Differential analysis raises red flags over @lottiefiles/lottie-player
Three versions of the popular package were infected and used to spread malicious code that was stealing crypto wallet assets.
Differential analysis raises red flags over @lottiefiles/lottie-player
CISA's secure software deployment push: Key takeaways for AppSec teams
To avoid the next CrowdStrike fiasco, CISA and other agencies recommend embracing safe deployment practices earlier in the SDLC. Here's what you need to know.
Gauging the Safety Level of Your Software with Spectra Assure
Quickly understand the current level of software safety, which threats require immediate action, and how the other risks and exposures can be addressed over time.
AppSec vs. product security: Secure by Design demands a strategy shift
Here's why and how to push your application security further into ProdSec — and what that means to achieving the goals of CISA's Secure by Design.
Detecting Malware in ML and LLM Models with Spectra Assure
Securing the Future of Machine Learning
.webp&w=3840&q=75)
Downgrade attacks open patched systems to malware
Researcher Alon Leviev warns that the Microsoft Windows compromise posed risks that were structural — stretching well beyond the specific flaws.
NIST's NICE: 3 ways to adapt the hiring framework for modern threats
NICE is designed to help leaders build better cybersecurity teams. Here's how to put it to work in the software supply chain security era.
Connected car security: Software complexity creates bumps in the road
Here's what you need to know about connected car security initiatives — and key lessons more broadly from software supply chain security's rough ride.
CISO Survival Guide: Commercial Software Supply Chain Risk
Operationalizing Third-Party Software Risk Management with Spectra Assure
Keep your secrets secret: 5 core tips — and a call to action on modernizing
A multilayered approach to prevent secrets exposure is good strategy — but it must include a final check on all software before it goes out the door.
ReversingLabs Product Release Highlights: October 2024
Announcing RL Spectra Analyze version 9.2 and Spectra Detect version 5.2
OWASP's Dependency-Track tool update: Key changes — and limitations
Here's what you need to know about the version 4.12.0 update — and about managing risk from your software, whether it's open source or not.
Strengthening Supply Chains: ReversingLabs Now Integrates with ServiceNow
Elevate your security with seamless SBOM management
Threat modeling and binary analysis: Supercharge your risk strategy
Chris Romeo shares five key ways to merge modeling with modern software supply chain security — and improve your software risk management in the process.
Threat modeling and binary analysis: Supercharge your risk strategy
Chris Romeo shares five key ways to merge modeling with modern software supply chain security — and improve your software risk management in the process.