ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

JFrog Releases OSS Tools to Identify Log4j Utilization in Both Binaries & Source Code

By: via Business Wire

Open-Source Tools Allow Developers to Quickly Determine Exposure & Focus Remediation Efforts to Speed Time to Resolution

JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform, today released free scanning tools specifically designed for developers to detect the presence and utilization of Apache Log4j in both source code and binaries. The four new tools are available for download immediately via GitHub in both Java and Python.

The new tools perform specialized scans to identify direct or indirect (transitive) dependencies, as well as instances where Log4j does not appear as a separate file, but is bundled inside a larger software package and harder to detect. The new tools are command line-based for easy integration with developers’ existing environments and their open-core helps ensure the capabilities will continue to evolve over time as needs change.

“The Log4j vulnerability has set the enterprise software landscape on fire due to its widespread usage as a component across the software supply chain, making it difficult to rapidly pinpoint and remediate,” said Asaf Karas, CTO of JFrog Security Research. “In times of crisis open-source tools that scan both binaries and source code allow community collaboration and contributions to collectively solve immediate and long-term security issues, which is why we’re proud to release these tools today.”

Industry research estimates nearly half of all global enterprises have already been impacted by the Log4j vulnerability with incidents rising by the day. Government officials from Austria, Canada, New Zealand, the U.K., and the U.S. have also sounded alarms over this recently exposed vulnerability and are recommending immediate action by enterprises and software providers alike.

The Log4j vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers. JFrog’s Security Research team detailed currently known Log4j vulnerabilities and outlined best practices for how to identify and address them in this blog, which is being continuously updated.

Interested parties can also register to learn more about Log4j, its impact, and how to quickly identify and manage threats in JFrog’s webinar, Log4Shell Vulnerability: All you need to know,” taking place on Thursday, December 16, 2021 at 11 am PT/2 pm ET.

Like this Story? Tweet this: .@jfrog releases 4 new OSS tools to help identify and remediate Log4j vulnerabilities. Download them now: https://github.com/jfrog/log4j-tools

About JFrog

JFrog is on a mission to be the company powering all of the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The company’s end-to-end DevOps platform – the JFrog Platform - provides the tools and visibility required by modern organizations to solve today’s challenges across critical pieces of the DevOps cycle. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services on a number of cloud service provider platforms. JFrog is trusted by millions of users and thousands of customers, including a majority of the Fortune 100 companies that depend on JFrog solutions to manage their mission-critical software delivery pipelines. Learn more at jfrog.com.

Cautionary Note About Forward-Looking Statements

This press release contains “forward-looking” statements, as that term is defined under the U.S. federal securities laws, including but not limited to statements regarding open-source tools that allow developers to quickly determine exposure and focus remediation efforts to speed time to resolution, our ability to meet customer needs, and our ability to drive market standards. These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement.

There are a significant number of factors that could cause actual results, performance or achievements, to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2020, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements.

Contacts

More News

View More
3 Healthcare Stocks Using AI to Drive Growth
Via MarketBeat
Topics Artificial Intelligence
Tickers BSX HIMS TEM
Get Exposure to Millennials' Purchasing Power With This ETF
Via MarketBeat
Topics ETFs
Tickers AAPL DASH DIS GOOGL META MILN
Why a $4.5 Billion Smart Debt Move Is Fueling Dell’s AI Ambitions
Via MarketBeat
Topics Artificial Intelligence
Tickers DELL
Beam Global Gets Buy Rating With 101% Upside Potential
Via MarketBeat
Topics Intellectual Property
Tickers BEEM
These 3 Crypto Stocks Could Get a Bump as Dollar Trust Weakens
Via MarketBeat
Topics ETFs Economy World Trade
Tickers BITF COIN HOOD
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.