Blog | ReversingLabs | John P. Mello Jr. (9)

October 25, 2022

The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security

Modern software supply chain security depends on getting your tools right, and focusing on the end-to-end software development lifecycle. Here's what you need to maintain your software development and release and stay secure.

October 24, 2022

SBOMs are critical to AppSec — but only the first step in your journey

SBOMs are key to software supply chain security. But they are also only the first step on your software supply chain journey. Here's what you need to know.

October 11, 2022

Packagist PHP repo supply chain attack: 3 key takeaways

A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.

October 4, 2022

Gartner: Knowing your software's ingredients is critical to managing risk

With third-party sources — and supply chain attacks surging — Gartner expects adoption of SBOMs to go from less than 5% now to 60% in 2025.

September 14, 2022

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.

September 6, 2022

The SBOM is evolving: 4 key trends boosting software supply chain security

Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.

August 18, 2022

6 reasons AppSec teams should shift gears and go beyond legacy vulnerabilities

The NVD represents a minority of software supply chain threats. With attacks surging, teams must shift from legacy vulnerabilities to focusing on malware.

August 12, 2022

NVD Analysis: Why you need to modernize your application security

The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.

August 2, 2022

OpenSSF's open source security mobilization initiative: Inside the 10-point action plan

Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.

June 29, 2022

7 container security best practices

Containers are powerful, but also a challenge to secure. Here's how to protect your containers — and their underlying infrastructure — across your SDLC.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security

SBOMs are critical to AppSec — but only the first step in your journey

Packagist PHP repo supply chain attack: 3 key takeaways

Gartner: Knowing your software's ingredients is critical to managing risk

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

The SBOM is evolving: 4 key trends boosting software supply chain security

6 reasons AppSec teams should shift gears and go beyond legacy vulnerabilities

NVD Analysis: Why you need to modernize your application security

OpenSSF's open source security mobilization initiative: Inside the 10-point action plan

7 container security best practices

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports