audits
How to Conduct an Internal Audit: A Comprehensive Guide
In today’s digital age, external compliance audits and third-party attestations (e.g., SOC 2) have become increasingly crucial in B2B purchase decisions. Not only do they provide an objective third-party verification of a ...
Cryptographic design review of Ockam
By Marc Ilunga, Jim Miller, Fredrik Dahlgren, and Joop van de Pol In October 2023, Ockam hired Trail of Bits to review the design of its product, a set of protocols that ...
Internet freedom with the Open Technology Fund
By Spencer Michaels, William Woodruff, Jeff Braswell, and Cliff Smith Trail of Bits cares about internet freedom, and one of our most valued partners in pursuit of that goal is the Open ...
SOC 2 Audit Checklist: Key Steps to Get You From Start to Finish
The SOC 2 audit — an audit intended to assess the data protection practices of technology vendors and other service providers — has become a standard tool in modern risk management. Large ...
Security flaws in an SSO plugin for Caddy
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web ...
ISO 27001 Implementation Checklist: 10 Tips to Become Certification Ready
ISO/IEC 27001 is an information security standard designed and regulated by the International Organization for Standardization, and while it isn’t legally mandated, having the certification is essential for securing contracts with large ...
Evaluating blockchain security maturity
By Josselin Feist, Blockchain Engineering Director Holistic security reviews should reveal far more than simple bugs. Often, these bugs indicate deeper issues that can be challenging to understand and address. Given the ...
Typos that omit security features and how to test for them
By Dominik ‘disconnect3d’ Czarnota During a security audit, I discovered an easy-to-miss typo that unintentionally failed to enable _FORTIFY_SOURCE, which helps detect memory corruption bugs in incorrectly used C functions. We searched, ...
How to Remediate Your Audit Findings
So, your company has undergone a compliance audit, and — don’t faint from surprise here — it came ... Read More The post How to Remediate Your Audit Findings appeared first on ...
We need a new way to measure AI security
Tl;dr: Trail of Bits has launched a practice focused on machine learning and artificial intelligence, bringing together safety and security methodologies to create a new risk assessment and assurance program. This program ...
