RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
AppSec & Supply Chain SecurityJuly 18, 2024

The top AppSec Substacks to follow

Rev up your application security and software supply chain security engines by subscribing to these six practitioner-curated Substacks.

samantha schawe black white headshot
Samantha SchaweSamantha Schawe
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
electric engine

Substack is a powerful platform that lets expert practitioners carry out their own publishing. For application security pros looking to keep up with the latest, Substacks hosted by practitioners and the like can help you keep pace across key areas in AppSec and software supply chain security.

Here's our list of Substacks for anyone looking to stay up to speed.

Resilient Cyber (Chris Hughes)

The Resilient Cyber Substack, by Chris Hughes, is a newsletter dedicated to cybersecurity, cloud security, DevSecOps, and software supply chain security. It examines behaviors and patterns that lead to the shadow usage of technologies and how security practices can sometimes be self-defeating, and it brings a particular focus to the security impact of AI. The newsletter offers insights and discussions from various cybersecurity and IT experts, addressing topics such as risk-mitigation practices, vulnerability management, and the future of the cybersecurity industry.

Notable stories include "Bringing Security out of the Shadows," which examines the shadow usage of technologies and the self-defeating aspects of security, and "Public Sector Compliance Conundrums," which addresses the federal and defense communities' challenges in balancing cybersecurity, innovation, and compliance requirements.

Frankly Speaking (Frank Wang)

Frankly Speaking, curated by Frank Wang, is a newsletter that shares insights on various topics related to cybersecurity from the perspective of a security engineer and former venture capitalist. Notable themes include the security challenges brought by the rise of cloud computing and DevOps practices, emphasizing the need for security products that can keep pace with the agility of the cloud. Wang frequently discusses the critical role of developers in security, advocating for the integration of security practices into the software development lifecycle to ensure that security measures align with developers' needs and mindsets.

Wang also provides in-depth analyses of prominent cybersecurity companies, evaluating their strengths, weaknesses, and potential failure modes. Additionally, he explores the future of SIEM (security information and event management) solutions, particularly in light of industry shifts such as the LogRhythm-Exabeam merger and the sale of IBM QRadar, highlighting the necessity for new approaches to security monitoring and analytics in the cloud era.

Securely Built (Derek Fisher)

The Securely Built Substack, curated by Derek Fisher, explores specialized education in application and product security, with an emphasis on software safety. It underscores the need to integrate security into all aspects of technology, from personal device usage and social media interactions to professional productivity applications. Leveraging Fisher's decades of experience in engineering and security, Securely Built aims to support the creation of secure technology and provides resources to help readers improve their security practices.

Notable stories include “SAST Is Dead, Long Live SAST,” which supports the ongoing use of SAST as an essential part of a complete application security strategy but also recognizes its limitations and the necessity of integrating it with other testing methods, and “The Secure Product Lifecycle,” which emphasizes the importance of secure product lifecycle management (SPLM) in managing security risks across various software releases and versions.

The Pragmatic Engineer (Gergely Orosz)

The Pragmatic Engineer, a popular Substack newsletter by Gergely Orosz, offers in-depth insights into the software engineering industry, focusing on both big tech companies and high-growth startups. Highly relevant for software engineers and engineering managers, it provides actionable advice and tools to enhance leadership efficiency. The newsletter delivers an insider's perspective on major tech firms and startups, covering topics such as technical debt, distributed systems, and engineering management practices. It features deep dives into specific software engineering subjects, timely articles on industry trends, and reflections on relevant discussions.

Drawing from Orosz' experiences at Uber, Skype, and Microsoft, the newsletter provides a valuable perspective, along with a growing collection of resources, including checklists and guidelines for engineering managers and software engineers.

Deploy Securely (Walter Haydock)

Walter Haydock, a security researcher and the CEO of StackAware, curates the Deploy Securely newsletter, which focuses on cloud security, DevSecOps, and secure software development practices. It covers topics including cloud security best practices, tools for integrating security into the software development lifecycle, secure coding practices, vulnerability disclosures affecting popular software, and more. The newsletter aims to offer key updates in the rapidly evolving field of cloud security and secure software development.

The Deploy Securely newsletter is as a valuable resource for security professionals, DevOps engineers, and software developers aiming to stay abreast of the latest trends and techniques for building and deploying secure applications in the cloud. By providing insights into emerging threats, best practices, and tools, it empowers its audience to enhance their own security.

The Software Analyst (Francis)

The Software Analyst Newsletter, curated by Francis, specializes in analyzing software companies within the cybersecurity and data infrastructure spaces, especially AI and machine learning (ML). It covers a range of notable topics, including in-depth examinations of cybersecurity firms such as Palo Alto Networks, CrowdStrike, and Zscaler, and it explores data infrastructure and AI/ML companies such as Snowflake, Databricks, and C3.ai, evaluating their technologies, use cases, and market potential. The newsletter also offers insights into emerging trends and technologies in cybersecurity and data infrastructure, such as cloud security, zero-trust architecture, and large language models (LLMs), along with featuring interviews and commentary from industry experts and thought leaders in these domains.

The Software Analyst Newsletter caters to investors, technologists, and anyone interested in these rapidly evolving sectors, offering valuable perspectives on market dynamics, technological innovations, and strategic insights that are crucial for navigating and understanding these industries.

Sign up for RL's Chainmail newsletter

For those more interested in software security, check out our Chainmail newsletter on LinkedIn, which highlights the latest AppSec and software supply chain security news.

Keep learning

  • Get up to speed on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar to discussing the findings.
  • Learn why binary analysis is a must-have in the Gartner® CISO Playbook for Commercial Software Supply Chain Security.
  • Take action on securing AI/ML with our report: AI Is the Supply Chain. Plus: See RL's research on nullifAI and watch how RL discovered the novel threat.
  • Get the report: Go Beyond the SBOM. Plus: See the CycloneDX xBOM webinar.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Tags:AppSec & Supply Chain Security

More Blog Posts

AI coding racing

Can AppSec keep pace with AI coding?

AI lets software teams generate code at a rate faster than security can validate it. One way to win the race: more AI.

Learn More about Can AppSec keep pace with AI coding?
Can AppSec keep pace with AI coding?
Finger on map

LLMmap puts its finger on ML attacks

Researchers show how LLM fingerprinting can be used to automate generation of customized attacks.

Learn More about LLMmap puts its finger on ML attacks
LLMmap puts its finger on ML attacks
Vibeware bad vibes

Vibeware: More than bad vibes for AppSec

Threat actors are leveraging the freewheeling vibe-coding trend to deliver malicious software at scale.

Learn More about Vibeware: More than bad vibes for AppSec
Vibeware: More than bad vibes for AppSec
CRA accelerates advantage

The CRA is coming: Are you ready?

Here's how the EU's Cyber Resilience Act will reshape the software industry — and how that accelerates advantages.

Learn More about The CRA is coming: Are you ready?
The CRA is coming: Are you ready?

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top