RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Mario Vuksan

Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming

The first Magic Quadrant™ for Software Supply Chain Security comes as the demand for greater supply chain visibility explodes.

Read More about Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming
Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outWe're A Visionary
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
Events
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
AppSec & Supply Chain SecurityJune 21, 2023

MITRE’s System of Trust: A discussion about standardizing software supply chain risk

Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.

smiling woman with glasses
Carolynn van Arsdale, Writer, ReversingLabs.Carolynn van Arsdale
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
conversinglabs podcast card creating the standard for supply chain risk

The supply chains for developing software have become more complex than ever before, with an increasing number of stakeholders — as well as the number of components in today’s software products. Alongside this increase in supply chain complexity, there has been a dramatic uptick in attacks on these supply chains. News headlines frequently tout new software supply chain attacks, making end users and stakeholders concerned with the security and integrity of the software products they depend on. 

For stakeholders to build greater trust with the products they are using, software development organizations need to communicate what risks their software products pose to end users. But many obstacles stand in the way. Chief among them: The lack of a common language to discuss software supply chain risk, which prohibits stakeholders from becoming more trustworthy of the software they rely on, said Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric.

We do not have a common language when speaking about risk and it's not only cyber risk. We are facing so much business risk with resilience and, how does everything affect it?

Cassie Crossley

MITRE’s System of Trust (SoT), released in 2020, aims to solve that “lack of trust” problem. SoT is a framework for supply chain security risk assessment that organizations of all kinds can use to assess their products, and communicate with stakeholders on their security posture. SoT establishes a  consistent language and review processes that upholds standardization across the industry.

Learn more: MITRE’s System of Trust: A proposed standard for software supply chain security

How does the System of Trust work? How does it integrate with existing cybersecurity frameworks? At this year’s RSA Conference in San Francisco, ConversingLabs host Paul Roberts sat down Crossley, and Senior Software and Supply Chain Assurance Principal Engineer at MITRE, Robert Martin, to get answers to those questions.

Martin and Crossley presented the most up-to-date version of SoT at RSA. In this conversation, Martin addresses some of the specifics of how SoT works, while Crossley discusses how MITRE’s SoT has proven to be highly beneficial for Schneider Electric. 

Here is their full conversation on ConversingLabs:

The ConversingLabs episode is available to watch on-demand here — or listen to wherever you get your podcasts. 

Keep learning

  • Get up to speed on the Agentic Development Security tools landscape in this June 18 webinar with Forrester Sr. Analyst Janet Worthington.
  • Learn why binary analysis is a must-have control in the Gartner® CISO Playbook for Commercial Software Supply Chain Security.
  • Take a deep dive on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar discussing the findings.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Tags:AppSec & Supply Chain Security

More Blog Posts

Agentic AI architecture

Agentic AI risk isn't a model problem. It's an architecture problem.

Agentic AI is moving the perimeter from components to data — and most strategies aren't built for that.

Learn More about Agentic AI risk isn't a model problem. It's an architecture problem.
Agentic AI risk isn't a model problem. It's an architecture problem.
AI coding agents

The race to secure AI coding: 4 steps to rein agents in

Coding agents are privileged insiders — with keys to CI/CD pipelines even as they give rise to ‘slopsquatting.’ Here’s how to govern them.

Learn More about The race to secure AI coding: 4 steps to rein agents in
The race to secure AI coding: 4 steps to rein agents in
Shai-hulud worm DevOps

Update to npm blocks install scripts: What it means for AppSec

Disabling scripts by default closes the vector worms like Shai-Hulud rely on. Here's what the update fixes — and what it doesn't.

Learn More about Update to npm blocks install scripts: What it means for AppSec
Update to npm blocks install scripts: What it means for AppSec
MCP is the new API

MCP security tracks API's playbook — we know how that ends

The standard connecting AI agents to tools and data leaves security to others. Make it a do-over.

Learn More about MCP security tracks API's playbook — we know how that ends
MCP security tracks API's playbook — we know how that ends

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top