Enhancing trust for SGX enclaves

By Artur Cygan Creating reproducible builds for SGX enclaves used in privacy-oriented deployments is a difficult task that lacks a convenient and robust solution. We propose using Nix to achieve reproducible and ...

Celebrating our 2023 open-source contributions

At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about ...

Supply Chain Attack Methodologies – It’s the Installer Now

”Supply chain attack” encompasses many different forms of attacks and exploits Yet another type was recently uncovered – malicious behavior in properly signed installers While this particular case was not Java specific, ...

Internet freedom with the Open Technology Fund

By Spencer Michaels, William Woodruff, Jeff Braswell, and Cliff Smith Trail of Bits cares about internet freedom, and one of our most valued partners in pursuit of that goal is the Open ...
supply chain, SBOM, cybersecurity, SLSA organizations third party attacks supply chain supply chain ransomware The Kill Chain Model

The Role of XBOMs in Supporting Cybersecurity

SBOMs aren’t the only bills of materials that are necessary for the protection of your tech stack. XBOMs are growing in importance ...
Security Boulevard

“Everything” and the Node.js kitchen sink too

*The Supply Chain is vulnerable at all levels, from the code to the distribution *Node.js repository was effectively locked after a developer uploaded a malicious package It’s often hard to differentiate between ...
BG - EMBA - From firmware to exploit

Exploring EMBA: Unraveling Firmware Security with Confidence

| | Blog, research, supply chain
Firmware security analysis is a critical aspect of modern cybersecurity. As our devices become more interconnected and reliant on firmware, understanding the vulnerabilities in this often overlooked layer of software is paramount ...

How CISA can improve OSS security

By Jim Miller The US government recently issued a request for information (RFI) about open-source software (OSS) security. In this blog post, we will present a summary of our response and proposed ...
SolarWinds supply chain cybersecurity

SolarWinds Swings Back at SEC Following Fraud Charges

Executives at SolarWinds are pushing back at the lawsuit filed this week by the Securities and Exchange Commission against the company and its top security official in connection with the high-profile cyberattack, ...
Security Boulevard

Supply Chain Attacks – Risk Perception vs Reality

Supply chain attacks have surged in recent years, gradually becoming a formidable threat in the cybersecurity landscape. Yet, despite their growing prevalence, there seems to be a disconnection between the perception and ...