Security audit of Mithril Security BlindAI

Mithril Security engaged a collaboration with Quarkslab to perform an audit of the BlindAI-preview, now known as BlindAI Core, which is an open-source confidential computing solution for querying and deploying AI models while guaranteeing data privacy. The goal of the audit was to evaluate the BlindAI resiliency based on the definition of a threat model after a refresh on the latest state-of-the-art.

more ...






Audit of Falco, the open-source cloud-native runtime security

Falco's maintainers, with support from Cloud Native Computing Foundation, engaged with Quarkslab to perform an audit of Falco, an open-source cloud-native runtime security tool. The goal of the audit was to assist the Falco maintainers to increase their security posture using static and dynamic analysis (fuzzing in particular) and was organized by Open Source Technology Improvement Fund, Inc.

more ...

Vulnerabilities in the TPM 2.0 reference implementation code

In this blog post we discuss the details of two vulnerabilities we discovered in the Trusted Platform Module (TPM) 2.0 reference implementation code. These two vulnerabilities, an out-of-bounds write (CVE-2023-1017) and an out-of-bounds read (CVE-2023-1018), affected several TPM 2.0 software implementations (such as the ones used by virtualization software) as well as a number of hardware TPMs.

more ...