Security

187 posts

A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start. The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared first on The GitHub Blog.

Nancy Gariché3/24/2025

With Cloudflare for AI, developers, security teams and content creators can leverage Cloudflare’s network and portfolio of tools to secure, observe and make AI applications resilient and safe to use.

Michael Tremante3/19/2025

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we'll shed light on how these vulnerabilities that rely on a parser differential were uncovered. The post Sign in as anyone: Bypassing SAML SSO authentication with parser differentials appeared first on The GitHub Blog.

Peter Stöckli3/12/2025

Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders. The post Full exposure: A practical approach to handling sensitive data leaks appeared first on The GitHub Blog.

Alexis Wales3/10/2025

In this guide, we walk you through step-by-step instructions for configuring cross-account access for Amazon Bedrock Custom Model Import, covering both non-encrypted and AWS Key Management Service (AWS KMS) based encrypted scenarios.

Hrushikesh Gangur2/26/2025

Deploy AI safely with built-in Guardrails in AI Gateway. Flag and block harmful or inappropriate content, protect personal data, and ensure compliance in real-time

Kathy Liao2/26/2025

Meta’s Anti Scraping team focuses on preventing unauthorized scraping as part of our ongoing work to combat data misuse. In order to protect Meta’s changing codebase from scraping attacks, we have introduced static analysis tools into our workflow. These tools allow us to detect potential scraping vectors at scale across our Facebook, Instagram, and even [...] Read More... The post Protecting user data through source code analysis at scale appeared first on Engineering at Meta.

2/18/2025

We’re proud to collaborate with CyberPeace Institute by powering its latest initiative, the CyberPeace Tracer, a platform that enables civil society organizations to proactively report cyber threats.

Jocelyn Woolbright2/17/2025

In 2024, our bug bounty program awarded more than $2.3 million in bounties, bringing our total bounties since the creation of our program in 2011 to over $20 million.  As part of our defense-in-depth strategy, we continued to collaborate with the security research community in the areas of GenAI, AR/VR, ads tools, and more.  We [...] Read More... The post Looking back at our Bug Bounty program in 2024 appeared first on Engineering at Meta.

2/13/2025

Cloudflare was recently contacted by researchers who discovered a broadcast amplification vulnerability through their QUIC Internet measurement research. We've implemented a mitigation.

Josephine Chow2/10/2025

The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing. The post From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA appeared first on The GitHub Blog.

Mario Rodriguez2/7/2025

WHAT IT IS Meta’s Automated Compliance Hardening (ACH) tool is a system for mutation-guided, LLM-based test generation. ACH hardens platforms against regressions by generating undetected faults (mutants) in source code that are specific to a given area of concern and using those same mutants to generate tests. When applied to privacy, for example, ACH automates [...] Read More... The post Revolutionizing software testing: Introducing LLM-powered bug catchers appeared first on Engineering at Meta.

2/5/2025

We’re sharing how Meta built support for data logs, which provide people with additional data about how they use our products. Here we explore initial system designs we considered, an overview of the current architecture, and some important principles Meta takes into account in making data accessible and easy to understand.  Users have a variety [...] Read More... The post Data logs: The latest evolution in Meta’s access tools appeared first on Engineering at Meta.

2/4/2025

Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world. The post Cybersecurity researchers: Digital detectives in a connected world appeared first on The GitHub Blog.

Nancy Gariché1/29/2025

Cloudflare is the first organization globally to announce having been successfully audited against the ‘Global Cross-Border Privacy Rules’ system and ‘Global Privacy Recognition for Processors’.

Rory Malone1/28/2025

January 27 marks the International Holocaust Remembrance Day — a solemn occasion to honor the memory of the six million Jews who perished in the Holocaust, along with countless others who fell victim

Omer Yoachimik1/27/2025

Data lineage is an instrumental part of Meta’s Privacy Aware Infrastructure (PAI) initiative, a suite of technologies that efficiently protect user privacy. It is a critical and powerful tool for scalable discovery of relevant data and data flows, which supports privacy controls across Meta’s systems. This allows us to verify that our users’ everyday interactions [...] Read More... The post How Meta discovers data flows via lineage at scale appeared first on Engineering at Meta.

1/23/2025

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory. The post Attacks on Maven proxy repositories appeared first on The GitHub Blog.

Michael Stepankin1/22/2025

Explore insights into open source community growth, innovation, and inclusivity with an updated survey dataset. The post Seven years of open source: A more secure and diverse ecosystem appeared first on The GitHub Blog.

Kenyatta Forbes1/21/2025

Cloudflare strengthens its commitment to cybersecurity by joining CISA's "Secure by Design" pledge. In line with this, we're reducing the prevalence of vulnerability classes across our products.

Sri Pulla1/14/2025