Blog | ReversingLabs | John P. Mello Jr. (8)

March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.

March 20, 2023

Application security practices are maturing — but it's a work in progress

While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.

March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.

February 21, 2023

OSC&R targets software supply chain attacks

Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.

February 13, 2023

Why knowing the "ground truth" is key to software security

Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.

January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks.

November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

November 7, 2022

5 reasons why you need an SaaSBOM

Here's why your organization should consider a SaaSBOM, as well as the essential challenges facing their implementation.

October 25, 2022

The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security

Modern software supply chain security depends on getting your tools right, and focusing on the end-to-end software development lifecycle. Here's what you need to maintain your software development and release and stay secure.

October 24, 2022

SBOMs are critical to software supply chain security — but only the first step in your journey

SBOMs are key to software supply chain security. But they are also only the first step on your software supply chain journey. Here's what you need to know.

October 11, 2022

Packagist PHP repo supply chain attack: 3 key takeaways

A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.

October 4, 2022

Gartner: Knowing your software's ingredients is critical to managing risk

With third-party sources — and supply chain attacks surging — Gartner expects adoption of SBOMs to go from less than 5% now to 60% in 2025.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Application security practices are maturing — but it's a work in progress

PyPI repo poisoned with "Colour-Blind" RAT

OSC&R targets software supply chain attacks

Why knowing the "ground truth" is key to software security

10 software supply chain attacks you can learn from

GitHub repojacking attack: 10 lessons for software teams

5 reasons why you need an SaaSBOM

The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security

SBOMs are critical to software supply chain security — but only the first step in your journey

Packagist PHP repo supply chain attack: 3 key takeaways

Gartner: Knowing your software's ingredients is critical to managing risk

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports