Blog | ReversingLabs | John P. Mello Jr. (8)

May 22, 2023

Too costly to fail — and about to get costlier: Why software security matters

Software supply chains attack costs could exceed $80.6B by 2026, a 76% increase over 2023 losses of $45.8B, research firm finds. Here's a full rundown.

May 9, 2023

SLSA 1.0 delivers build provenance: What application security teams need to know

OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.

April 27, 2023

CISA Secure by Design: 'It's a starting point, not an endpoint'

Here's what experts say about the CISA Secure by Design initiative's potential impact on software supply chain security — and security operations.

April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.

April 5, 2023

CISA Cybersecurity Performance Goals update: Key changes and additions

CISA has better aligned the CPGs with NIST's Cybersecurity Framework, and added software supply chain goals. Here's what to know — and key insights.

March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.

March 20, 2023

Application security practices are maturing — but it's a work in progress

While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.

March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.

February 21, 2023

OSC&R targets software supply chain attacks

Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.

February 13, 2023

Why knowing the "ground truth" is key to software security

Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.

January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks.

November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Too costly to fail — and about to get costlier: Why software security matters

SLSA 1.0 delivers build provenance: What application security teams need to know

CISA Secure by Design: 'It's a starting point, not an endpoint'

OSC&R embraces GitHub: Will it move the needle on supply chain security?

CISA Cybersecurity Performance Goals update: Key changes and additions

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Application security practices are maturing — but it's a work in progress

PyPI repo poisoned with "Colour-Blind" RAT

OSC&R targets software supply chain attacks

Why knowing the "ground truth" is key to software security

10 software supply chain attacks you can learn from

GitHub repojacking attack: 10 lessons for software teams

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports