The Trail of Bits Blog

# The Trail of Bits Blog > Trail of Bits is a security research and consulting firm. This blog publishes technical content on software security, cryptography, blockchain security, program analysis, and secure software development. Trail of Bits has been publishing security research since 2012. The blog covers: - Vulnerability research and disclosure - Security tools and techniques (fuzzing, static analysis, symbolic execution) - Blockchain and smart contract security - Cryptography implementation and analysis - AI/ML security - Secure software development practices - Open source security tool releases ## Contact - X/Twitter: [@trailofbits](https://x.com/trailofbits) - Mastodon: [@trailofbits@infosec.exchange](https://infosec.exchange/@trailofbits) - LinkedIn: [trail-of-bits](https://www.linkedin.com/company/trail-of-bits/) - Website: [trailofbits.com](https://www.trailofbits.com) ## Open Source Tools Trail of Bits develops and maintains security tools used across the industry: **Smart Contract Security** (github.com/crytic): - [Slither](https://github.com/crytic/slither): Static analyzer for Solidity and Vyper smart contracts - [Echidna](https://github.com/crytic/echidna): Property-based fuzzer for Ethereum smart contracts - [Medusa](https://github.com/crytic/medusa): Parallelized, coverage-guided smart contract fuzzer - [Building Secure Contracts](https://github.com/crytic/building-secure-contracts): Guidelines and training for secure smart contract development **Program Analysis** (github.com/trailofbits): - [Buttercup](https://github.com/trailofbits/buttercup): AI-powered vulnerability detection and patching - [Fickling](https://github.com/trailofbits/fickling): Python serialization decompiler and static analyzer for ML security - [It-Depends](https://github.com/trailofbits/it-depends): Dependency graph and SBOM generator - [Semgrep Rules](https://github.com/trailofbits/semgrep-rules): Security-focused static analysis queries ## Featured Posts Foundati