# The Trail of Bits Blog > Trail of Bits is a security research and consulting firm. This blog publishes technical content on software security, cryptography, blockchain security, program analysis, and secure software development. Trail of Bits has been publishing security research since 2012. The blog covers: - Vulnerability research and disclosure - Security tools and techniques (fuzzing, static analysis, symbolic execution) - Blockchain and smart contract security - Cryptography implementation and analysis - AI/ML security - Secure software development practices - Open source security tool releases ## Contact - X/Twitter: [@trailofbits](https://x.com/trailofbits) - Mastodon: [@trailofbits@infosec.exchange](https://infosec.exchange/@trailofbits) - LinkedIn: [trail-of-bits](https://www.linkedin.com/company/trail-of-bits/) - Website: [trailofbits.com](https://www.trailofbits.com) ## Open Source Tools Trail of Bits develops and maintains security tools used across the industry: **Smart Contract Security** (github.com/crytic): - [Slither](https://github.com/crytic/slither): Static analyzer for Solidity and Vyper smart contracts - [Echidna](https://github.com/crytic/echidna): Property-based fuzzer for Ethereum smart contracts - [Medusa](https://github.com/crytic/medusa): Parallelized, coverage-guided smart contract fuzzer - [Building Secure Contracts](https://github.com/crytic/building-secure-contracts): Guidelines and training for secure smart contract development **Program Analysis** (github.com/trailofbits): - [Buttercup](https://github.com/trailofbits/buttercup): AI-powered vulnerability detection and patching - [Fickling](https://github.com/trailofbits/fickling): Python serialization decompiler and static analyzer for ML security - [It-Depends](https://github.com/trailofbits/it-depends): Dependency graph and SBOM generator - [Semgrep Rules](https://github.com/trailofbits/semgrep-rules): Security-focused static analysis queries ## Featured Posts Foundational posts that define our approach to security: - [ECDSA: Handle with Care](https://blog.trailofbits.com/2020/06/11/ecdsa-handle-with-care/): Widely-cited guide to cryptographic pitfalls in ECDSA implementations - [Announcing the Trail of Bits Testing Handbook](https://blog.trailofbits.com/2023/07/26/announcing-the-trail-of-bits-testing-handbook/): Comprehensive methodology for security testing - [Our audit of PyPI](https://blog.trailofbits.com/2023/11/14/our-audit-of-pypi/): Security assessment of Python's package infrastructure - [Unleashing Medusa](https://blog.trailofbits.com/2025/02/14/unleashing-medusa-fast-and-scalable-smart-contract-fuzzing/): Fast, parallelized smart contract fuzzing - [Threat modeling the Trail of Bits way](https://blog.trailofbits.com/2025/02/28/threat-modeling-the-trail-of-bits-way/): Our systematic approach to identifying security risks - [Prompt injection to RCE in AI agents](https://blog.trailofbits.com/2025/10/22/prompt-injection-to-rce-in-ai-agents/): How prompt injection can lead to code execution ## Feeds - [RSS Feed](https://blog.trailofbits.com/index.xml): Full blog feed with all posts - [JSON Feed](https://blog.trailofbits.com/index.json): Machine-readable post index for search ## Categories Major topic areas (10+ posts): - [aixcc](https://blog.trailofbits.com/categories/aixcc/): 11 posts - [apple](https://blog.trailofbits.com/categories/apple/): 13 posts - [application-security](https://blog.trailofbits.com/categories/application-security/): 21 posts - [attacks](https://blog.trailofbits.com/categories/attacks/): 17 posts - [audits](https://blog.trailofbits.com/categories/audits/): 16 posts - [binary-ninja](https://blog.trailofbits.com/categories/binary-ninja/): 15 posts - [blockchain](https://blog.trailofbits.com/categories/blockchain/): 102 posts - [capture-the-flag](https://blog.trailofbits.com/categories/capture-the-flag/): 12 posts - [compilers](https://blog.trailofbits.com/categories/compilers/): 36 posts - [conferences](https://blog.trailofbits.com/categories/conferences/): 35 posts - [cryptography](https://blog.trailofbits.com/categories/cryptography/): 88 posts - [darpa](https://blog.trailofbits.com/categories/darpa/): 31 posts - [dynamic-analysis](https://blog.trailofbits.com/categories/dynamic-analysis/): 14 posts - [ecosystem-security](https://blog.trailofbits.com/categories/ecosystem-security/): 12 posts - [education](https://blog.trailofbits.com/categories/education/): 18 posts - [engineering-practice](https://blog.trailofbits.com/categories/engineering-practice/): 25 posts - [exploits](https://blog.trailofbits.com/categories/exploits/): 38 posts - [fuzzing](https://blog.trailofbits.com/categories/fuzzing/): 51 posts - [go](https://blog.trailofbits.com/categories/go/): 12 posts - [guides](https://blog.trailofbits.com/categories/guides/): 16 posts - [internship-projects](https://blog.trailofbits.com/categories/internship-projects/): 46 posts - [linux](https://blog.trailofbits.com/categories/linux/): 10 posts - [machine-learning](https://blog.trailofbits.com/categories/machine-learning/): 51 posts - [manticore](https://blog.trailofbits.com/categories/manticore/): 17 posts - [mcsema](https://blog.trailofbits.com/categories/mcsema/): 11 posts - [meta](https://blog.trailofbits.com/categories/meta/): 13 posts - [mitigations](https://blog.trailofbits.com/categories/mitigations/): 12 posts - [open-source](https://blog.trailofbits.com/categories/open-source/): 36 posts - [osquery](https://blog.trailofbits.com/categories/osquery/): 23 posts - [paper-review](https://blog.trailofbits.com/categories/paper-review/): 11 posts - [people](https://blog.trailofbits.com/categories/people/): 17 posts - [policy](https://blog.trailofbits.com/categories/policy/): 13 posts - [press-release](https://blog.trailofbits.com/categories/press-release/): 29 posts - [program-analysis](https://blog.trailofbits.com/categories/program-analysis/): 23 posts - [research-practice](https://blog.trailofbits.com/categories/research-practice/): 46 posts - [reversing](https://blog.trailofbits.com/categories/reversing/): 20 posts - [sponsorships](https://blog.trailofbits.com/categories/sponsorships/): 13 posts - [static-analysis](https://blog.trailofbits.com/categories/static-analysis/): 40 posts - [supply-chain](https://blog.trailofbits.com/categories/supply-chain/): 17 posts - [symbolic-execution](https://blog.trailofbits.com/categories/symbolic-execution/): 18 posts - [tool-release](https://blog.trailofbits.com/categories/tool-release/): 19 posts - [vulnerabilities](https://blog.trailofbits.com/categories/vulnerabilities/): 14 posts - [vulnerability-disclosure](https://blog.trailofbits.com/categories/vulnerability-disclosure/): 28 posts - [zero-knowledge](https://blog.trailofbits.com/categories/zero-knowledge/): 13 posts ## Optional - [All Categories](https://blog.trailofbits.com/categories/): Browse all topics - [Authors](https://blog.trailofbits.com/authors/): Browse posts by author