Roy Blit

Legit Security Blog

In this blog series, we will uncover the details of SLSA provenance which refers to the ability to trust the authenticity of artifacts. SLSA (Supply chain Levels for Software Artifacts) is focused on protecting software from source through its deployment by allowing users to make automated decisions about the integrity ... Read More

Toyota Motor Corporation recently suffered a data breach due to a mistakenly exposed access key on GitHub. That hardcoded access key evaded detection for five years! This news joined a long line of headlines about the damage caused by hardcoding secrets in code and how it can lead to a ... Read More

On March 29th, 2023, it was published that 3CX, the international VoIP IPBX software, was under an ongoing software supply chain attack. The attackers had trojanized the 3CX communication installer software, reportedly used by over 12 million users daily. Several endpoint security vendors, such as SentinelOne and CrowdStrike, identified this ... Read More

We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data exposure - many of which result from bad source code management (SCM) system configurations. Legitify, the open-source security tool we recently announced, is rapidly gaining popularity because it helps users ... Read More

OpenSSL has announced a critical fix in version 3.0.7 to be released Nov 1, 2022. It means that on Tuesday Nov 1 the race will start between those who patch and those who exploit. In this blog post, we’ll summarize all the necessary information required to make sure you can ... Read More

We’re pleased to announce the launch of Legitify – an open-source security tool for GitHub users to automatically discover and remediate insecure GitHub configurations, at scale ... Read More