audits
Typos that omit security features and how to test for them
By Dominik ‘disconnect3d’ Czarnota During a security audit, I discovered an easy-to-miss typo that unintentionally failed to enable _FORTIFY_SOURCE, which helps detect memory corruption bugs in incorrectly used C functions. We searched, ...
How to Remediate Your Audit Findings
So, your company has undergone a compliance audit, and — don’t faint from surprise here — it came ... Read More The post How to Remediate Your Audit Findings appeared first on ...
We need a new way to measure AI security
Tl;dr: Trail of Bits has launched a practice focused on machine learning and artificial intelligence, bringing together safety and security methodologies to create a new risk assessment and assurance program. This program ...
cURL audit: How a joke led to significant findings
By Maciej Domanski In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. The project coincided with a Trail of ...
What are Software Audits and Why are They on the Rise?
Recent years have seen an uptick in software audits, with more companies being asked to provide evidence of licensing compliance. This is largely due to the fact that organizations are now using ...
Issues Management in Hyperproof: How It Works and How It Can Help You
Issues management is here to help you mitigate and manage issues more efficiently! Learn more about our latest feature update. The post Issues Management in Hyperproof: How It Works and How It ...
Best Practices for Audit Evidence Collection: How to Get Started
When it comes to governance, risk, and compliance (GRC), there’s a lot to assess. But where do you ... Read More The post Best Practices for Audit Evidence Collection: How to Get ...
How to share what you’ve learned from our audits
By Nick Selby Trail of Bits recently completed a security review of cURL, which is an amazing and ubiquitous tool for transferring data. We were really thrilled to see cURL founder and ...
Are you sure your Python ABI is actually stable?
TL;DR: Trail of Bits has developed abi3audit, a new Python tool for checking Python packages for CPython application binary interface (ABI) violations. We’ve used it to discover hundreds of inconsistently and incorrectly ...
SOC 2 Compliance: 6 Steps to a Perfect Audit with Trustero
A SOC 2 audit can take months and cost tens of thousands of dollars. Here are six steps you can take to maximize the likelihood of passing that audit successfully and begin ...
