Devops Resources Home

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability โ€“ Part 2 of 2
January 24, 2024

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library โ€“ CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11โ€™s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find โ€ฆ

Read More
JFrog CTF 2023 cybersecurity competition

How Capture the Flag Raises Security Awareness and Enhances Enforcement
January 22, 2024

While many are familiar with championship sports teams like Manchester United, the New York Yankees and Montreal Canadiens, the real question is whether you have ever heard of perennial champions such as โ€œPlaid Parliament of Pwningโ€, โ€œMore Smoked Leet Chickenโ€ and โ€œDragon Sectorโ€. If not, then get ready to meet the leading teams in the โ€ฆ

Read More

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability โ€“ Part 1 of 2
January 17, 2024

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library โ€“ CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11โ€™s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find โ€ฆ

Read More

Top 7 ML Model Monitoring Tools in 2024
December 31, 2023

Taking a machine learning model to production from the proof of concept stage is a complex journey. Deploying the model is only the tip of the iceberg when it comes to operationalizing machine learning (ML) models. After the initial deployment, maintaining deployed models and continuously improving them requires specialized tools and systems. ML model monitoring โ€ฆ

Read More
Top JFrog Security Blogs 2023

Top JFrog Security Research Blogs of the Year
January 12, 2024

With over 29,000 CVEs and 5.5 billion malware attacks recorded in the past year, itโ€™s no wonder that software supply chain security is a top priority for enterprise developers on a global scale. That is also why JFrog Security Research has been instrumental in identifying and analyzing the biggest threats and devising methods to protect โ€ฆ

Read More
what is jfrog security

What is JFrog Security?
January 08, 2024

The security of the software supply chain is rapidly becoming a paramount concern for organizations โ€” and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted โ€ฆ

Read More
The JFrog Platform Empowers AI Model Development and Security

Navigating AIโ€™s New Horizons: Empowering AI Model Development, Security and Compliance
December 14, 2023

The Wake-Up Call The rapid rise of artificial intelligence, more specifically, generative AI systems such as OpenAIโ€™s ChatGPT, has simultaneously spurred intense development and concern over the past year. On the 30th of October, President Joe Biden signed an Executive Order that urges new federal standards for AI development, safety, security, and trustworthiness that also โ€ฆ

Read More

2023 Best of JFrog Software Supply Chain Blogs
January 11, 2024

2023 was a big year. There were many interesting challenges and exciting developments within our industry, like the continued evolution of AI/ML, the discovery and remediation of widespread CVEs, and major leaps forward in the realm of end-to-end software supply chain security. In that spirit, we want to recap the news and articles that you โ€ฆ

Read More
The JFrog Platform enables proactive prevention of software vulnerabilities before they can be exploited

Proactive Vulnerability Management is a No Brainer for Security, butโ€ฆ
January 04, 2024

In December 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) identified exploits against vulnerable public-facing applications as the most common initial attack vector for cybercriminals, followed by attacks on external remote services such as VPNs. According to a study by CrowdStrike, exploit activity targeting cloud apps and assets grew 95% from 2021 to 2022, โ€ฆ

Read More

A Brief Comparison of Kubeflow vs Airflow
September 21, 2022

There has been an explosion in new technologies and tools for managing tasks and data pipelines in recent years. There are now so many of them, in fact, that it can be challenging to decide which ones to use and understand how they interact with one another, especially because selecting the right tool for your โ€ฆ

Read More

Popular Tags