RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
2026-06-18_Forrester & RL Upcoming Webinar

Forrester Names RL in Agentic Development Security Market

The new landscape report maps 35 vendors addressing an emerging category of risk: AI agents writing insecure code at machine speed.

Read More about Forrester Names RL in Agentic Development Security Market
Forrester Names RL in Agentic Development Security Market

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
AppSec & Supply Chain SecuritySeptember 20, 2021

Expanding Security Visibility To Reduce Software Supply Chain Risk

No doubt about it, the way malicious actors attack their targets through software is changing.

jasmine noel black and white headshot
Jasmine Noel, Senior Product Marketing Manager at ReversingLabs.Jasmine Noel
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
Expanding Security Visibility To Reduce Software Supply Chain Risk

The attack pattern we’re familiar with is fairly direct. Someone finds a vulnerability in deployed software. Malicious actors develop malware to exploit the weakness. They then find a way to reach the deployed software within target companies and use the malware as part of their attack until a patch is deployed. Our defenses against this type of attack have been twofold.

On one side, software buyers use malware detection and response tools on user email, web applications, endpoints, cloud or network file storage to block malware from entering their environments. By blocking known exploits, enterprises prevent some attacks and limit the dwell time for others.

On the other side, software publishers incorporate vulnerability testing and software composition analysis earlier in their development lifecycles and prioritize remediation and mitigation efforts for existing and newly created vulnerabilities. For the most part, vulnerability scanners look for coding patterns or mistakes that make software vulnerable i.e. that leave holes for attackers to reach inside and start manipulating the software or system it runs on to achieve their objectives.

While these defenses aren’t perfect, they have made it harder to reach high-value target companies. Therefore malicious actors looked for alternative ways to reach their targets – by tampering with software supplied by trusted vendors.

The risk posed is unnerving since ENISA’s analysis of software supply chain attacks from Jan 2020 through Jul 2021 reported that “an organization could be vulnerable to a supply chain attack even when its own defenses are quite good.” In other words, finding and patching software vulnerabilities isn’t sufficient for dealing with the more sophisticated supply chain risks.

To understand why and what to do about it, we first must understand the differences between software vulnerability detection and finding software tampering. Hence my webinar on the topic, which will also cover indicators that must be detected, what software artifacts must be assessed, and when assessments must occur.

If you missed the “3 Ways Detecting Software Tampering Differs From Finding Software Vulnerabilities” webinar, you can now watch it on-demand here.

3 ways detecting software tampering differs from finding software vulnerabilities

Keep learning

  • Get up to speed on the Agentic Development Security tools landscape in this June 18 webinar with Forrester Sr. Analyst Janet Worthington.
  • Learn why binary analysis is a must-have control in the Gartner® CISO Playbook for Commercial Software Supply Chain Security.
  • Take a deep dive on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar discussing the findings.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Tags:AppSec & Supply Chain Security

More Blog Posts

Out front in race

Get ahead of frontier AI: 5 AppSec strategy upgrades

Frontier AI is collapsing the time from vulnerability discovery to exploit. Here are 5 ways to update your AppSec before it hits.

Learn More about Get ahead of frontier AI: 5 AppSec strategy upgrades
Get ahead of frontier AI: 5 AppSec strategy upgrades
Noise to signal

CVE noise drowns out supply chain threats

48,000 CVEs were reported in 2025 — but just 58 were critical. A new report highlights why signal-to-noise ratio matters for AppSec.

Learn More about CVE noise drowns out supply chain threats
CVE noise drowns out supply chain threats
Shift lanes

5 lessons from vulnerability management's front lines

VM success is determined by findings reaching developers with context — which is getting more challenging. Here's why to shift gears.

Learn More about 5 lessons from vulnerability management's front lines
5 lessons from vulnerability management's front lines
Ransomware

Dependency attack takes down ed-tech platform at scale

The Canvas LMS supply chain compromise — which hit during finals week — shows the impact of cascading attacks.

Learn More about Dependency attack takes down ed-tech platform at scale
Dependency attack takes down ed-tech platform at scale

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top