Everything you care about in one place
Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feederblog.trailofbits.com
Trail of Bits Blog
Get the latest updates from Trail of Bits Blog directly as they happen.
Follow now 666 followers
Latest posts
Last updated 8 days ago
mquire: Linux memory forensics without external dependencies
8 days ago
If you’ve ever done Linux memory forensics, you know the frustration: without...
Using threat modeling and prompt injection to audit Comet
13 days ago
Before launching their Comet browser, Perplexity hired us to test the security...
Carelessness versus craftsmanship in cryptography
15 days ago
Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV...
Celebrating our 2025 open-source contributions
about 1 month ago
Last year, our engineers submitted over 375 pull requests that were merged...
Building cryptographic agility into Sigstore
about 1 month ago
Software signatures carry an invisible expiration date. The container image or firmware...
Lack of isolation in agentic browsers resurfaces old vulnerabilities
about 2 months ago
With browser-embedded AI agents, we’re essentially starting the security journey over again...
Detect Go’s silent arithmetic bugs with go-panikint
2 months ago
Go’s arithmetic operations on standard integer types are silent by default, meaning...
Can chatbots craft correct code?
3 months ago
I recently attended the AI Engineer Code Summit in New York, an...
Use GWP-ASan to detect exploits in production environments
3 months ago
Memory safety bugs like use-after-free and buffer overflows remain among the most...
Catching malicious package releases using a transparency log
3 months ago
We’re getting Sigstore’s rekor-monitor ready for production use, making it easier for...
Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis
3 months ago
In 2023 GitHub introduced CodeQL multi-repository variant analysis (MRVA). This functionality lets...
Introducing constant-time support for LLVM to protect cryptographic code
3 months ago
Trail of Bits has developed constant-time coding support for LLVM, providing developers...