A 10-point plan to improve the security of open source software
The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a …
Malicious Python packages employ advanced detection evasion techniques
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …
JFrog collaborates with Slack to raise awareness of important software development events
JFrog released a new Slack integration for JFrog Artifactory and JFrog Xray. The new JFrog app for Slack allows developers to raise awareness of important software development …
Dependency Combobulator: Open source toolkit to combat dependency confusion attacks
Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The toolkit, available on GitHub, …
JFrog receives CNA certification to help security researchers verify and triage their vulnerabilities
JFrog announced it has been designated by the CVE Program as a CVE Numbering Authority (CNA). With this certification, JFrog joins an elite group of public and private sector …
Vulnerable TCP/IP stack is used by almost 200 device vendors
Researchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack (aka InterNiche) TCP/IP stack, used in OT devices such as the extremely popular Siemens …
JFrog to acquire Vdoo to expand its end-to-end DevOps platform offering
JFrog announced that it has entered into a definitive agreement to acquire Vdoo Connected Trust in a cash and stock-based deal valued at approximately $300 million. JFrog has …
JFrog Private Distribution Network accelerates large-scale application delivery
JFrog announced Private Distribution Network at its annual DevOps user conference swampUP. A new innovative capability of JFrog Distribution, part of the JFrog DevOps …