About Us

Laser Focus World is an industry bedrock—first published in 1965 and still going strong. We publish original articles about cutting-edge advances in lasers, optics, photonics, sensors, and quantum technologies, as well as test and measurement, and the shift currently underway to usher in the photonic integrated circuits, optical interconnects, and copackaged electronics and photonics to deliver the speed and efficiency essential for data centers of the future.

Our 80,000 qualified print subscribers—and 130,000 12-month engaged online audience—trust us to dive in and provide original journalism you won’t find elsewhere covering key emerging areas such as laser-driven inertial confinement fusion, lasers in space, integrated photonics, chipscale lasers, LiDAR, metasurfaces, high-energy laser weaponry, photonic crystals, and quantum computing/sensors/communications. We cover the innovations driving these markets.

Laser Focus World is part of Endeavor Business Media, a division of EndeavorB2B.

Laser Focus World Membership

Never miss any articles, videos, podcasts, or webinars by signing up for membership access to Laser Focus World online. You can manage your preferences all in one place—and provide our editorial team with your valued feedback.

Magazine Subscription

Can you subscribe to receive our print issue for free? Yes, you sure can!

Newsletter Subscription

Laser Focus World newsletter subscription is free to qualified professionals:

The Daily Beam

Showcases the newest content from Laser Focus World, including photonics- and optics-based applications, components, research, and trends. (Daily)

Product Watch

The latest in products within the photonics industry. (9x per year)

Bio & Life Sciences Product Watch

The latest in products within the biophotonics industry. (4x per year)

Laser Processing Product Watch

The latest in products within the laser processing industry. (3x per year)

Get Published!

If you’d like to write an article for us, reach out with a short pitch to Sally Cole Johnson: [email protected]. We love to hear from you.

Photonics Hot List

Laser Focus World produces a video newscast that gives a peek into what’s happening in the world of photonics.

Following the Photons: A Photonics Podcast

Following the Photons: A Photonics Podcast dives deep into the fascinating world of photonics. Our weekly episodes feature interviews and discussions with industry and research experts, providing valuable perspectives on the issues, technologies, and trends shaping the photonics community.

Social Media

BlueskyFacebookInstagram LinkedIn • YouTube

Meet the Laser Focus World Team

Editorial

Sales

Editorial Advisory Board

  • Professor Andrea M. Armani, University of Southern California
  • Ruti Ben-Shlomi, Ph.D., LightSolver
  • James Butler, Ph.D., Hamamatsu
  • Natalie Fardian-Melamed, Ph.D., Columbia University
  • Justin Sigley, Ph.D., AmeriCOM
  • Professor Birgit Stiller, Max Planck Institute for the Science of Light, and Leibniz University of Hannover
  • Professor Stephen Sweeney, University of Glasgow
  • Mohan Wang, Ph.D., University of Oxford
  • Professor Xuchen Wang, Harbin Engineering University
  • Professor Stefan Witte, Delft University of Technology
My Watchlist
Indicators
Industrial Laser Index
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

JFrog Curation Redefines “Shift Left” Security for Enterprise Software Supply Chains

By: via Business Wire

New product delivers centralized governance for automatically blocking malicious open-source packages and vulnerabilities from entering organizations

JFrog Ltd. (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today introduced JFrog Curation, an automated DevSecOps solution designed to thoroughly vet and block malicious open source or third-party software packages and their respective dependencies before entering an organization’s software development environment. Natively integrated with JFrog Artifactory binary repository, JFrog Curation is unique in its use of binary metadata for identification of malicious packages with higher-severity CVEs, operational, or license compliance issues - removing the need to download each package for scanning before use, which preserves developer speed and ease.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230712412540/en/

JFrog Curation Redefines "Shift Left" Security for Enterprise Software (Graphic: Business Wire)

JFrog Curation Redefines "Shift Left" Security for Enterprise Software (Graphic: Business Wire)

"Software developers use millions of open source components to accelerate project delivery and gain a competitive edge, but this practice could be abused to inject malicious packages and vulnerabilities to the code - increasing the risk of software supply chain attacks,” said Asaf Karas, CTO of Security, JFrog. “Application security must be taken seriously and looked at holistically from the point of creation through runtime on edge devices. JFrog Curation takes the ‘shift left’ concept to the next level by automatically blocking use of risky open source software packages before entry to an organization, drastically reducing a company’s overall attack surface without compromising on speed or the developer experience.”

