Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

Streamlining Secure, Intelligent Development: The Power of GitHub and JFrog Together

Sep 10, 2024 By Yonatan Arbel In JFrog
Picture this: You’ve just settled in at home after a long day, ready to relax, when suddenly your phone buzzes. It’s a notification about a failed build in your latest project. Your heart sinks. Your mind starts racing to connect the dots… What went wrong? Where is it broken? There’s usually no one immediately available to answer these questions, and you know it will require a large manual effort to get to the bottom of the issue.
Read Post
jfrog

JFrog Unveils First Runtime Security Solution to Deliver Complete Software Integrity and Lineage from Code to Cloud

Sep 10, 2024 By Asaf Karas In JFrog
When it comes to software supply chain security, we all do everything we can to prevent insecure software from being released into production. Hence we see software supply chain security shifting left to discover potential threats as early as possible in the software development lifecycle. But what happens when vulnerabilities are only discovered after an application has been distributed to its operating environment?
Read Post
jfrog

Revival Hijack - PyPI hijack technique exploited in the wild, puts 22K packages at risk

Sep 4, 2024 By Andrey Polkovnichenko In JFrog
JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. This blog details a PyPI supply chain attack technique the JFrog research team discovered had been recently exploited in the wild.
Read Post

Securing the Software Supply Chain in the AI/ML Era

Aug 29, 2024 By JFrog In JFrog
Uncover Critical Gaps in Software Supply Chain Security A recent survey of over 300 global IT executives found that while 23% of organizations experienced software supply chain (SSC) breaches, only 30% prioritize SSC security. Our APAC tech leaders dive into these insights and offer practical solutions to enhance your security posture. Discover the latest trends and effective measures to protect your software supply chain.
View Video
jfrog

From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms

Aug 20, 2024 By Ori Hollander In JFrog
NOTE: This research was recently presented at Black Hat USA 2024, under the title “From MLOps to MLOops – Exposing the Attack Surface of Machine Learning Platforms”. The JFrog Security Research team recently dedicated its efforts to exploring the various attacks that could be mounted on open source machine learning (MLOps) platforms used inside organizational networks.
Read Post
jfrog

Out with the Old - Keeping Your Software Secure by Managing Dependencies

Aug 19, 2024 By Yonatan Arbel In JFrog
During 2023, the U.S. witnessed a record high in supply chain cyber-attacks, affecting 2,769 organizations. This figure represents the largest number recorded since 2017, marking an approximate 58% annual increase in impacted entities. If there ever was a doubt, now it’s crystal clear that YOUR SOFTWARE SUPPLY CHAIN IS A TARGET. Developers, DevOps and Security teams must prioritize processes that enhance security for all phases of the software supply chain.
Read Post

Building for the Future DevSecOps in the era of AI ML Model Development

Aug 15, 2024 By JFrog In JFrog
Melissa McKay, JFrog Developer Advocate, and Sunil Bemarkar, AWS Sr. Partner Solutions Architect, discuss practical ways to mature your MLOps approach including bringing model use and development into your existing secure software supply chain and development processes. Watch to learn more and get a demo of the JFrog and Amazon SageMaker integration.
View Video
jfrog

CVE-2024-38428 Wget Vulnerability: All you need to know

Aug 12, 2024 By Goni Golan In JFrog
On Sunday, June 2nd 2024, a fix commit was pushed for a vulnerability in GNU’s popular Wget tool. Two weeks later, the vulnerability was assigned the ID CVE-2024-38428 and later was classified as a critical vulnerability – with a CVSS score of 9.1. In this blog, we take a dive deep into this threat by seeing what caused it, what consequences it might have, and how it can be mitigated.
Read Post

MLOps & the Role of GenAI in Securing the Software Supply Chain

Aug 2, 2024 By JFrog In JFrog
Artificial Intelligence and Machine Learning have hit the mainstream – particularly the use of Gen AI and LLMs to help organizations automate manual processes and analyze data at machine speed with dramatic results. How can ML and Gen AI help DevOps teams better secure the software supply chain? As the volume of code grows exponentially, these evolving technologies offer new, more efficient means to secure, deliver and scale software – but with accompanying risks that must be mitigated.
View Video
jfrog

Point Solutions vs Platform - Which is Best to Secure your Software Supply Chain?

Jul 25, 2024 By Shani Achwal In JFrog
According to Gartner, almost two-thirds of U.S. businesses were directly impacted by a software supply chain attack. So it’s not a question of whether to secure your software supply chain, but rather what is the most effective and efficient way to provide end-to-end security during all phases of the software development lifecycle (SDLC). Download the Ebook.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.