Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright’s blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company’s software applications. They have many common …
In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your …
While many are familiar with championship sports teams like Manchester United, the New York Yankees and Montreal Canadiens, the real question is whether you have ever heard of perennial champions such as “Plaid Parliament of Pwning”, “More Smoked Leet Chicken” and “Dragon Sector”. If not, then get ready to meet the leading teams in the …
Update – October 11, 2023: This blog has been updated to include all the details that have been published about the vulnerabilities. On Wednesday, October 4th 2023, Daniel Stenberg, one of Curl’s core maintainers announced that a forthcoming release of Curl, version 8.4.0, is scheduled to be available on October 11th 2023 at approximately 06:00 …
In 2022, nearly 1,700 entities across the globe fell victim to software supply chain attacks, impacting over 10 million people. Nearly each of these attacks included some element of faulty or nefarious open-source code. Software developers commonly rely on open-source components to speed up the development process, but as we can see, this practice has …
The risk of supply chain attacks increases as more companies rely on third-party vendors and suppliers for critical services and products. Supply chain attacks have become increasingly prominent in recent years. In 2022, for instance, supply chain attacks surpassed the number of malware-based attacks by 40%. These types of attacks involve targeting a company’s suppliers, …
As we all know, team collaboration can sometimes be a bit complicated. Especially when different teams in the organization strive to achieve their own individual goals. This is where new organizational practices, such as DevOps and DevSecOps, have paved the path for us to work together and achieve our mutual goals. Take a look at …
With security now a critical “must have” for DevOps teams, JFrog significantly deepened and extended our platform’s already solid security capabilities in 2021. In this post, we’ll look back at our major advances last year – and look forward at what’s to come in 2022. Our goal: To explain how we’re providing to our customers …
Together with the community, JFrog pioneered what we now know as DevOps with a focus on binaries (aka software packages, artifacts or images). A decade ago, no one thought binary management would be a thing — now it’s a standard most companies can’t live without. Back then, we said software universality would be necessary, and …
At many organizations, the surprise discovery that the widely used Log4Shell open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this …
