Trail of Bits Blog
Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and products. We combine high-end security research with a real world attacker mentality to reduce risk and fortify code.
Provisioning cloud infrastructure the wrong way, but faster
By Artem Dinaburg Today we’re going to provision some cloud infrastructure the Max Power way: by combining automation with unchecked AI output. Unfortunately, this method produces cloud infrastructure code that 1) works ...
“YOLO” is not a valid hash construction
By Opal Wright Among the cryptographic missteps we see at Trail of Bits, “let’s build our own tool out of a hash function” is one of the most common. Clients have a ...
We wrote the code, and the code won
By Tjaden Hess Earlier this week, NIST officially announced three standards specifying FIPS-approved algorithms for post-quantum cryptography. The Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) is one of these standardized algorithms. The Trail ...
Trail of Bits Advances to AIxCC Finals
Trail of Bits has qualified for the final round of DARPA’s AI Cyber Challenge (AIxCC)! Our Cyber Reasoning System, Buttercup, placed in the top 7 out of 39 teams competing in the ...
Trail of Bits’ Buttercup heads to DARPA’s AIxCC
With DARPA’s AI Cyber Challenge (AIxCC) semifinal starting today at DEF CON 2024, we want to introduce Buttercup, our AIxCC submission. Buttercup is a Cyber Reasoning System (CRS) that combines conventional cybersecurity ...
Cloud cryptography demystified: Google Cloud Platform
By Scott Arciszewski This post, the second in our series on cryptography in the cloud, provides an overview of the cloud cryptography services offered within Google Cloud Platform (GCP): when to use ...
Our audit of Homebrew
By William Woodruff This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself (home of ...
Our crypto experts answer 10 key questions
By Justin Jacob Cryptography is a fundamental part of electronics and the internet that helps secure credit cards, cell phones, web browsing (fingers crossed you’re using TLS!), and even top-secret military data ...
Announcing AES-GEM (AES with Galois Extended Mode)
By Scott Arciszewski Today, AES-GCM is one of two cipher modes used by TLS 1.3 (the other being ChaCha20-Poly1305) and the preferred method for encrypting data in FIPS-validated modules. But despite its ...
Trail of Bits named a leader in cybersecurity consulting services
Trail of Bits has been recognized as a leader in cybersecurity consulting services according to The Forrester Wave™: Cybersecurity Consulting Services, Q2 2024. In this evaluation, we were compared against 14 other ...