The use of open source software for development of commercial applications is now mainstream, with 87 percent of respondents to an IDC survey indicating open source would be their first choice over other commercial options.1 However, in 2022, more than 10 million people were impacted by software supply chain attacks targeting roughly 1,700 entities worldwide – nearly all of which included some element of faulty or nefarious open source code.2

"Security incidents such as log4Shell, Spring4Shell, etc., have taught us that what's safe today may not be safe tomorrow when using public open source libraries," said Jim Mercer, IDC Research Vice President of DevOps and DevSecOps. "A tool that simplifies the developer experience while ensuring packages comply with established, regularly updated security policies, and are validated against relevant vulnerability databases, is essential for securing modern DevOps workflows."

JFrog Curation also validates incoming software packages against JFrog’s Security Research library of recorded Critical Vulnerabilities Exposures (CVE) and publicly available information to help establish a trusted repository of pre-approved, third-party software components for use in development. By effectively bridging public package repositories, developers, production, and security personas, JFrog Curation helps improve efficiency while preventing time-consuming and costly remediation efforts later.

JFrog Curation is designed to enable developers, security leaders, and DevSecOps engineers to:

  • Vet and block open source software components without compromising the developer experience or speed.
  • Have central visibility and governance of every open source package requested by a developer or build tool with accurate, metadata-based insights on all infected packages, with actionable advice on ways to remediate.
  • Create a comprehensive and transparent audit trail to help organizations comply with current and emerging regulatory requirements.
  • Optimize the developer experience with frictionless, validated software component retrieval.
  • Avoid the unruly sprawl of various tool suites through its integration with the JFrog Software Supply Chain Platform, which provides consistent, automated processes across development environments.

To learn more about how JFrog Curation defends your software supply chain read this blog, visit https://jfrog.com/curation, or join us for an informative product overview webinar, “Seamlessly Curate Software Packages Entering Your Organization,” on Tuesday, July 25, 2023, at 10 a.m. PDT / 1 p.m. EDT. Interested parties can also see JFrog Curation in action at booth 1781 during Black Hat Las Vegas, taking place Aug. 5-10, 2023 at the Mandalay Bay Convention Center. Follow us @JFrogSecurity for more details on JFrog Curation and activities during the show.

Like this story? Tweet this: .@jfrog unveils JFrog Curation - redefining #shiftleft #security for enterprise #softwaresupplychains. Learn more: http://bit.ly/46LSe3y #developers #DevOps

About JFrog

JFrog Ltd. (Nasdaq: FROG), is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, ensuring it is available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog to secure their mission-critical software supply chains. Once you leap forward, you won’t go back! Learn more at jfrog.com and follow us on Twitter: @jfrog.

Cautionary Note About Forward-Looking Statements

This press release contains “forward-looking” statements, as that term is defined under the U.S. federal securities laws, including but not limited to statements regarding JFrog Curation and its technology, capabilities, advantages, and features, as well as statements made by JFrog’s executives and customers. These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, and the performance or achievements of its products, to differ materially from those expressed or implied in any forward-looking statement. There are a significant number of factors that could cause actual results, performance or achievements, to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2022, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements.

___________________________

1 IDC, “DevOps and Accelerated Application Delivery Survey”, IDC #US47225621, January 2022.

2 https://www.idtheftcenter.org/wp-content/uploads/2023/01/ITRC_2022-Data-Breach-Report_Final-1.pdf

Contacts

More News

View More
Starbucks Stock Slumps; This Competitor Shows Strength
Via MarketBeat
Tickers BROS SBUX
The Trade Desk: 2 Signs of a Comeback, 1 Risk Ahead
Via MarketBeat
Tickers AMZN GOOG GOOGL TTD
Are Airline Stocks Ready for Takeoff After a Turbulent 2025?
Via MarketBeat
Topics Economy
Tickers AAL DAL LUV XTN
Why the Precious Metal Nobody Talks About Could Be Your Best Bet
Via MarketBeat
Topics ETFs Economy
Tickers PALL VOO
Cheap Chipotle? Why CMG Stock Could Be Ready for a Comeback
Via MarketBeat
Tickers CMG YUM
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.