Vulnerability transparency: strengthening security through responsible disclosure

In an era where digital threats evolve faster than ever, cybersecurity isn't just a back-office concern — it's a critical business priority. At Cloudflare, we understand the responsibility that comes with operating in a connected world. As part of our ongoing commitment to security and transparency, Cloudflare is proud to have joined the United States Cybersecurity and Infrastructure Security Agency’s (CISA) “Secure by Design” pledge in May 2024. 

By signing this pledge, Cloudflare joins a growing coalition of companies committed to strengthening the resilience of the digital ecosystem. This isn’t just symbolic — it's a concrete step in aligning with cybersecurity best practices and our commitment to protect our customers, partners, and data. 

A central goal in CISA’s Secure by Design pledge is promoting transparency in vulnerability reporting. This initiative underscores the importance of proactive security practices and emphasizes transparency in vulnerability management — values that are deeply embedded in Cloudflare’s Product Security program. ​We believe that openness around vulnerabilities is foundational to earning and maintaining the trust of our customers, partners, and the broader security community.

Why transparency in vulnerability reporting matters

Transparency in vulnerability reporting is essential for building trust between companies and customers. In 2008, Continue reading

Deep Learning for Network Engineers: Understanding Traffic Patterns and Network Requirements in the AI Data Center

 

About This Book

Several excellent books have been published over the past decade on Deep Learning (DL) and Datacenter Networking. However, I have not found a book that covers these topics together—as an integrated deep learning training system—while also highlighting the architecture of the datacenter network, especially the backend network, and the demands it must meet.

This book aims to bridge that gap by offering insights into how Deep Learning workloads interact with and influence datacenter network design.

So, what is Deep Learning?

Deep Learning is a subfield of Machine Learning (ML), which itself is a part of the broader concept of Artificial Intelligence (AI). Unlike traditional software systems where machines follow explicitly programmed instructions, Deep Learning enables machines to learn from data without manual rule-setting.

At its core, Deep Learning is about training artificial neural networks. These networks are mathematical models composed of layers of artificial neurons. Different types of networks suit different tasks—Convolutional Neural Networks (CNNs) for image recognition, and Large Language Models (LLMs) for natural language processing, to name a few.

Training a neural network involves feeding it labeled data and adjusting its internal parameters through a process called backpropagation. During the forward pass, the model Continue reading

Forget IPs: using cryptography to verify bot and agent traffic

With the rise of traffic from AI agents, what’s considered a bot is no longer clear-cut. There are some clearly malicious bots, like ones that DoS your site or do credential stuffing, and ones that most site owners do want to interact with their site, like the bot that indexes your site for a search engine, or ones that fetch RSS feeds.      

Historically, Cloudflare has relied on two main signals to verify legitimate web crawlers from other types of automated traffic: user agent headers and IP addresses. The User-Agent header allows bot developers to identify themselves, i.e. MyBotCrawler/1.1. However, user agent headers alone are easily spoofed and are therefore insufficient for reliable identification. To address this, user agent checks are often supplemented with IP address validation, the inspection of published IP address ranges to confirm a crawler's authenticity. However, the logic around IP address ranges representing a product or group of users is brittle – connections from the crawling service might be shared by multiple users, such as in the case of privacy proxies and VPNs, and these ranges, often maintained by cloud providers, change over time.

Cloudflare will always try to block malicious bots, but Continue reading

Intel Xeon 6 CPUs Carve Out Their Territory In AI, HPC

IT environments today have a passing resemblance to those from 15 or 20 years ago, when enterprise workloads mostly ran on industry standard servers connected through networks and into storage systems that were all contained within the four walls of a datacenter, where performance as the name of the game and was protected by a perimeter of security designed to keep the bad guys out.

Intel Xeon 6 CPUs Carve Out Their Territory In AI, HPC was written by Timothy Prickett Morgan at The Next Platform.

