Trail of Bits

Security is only as strong as what we can see. A security audit isn’t just a checkpoint—it’s a commitment to transparency and trust. We partnered with Trail of Bits for a thorough review, and today, we’re sharing the results. Read more: https://lnkd.in/eYpqPQUK

If you're fuzzing C/C++ code and need more customizability, our new Testing Handbook chapter shows you exactly how to set up and use LibAFL - both as a libFuzzer drop-in and as a Rust library. LibAFL Chapter: https://lnkd.in/d7UX25yC LibAFL vs. alternatives: Modular architecture enabling custom fuzzer development Superior performance with near-linear scaling across cores Advanced features like structured fuzzing with AST mutations ???What is the Testing Handbook? Our Testing Handbook is a resource that guides developers and security professionals in configuring, optimizing, and automating many of the static and dynamic analysis tools we use at Trail of Bits. The handbook covers Burpsuite, Semgrep, CodeQL, Fuzzing, and much more!

This past Tuesday, the OpenSSF hosted a Policy Summit in D.C., bringing together industry leaders and open source security experts to address key challenges in securing the software supply chain. Key conclusions from the event: ? AI security remains an emerging challenge ? We should avoid premature AI regulation ? Security guidance is needed for AI developers ? We must balance software repository governance ? Improving package security transparency is paramount Read our announcement for a complete list of outcomes: https://hubs.la/Q03bhgLP0

FHE.org would like to thank Trail of Bits for their sponsorship this year of the FHE.org 2025 conference. We are looking forward to a more secure world with FHE! Sponsorships like Trail of Bits' make it possible to continue to provide a high quality conference with great speakers and to wave registration fees for all students. If you'd also like to sponsor and show your support for the global FHE community, reach out to us at [email protected]. Find out more information about Trail of Bits at https://trailofbits.com Also don't forget to grab your tickets for this coming FHE.org 2025 conference in Sofia, Bulgaria on March 25th at https://lnkd.in/eChK3teX

?? How does OpenSearch compare to Elasticsearch in real-world performance? Trail of Bits has released results from a four-month performance study comparing OpenSearch and Elasticsearch using real-world workloads. ?? OpenSearch v2.17.1 is 1.6x faster than Elasticsearch v8.15.4 on the Big5 workload ?? 11% faster on vector search operations ?? 16.5x faster on date histogram ?? 3.38x faster on terms aggregations The study tested both engines daily on fresh AWS instances, running workloads hundreds to thousands of times over multiple weeks to ensure reliable comparisons. With search performance affecting everything from e-commerce to financial analytics to AI-powered applications, these results highlight meaningful differences. ?? Read the full report: https://hubs.la/Q039PdKR0

A 4-month comparative performance assessment of #OpenSearch and #Elasticsearch conducted by Trail of Bits ?? Way to go OpenSearch Project team on the amazing performance improvements done through the v2.x releases ???? https://lnkd.in/dcGjtymK

Our threat modeling methodology (TRAIL) was featured on Security Weekly Productions #320. What is TRAIL? TRAIL stands for Threat and?Risk?Analysis?Informed?Lifecycle. Our Process: We begin our threat models by building an accurate system model and then define threat scenarios that inform our recommendations, empowering security teams to remediate architecture-level and operational risks. ?? Listen hear: https://lnkd.in/eHQBpA5P ?? Our blog: https://lnkd.in/gQxJbzmj

Trail of Bits has released a comprehensive analysis of OpenSearch performance, focusing on the Big 5 workload. As businesses increasingly rely on powerful search and analytics tools, understanding the capabilities of open-source solutions like OpenSearch becomes crucial. Discover how this Apache V2 Licensed project under the Linux Foundation performs in: ? Lexical search ? Log analytics ? Vector database operations for semantic search and generative AIRead the full analysis to gain valuable insights into OpenSearch's performance metrics and its potential for your data-driven projects. #OpenSearch #PerformanceAnalysis #AITechnology https://lnkd.in/g-4npzRf

We're sponsoring the inaugural Queer in Cryptography conference! Our crypto team is attending and presenting; make sure to say "hi"! ?? Don't miss standout talks today and tomorrow! Opal Wright on elliptic curve depth attacks, medical privacy insights from leading researchers, and Soatok's innovative work on key transparency. https://lnkd.in/g6D6zXUb

We conducted a 4-month comparative performance assessment of OpenSearch and Elasticsearch. We provisioned testing infrastructure on AWS using Terraform for consistent and reproducible deployments. We found that OpenSearch has the edge on test workloads, but that both suites have significant outlier cases. Our blog post: https://lnkd.in/g-4npzRf