RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Why RL Built Spectra Assure Community
April 14, 2026

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
AppSec & Supply Chain SecurityJune 21, 2023

MITRE’s System of Trust: A discussion about standardizing software supply chain risk

Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.

smiling woman with glasses
Carolynn van Arsdale, Writer, ReversingLabs.Carolynn van Arsdale
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
conversinglabs podcast card creating the standard for supply chain risk

The supply chains for developing software have become more complex than ever before, with an increasing number of stakeholders — as well as the number of components in today’s software products. Alongside this increase in supply chain complexity, there has been a dramatic uptick in attacks on these supply chains. News headlines frequently tout new software supply chain attacks, making end users and stakeholders concerned with the security and integrity of the software products they depend on. 

For stakeholders to build greater trust with the products they are using, software development organizations need to communicate what risks their software products pose to end users. But many obstacles stand in the way. Chief among them: The lack of a common language to discuss software supply chain risk, which prohibits stakeholders from becoming more trustworthy of the software they rely on, said Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric.

We do not have a common language when speaking about risk and it's not only cyber risk. We are facing so much business risk with resilience and, how does everything affect it?

Cassie Crossley

MITRE’s System of Trust (SoT), released in 2020, aims to solve that “lack of trust” problem. SoT is a framework for supply chain security risk assessment that organizations of all kinds can use to assess their products, and communicate with stakeholders on their security posture. SoT establishes a  consistent language and review processes that upholds standardization across the industry.

Learn more: MITRE’s System of Trust: A proposed standard for software supply chain security

How does the System of Trust work? How does it integrate with existing cybersecurity frameworks? At this year’s RSA Conference in San Francisco, ConversingLabs host Paul Roberts sat down Crossley, and Senior Software and Supply Chain Assurance Principal Engineer at MITRE, Robert Martin, to get answers to those questions.

Martin and Crossley presented the most up-to-date version of SoT at RSA. In this conversation, Martin addresses some of the specifics of how SoT works, while Crossley discusses how MITRE’s SoT has proven to be highly beneficial for Schneider Electric. 

Here is their full conversation on ConversingLabs:

The ConversingLabs episode is available to watch on-demand here — or listen to wherever you get your podcasts. 

Keep learning

  • Get up to speed on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar to discussing the findings.
  • Learn why binary analysis is a must-have in the Gartner® CISO Playbook for Commercial Software Supply Chain Security.
  • Take action on securing AI/ML with our report: AI Is the Supply Chain. Plus: See RL's research on nullifAI and watch how RL discovered the novel threat.
  • Get the report: Go Beyond the SBOM. Plus: See the CycloneDX xBOM webinar.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Tags:AppSec & Supply Chain Security

More Blog Posts

NVD enrichment

Selective NVD enrichment: Why it matters

AI vulnerability reporting is overwhelming teams — and NIST. But for AppSec, scaling back analysis is cause for alarm.

Learn More about Selective NVD enrichment: Why it matters
Selective NVD enrichment: Why it matters
math strategy

How Mythos changes the AppSec calculus

Here are the facts on Claude Mythos — and why a layered application security framework is essential.

Learn More about How Mythos changes the AppSec calculus
How Mythos changes the AppSec calculus
Trust model flips

How agentic AI flips the trust model

As AppSec shifts focus from the components to data, your strategy needs updating. Are you on top of your trust debt?

Learn More about How agentic AI flips the trust model
How agentic AI flips the trust model
MCP attacks

MCP rug-pull attack worries mount

This new class of AI tool supply chain attack highlights how trust of agents can be exploited.

Learn More about MCP rug-pull attack worries mount
MCP rug-pull attack worries mount

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top