Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

Friction between DevOps and Security - Here's Why it Can't be Ignored

Apr 3, 2024 By Sean Wright In JFrog
Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright’s blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company’s software applications.
Read Post
jfrog

CVE-2024-3094 XZ Backdoor: All you need to know

Mar 31, 2024 By Shachar Menashe In JFrog
On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within XZ Utils, a widely used package present in major Linux distributions (The GitHub project originally hosted here is now suspended). Fortunately, the malicious code was discovered quickly by the OSS community and managed to infect only two of the most recent versions of the package, 5.6.0 and 5.6.1, which were released within the past month.
Read Post
jfrog

The State of Software Supply Chain Security in 2024

Mar 27, 2024 By Sean Pratt In JFrog
In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your supply chain.
Read Post
jfrog

NPM Manifest Confusion: Six Months Later

Mar 26, 2024 By Andrey Polkovnichenko In JFrog
Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a large threat, allowing malicious actors to deceive developers and hide harmful code from detection.
Read Post
jfrog

Tips from a CSO: How to Secure Your Software Supply Chain

Mar 25, 2024 By Moran Ashkenazi In JFrog
Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table, and working collaboratively to address challenges.
Read Post
jfrog

Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor

Feb 27, 2024 By David Cohen In JFrog
In the realm of AI collaboration, Hugging Face reigns supreme. But could it be the target of model-based attacks? Recent JFrog findings suggest a concerning possibility, prompting a closer look at the platform’s security and signaling a new era of caution in AI research. The discussion on AI Machine Language (ML) models security is still not widespread enough, and this blog post aims to broaden the conversation around the topic.
Read Post

JFrog + Qwak Integration Demo

Feb 27, 2024 By JFrog In JFrog
Together, JFrog and Qwak instill governance, transparency, visibility, and security into every facet of the development and deployment lifecycle for ML models. From managing dependencies to ensuring compliance and optimizing storage, this integration empowers your organization to embrace the future of machine learning with confidence and efficiency. Watch this demo for an overview of the integration.
View Video
jfrog

Secure Access To Your Software Development with GitHub OpenID Connect (OIDC) and JFrog

Feb 14, 2024 By Yonatan Arbel In JFrog
Modern software development requires a seamless connection between multiple software development tools – particularly those used for code management and storing your software artifacts. Connecting between these tools often involves managing a variety of tokens, permissions, passwords, and keys, which if not handled correctly can expose organizations to potential security threats.
Read Post
jfrog

Analyzing common vulnerabilities introduced by Code-Generative AI

Feb 7, 2024 By Natan Nehorai In JFrog
Artificial Intelligence tools such as Bard, ChatGPT, and Bing Chat are the current big names in the Large Language Model (LLM) category which is on the rise. LLMs are trained on vast data sets to be able to communicate by using everyday human language as a chat prompt. Given the flexibility and potential of LLMs, companies are integrating them into many workflows inside the tech industry to make our lives better and easier.
Read Post

DevSecOps Security Best Practices

Feb 1, 2024 By JFrog In JFrog
Carmine Acanfora, Solutions Architect at JFrog in the EMEA region, leads this security best practices webinar. In this webinar, we discuss the advanced features of the JFrog Advanced Security solution, now available in self-hosted mode. We will take the time to address your questions, particularly on topics crucial for all developers, such as: Don't miss this opportunity to explore JFrog's latest security solution and learn how to accelerate and secure your software supply chain with the first DevOps-oriented security solution on the market.
View Video
Subscribe to JFrog

Copyright © 2024 OpsMatters™. All rights reserved.