Blog | ReversingLabs | John P. Mello Jr. (7)

August 1, 2023

Rust progress: New threat modeling, tools bolster programming language

Here's why the Rust Foundation Security Initiative's audit and resulting new tooling matter for secure coding — and software supply chain security.

July 31, 2023

WormGPT: Business email compromise amplified by ChatGPT hack

Here's what researchers know about WormGPT — and what your team can do to fight back against this new AI-fueled threat.

July 12, 2023

CycloneDX 1.5: The next big step for SBOMs and software transparency

With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.

July 10, 2023

Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail

Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.

June 20, 2023

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

OWASP is expanding its Top 10 series with a list of Large Language Model (LLM) vulnerabilities. Here's what application security teams need to know.

June 8, 2023

The Gigabyte firmware backdoor: Lessons learned about supply chain security

Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.

May 30, 2023

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.

May 22, 2023

Too costly to fail — and about to get costlier: Why software security matters

Software supply chains attack costs could exceed $80.6B by 2026, a 76% increase over 2023 losses of $45.8B, research firm finds. Here's a full rundown.

May 9, 2023

SLSA 1.0 delivers build provenance: What application security teams need to know

OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.

April 27, 2023

CISA Secure by Design: 'It's a starting point, not an endpoint'

Here's what experts say about the CISA Secure by Design initiative's potential impact on software supply chain security — and security operations.

April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.

April 5, 2023

CISA Cybersecurity Performance Goals update: Key changes and additions

CISA has better aligned the CPGs with NIST's Cybersecurity Framework, and added software supply chain goals. Here's what to know — and key insights.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Rust progress: New threat modeling, tools bolster programming language

WormGPT: Business email compromise amplified by ChatGPT hack

CycloneDX 1.5: The next big step for SBOMs and software transparency

Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

The Gigabyte firmware backdoor: Lessons learned about supply chain security

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

Too costly to fail — and about to get costlier: Why software security matters

SLSA 1.0 delivers build provenance: What application security teams need to know

CISA Secure by Design: 'It's a starting point, not an endpoint'

OSC&R embraces GitHub: Will it move the needle on supply chain security?

CISA Cybersecurity Performance Goals update: Key changes and additions

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports