On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will …
In this blog series, we will explore the importance of merging DevOps best practices with MLOps to bridge this gap, enhance an enterprise’s competitive edge, and improve decision-making through data-driven insights. Part one discussed the challenges of separate DevOps and MLOps pipelines and outlined a case for integration. In this second of three blogs, we’ll …
Petabytes of monthly data transfer. Thousands of concurrent requests per customer. Hundreds of thousands of requests per minute per customer. The JFrog Platform is a mission critical piece of software development and delivery infrastructure for companies that require performance at scale. When you’re supporting thousands of developers, even a minute of downtime or delay can …
In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services. In this post, we will again dive …
We can all agree that visibility into resource usage is crucial for optimizing performance and managing costs to drive your business — especially in today’s cloud-driven world. MyJFrog is a comprehensive management portal for overseeing JFrog cloud platform instances and subscriptions. It provides a centralized control tower to manage and monitor subscriptions, resources, and usage. …
Feature stores are rapidly growing in popularity as organizations look to improve their machine learning productivity and operations (MLOps). With the advancements in MLOps, feature stores are becoming an essential component of the machine learning infrastructure, helping organizations to improve the performance and ability to explain their models, and accelerate the integration of new models …
While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it …
As businesses realized the potential of artificial intelligence (AI), the race began to incorporate machine learning operations (MLOps) into their commercial strategies. But the integration of machine learning (ML) into the real world proved challenging, and the vast gap between development and deployment was made clear. In fact, research from Gartner tells us 85% of …
I think we can all agree that, in general, different users have different needs. For instance, we’ve found that developers generally use Artifactory to find, select, and then install packages into their development environment, while administrators tend to use Artifactory for troubleshooting, confirming package operations, and other related analyses. That’s why currently, developers and administrators …
Machine learning (ML) models are almost always developed in an offline setting, but they must be deployed into a production environment in order to learn from live data and deliver value. A common complaint among ML teams, however, is that deploying ML models in production is a complicated process. It is such a widespread issue …
