RL SSCS Report: A 2025 retrospective
ReversingLabs looked at last year’s Software Supply Chain Security Report in the rear-view mirror. Here’s what RL got right — and wrong.
Carolynn van Arsdale
Writer, ReversingLabs. Carolynn is a reporter, writer, and researcher in the cybersecurity space. She has written for several publications, such as The Security Ledger and Security Boulevard. She has been involved in podcast and event production, and now produces ConversingLabs, a ReversingLabs podcast. Prior to joining ReversingLabs, Carolynn held communication roles in the non-profit and higher education spaces. Her official title at ReversingLabs is Manager, Content Marketing.
Posts from Carolynn van Arsdale
RL SSCS Report: A 2025 retrospective
RL SSCS Report 2026: A guidance timeline
Here are the guidelines, mandates, frameworks, and goals that have refined software supply chain security policy.
RL SSCS Report 2026: 5 key takeaways
OSS and dev tools are targets as AI risk rises. Learn more in the Software Supply Chain Security Report 2026.
SharePoint zero-day: What we know
The software supply chain incident highlights how quickly threat actors can turn newly revealed vulnerabilities into widespread attacks.
Why complex binary analysis is an essential tool for TPSRM
Software procurement is risky business. Learn why outdated tooling doesn’t cut it — and how modern technologies can provide much-needed transparency.
What is the xBOM?
Understand the difference between the SBOM and xBOM — and how it impacts software supply chain security.
Verizon 2025 DBIR: Third-party software risk takes the spotlight
The latest Data Breach Investigations Report puts the focus squarely on third-party risk. Here’s what you need to know.
The race to secure the AI/ML supply chain is on — get out front
Software supply chain risks from artificial intelligence and machine learning are getting real. Here are key insights from RL’s new report.
CVEs lose relevance: Get proactive — and think beyond vulnerabilities
More cracks in the NVD emerge, making the CVE system less useful. Shift your approach to keep up with software risk.