end software supply chain security. In that spirit, we want to recap the news and articles that you โ€ฆ

The JFrog Platform enables proactive prevention of software vulnerabilities before they can be exploited

Proactive Vulnerability Management is a No Brainer for Security, butโ€ฆ

In December 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) identified exploits against vulnerable public-facing applications as the most common initial attack vector for cybercriminals, followed by attacks on external remote services such as VPNs. According to a study by CrowdStrike, exploit activity targeting cloud apps and assets grew 95% from 2021 to 2022, โ€ฆ

A Brief Comparison of Kubeflow vs Airflow

There has been an explosion in new technologies and tools for managing tasks and data pipelines in recent years. There are now so many of them, in fact, that it can be challenging to decide which ones to use and understand how they interact with one another, especially because selecting the right tool for your โ€ฆ