JFrog

Black Hat 2022: The CVSS Fallacy - can you trust the world's most popular vulnerability metric?

Aug 15, 2022 By JFrog In JFrog

The NVD defines one of the usages of CVSS as “a factor in prioritization of vulnerability remediation” and it is the current de-facto vulnerability metric, often seen as infallible guidance and a crucial element in many compliance processes. In our session we will go over real-world CVE examples, demonstrating cases and entire categories where CVSSv3.1 falls short of providing an accurate assessment, both due to its design and its various mishandlings. The session will also touch upon specific indicators in the CVE description that can raise the confidence in a CVSS score, and vice versa.

View Video

JFrog

Read more about Black Hat 2022: The CVSS Fallacy - can you trust the world's most popular vulnerability metric?

#DevOpsSpeakeasy at #KubeCon EU 2022 with Tom Granot on Developer -Native Observability

Aug 10, 2022 By JFrog In JFrog

In this interview Tom walked us through the importance of devloper native observability and how it can be easily obtained with Lightrun.

View Video

JFrog

Read more about #DevOpsSpeakeasy at #KubeCon EU 2022 with Tom Granot on Developer -Native Observability

JFrog Xray Integration with AWS Security Hub

Jul 26, 2022 By Alex Hung & Daniel Miakotkin In JFrog

SecOps demands vigilance, but it requires visibility, too. With JFrog’s latest integration for Xray with AWS Security Hub, you can help make sure that discovered vulnerabilities are not just seen, but quickly acted on. AWS Security Hub is the cloud security posture management service available to AWS users. It provides central security administration across AWS accounts, performing security best practice checks, aggregating alerts, and enabling automated remediation.

Read Post

JFrog

Read more about JFrog Xray Integration with AWS Security Hub

How To Put Cloud Nimble to Work to Shift Left Security

Jul 20, 2022 By John Cabaniss and Gianni Truzzi In JFrog

Shifting security left means preventing developers from using unacceptably vulnerable software supply chain components as early as possible: before their first build. By helping assure that no build is ever created using packages with known vulnerabilities, this saves substantial remediation costs in advance. Some JFrog customers restrict the use of open source software (OSS) packages to only those that have been screened and approved by their security team.

Read Post

JFrog

Read more about How To Put Cloud Nimble to Work to Shift Left Security

Testing resiliency against malicious package attacks: a double-edged sword?

Jul 12, 2022 By Andrey Polkovnychenko In JFrog

The JFrog Security research team continuously monitors popular open-source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. At times, we notice trends that are worth analyzing and learning from.

Read Post

JFrog

Read more about Testing resiliency against malicious package attacks: a double-edged sword?

Team Up on DevSecOps with JFrog Platform App for Microsoft Teams

Jul 11, 2022 By Deep Datta and Karol Harezlak In JFrog

The JFrog DevOps Platform is your mission-critical tool for your software development pipelines. The results of key binary management events in Artifactory, Xray, and Distribution can reveal whether or not your software pipelines are on-track to deliver production-quality releases.

Read Post

JFrog

Read more about Team Up on DevSecOps with JFrog Platform App for Microsoft Teams

rusted SBOMs delivered with the JFrog Platform and Azure

Jun 29, 2022 By JFrog In JFrog

SBOMs provide essential visibility into all the components that make up a piece of software and detail how it was put together. With an SBOM in hand it’s possible to determine if software contains existing security and compliance issues or is impacted by newly discovered vulnerabilities. The SBOM is imperative due to the White House’s cybersecurity executive order from May 2021 requiring them for all government software purchases and many private organizations following suit.

View Video

JFrog

Read more about rusted SBOMs delivered with the JFrog Platform and Azure

CVE-2022-30522 - Denial of Service (DoS) Vulnerability in Apache httpd "mod_sed" filter

Jun 28, 2022 By Brian Moussalli In JFrog

This past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it created a new unwanted behavior. Our suspicion turned out to be true: we discovered that another way to cause a DoS was introduced.

Read Post

JFrog

Read more about CVE-2022-30522 - Denial of Service (DoS) Vulnerability in Apache httpd "mod_sed" filter

DevSecOps 101: Presenting Pyrsia

Jun 27, 2022 By JFrog In JFrog

Hear about Pyrsia, the Decentralized Package Network. JFrog Solutions Engineering Manager William Manning will be interviewing JFrog Development Manager Sudhindra Rao on this new community initiative. Pyrsia enables developers to quickly and easily leverage any package with confidence and transparency.

View Video

JFrog

Read more about DevSecOps 101: Presenting Pyrsia

Monthly JFrog Xray Demo

Jun 14, 2022 By JFrog In JFrog

William Manning, JFrog Solutions Engineering Manager, hosts "Monthly JFrog Xray Demo." See how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.

View Video

JFrog

Read more about Monthly JFrog Xray Demo

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

Black Hat 2022: The CVSS Fallacy - can you trust the world's most popular vulnerability metric?

#DevOpsSpeakeasy at #KubeCon EU 2022 with Tom Granot on Developer -Native Observability

JFrog Xray Integration with AWS Security Hub

How To Put Cloud Nimble to Work to Shift Left Security

Testing resiliency against malicious package attacks: a double-edged sword?

Team Up on DevSecOps with JFrog Platform App for Microsoft Teams

rusted SBOMs delivered with the JFrog Platform and Azure

CVE-2022-30522 - Denial of Service (DoS) Vulnerability in Apache httpd "mod_sed" filter

DevSecOps 101: Presenting Pyrsia

Monthly JFrog Xray Demo

Monthly Archive

Follow Us