Taking On VMware, HPE Mashes Up VM Essentials With Morpheus Cloud Controller

The rapid changes Broadcom instituted after buying virtualization stalwart VMware for $61 billion in late 2023 continue to shape the virtualization and cloud spaces, with some enterprises facing significant higher pricing, new licensing plans, and bunding options looking for alternatives, vendors offering them alternatives, and companies rolling out plans to help with the migrations.

Taking On VMware, HPE Mashes Up VM Essentials With Morpheus Cloud Controller was written by Jeffrey Burt at The Next Platform.

Response: CLI Is an API

Andrew Yourtchenko and Dr. Tony Przygienda left wonderful comments to my Screen Scraping in 2025 blog post, but unfortunately they prefer commenting on a closed platform with ephemeral content; the only way to make their thoughts available to a wider audience is by reposting them. Andrew first:

I keep saying CLI is an API. However, it is much simpler and an easier way to adapt to the changes, if these three conditions are met:

Read more …

Saudi Arabia Has The Wealth – And Desire – To Become An AI Player

The oil barons of the Middle East have been trying to diversify out of carbon fuels and into other parts of the global economy for decades, but artificial intelligence may be a game that only hyperscalers, cloud builders, and Middle East sovereign wealth funds can play at the highest levels and maybe, in the long run, only the latter can tilt the AI playing field to their advantage.

Saudi Arabia Has The Wealth – And Desire – To Become An AI Player was written by Timothy Prickett Morgan at The Next Platform.

Creating, Modifying, and Deleting Data in Infrahub Using the Python SDK

Creating, Modifying, and Deleting Data in Infrahub Using the Python SDK

The Infrahub Python SDK allows you to interact with Infrahub programmatically and can be used to query, create, modify, and delete data. In a previous blog post, we looked at how to query data using the Python SDK and explored various examples, including filters, relationships, and how to retrieve related data.

Originally published under - https://www.opsmill.com/infrahub-python-sdk-create-modify-delete/

In this post, we’ll focus on how to create, modify, delete and upsert data using the SDK. We’ll walk through practical examples that show how to add new resources, update existing ones, and delete data from Infrahub.

Throughout this post, we’ll be using the Infrahub sandbox, which is freely available. The sandbox already has some data in it, so if you’d like to follow along or try this yourself, you can use it without needing to set up anything.

Initial Setup

In the previous post, we covered the basics of using the Python SDK, including how to install it and set up the client object. If you’re new to the SDK, I recommend going back to that first article to start from the install.

To get started today, I’ve generated an API token on the Infrahub demo instance Continue reading

PP062: Hunting for Host Security and Performance Issues with Stratoshark

Stratoshark is a new tool from the Wireshark Foundation that analyzes system calls on a host. Network, security, and application teams can use Stratoshark to diagnose performance issues and investigate behavior that may indicate malware or other compromises of the host. On today’s Packet Protector we talk with Gerald Combs of the Wireshark Foundation about... Read more »

Armv9 Architecture Helps Lift Arm To New Financial Heights

The Armv9 architecture has a lot of technical enhancements to commend it, but as far as Arm Holdings, the creator and licensor of the Arm architecture, is concerned one of the best features of Armv9, which was first unveiled four years ago, is that it comes with a higher royalty fee than prior Armv7 and Armv8 architectures.

Armv9 Architecture Helps Lift Arm To New Financial Heights was written by Timothy Prickett Morgan at The Next Platform.

netlab 2.0.0: Hosts, Bridges, and SRv6

netlab release 2.0.0 is out. I spent the whole week fixing bugs and running integration tests, so I’m too brain-dead to go into the details. These are the major features we added (more about them in a few days; the details are in the release notes):

Other changes include:

Read more …

TNO028: Move From Monitoring to Full Internet Stack Observability: New Strategies for NetOps (Sponsored)

Network monitoring, Internet monitoring, and observability are all key components of NetOps. We speak with sponsor Catchpoint to understand how Catchpoint can help network operators proactively identify and resolve issues before they impact customers. We discuss past and current network monitoring strategies and the challenges that operators face with both on-prem and cloud monitoring, along... Read more »
1 2 3 3,784