Blog | ReversingLabs (11)

July 23, 2024

Secure by Default: Lock down your development for better AppSec

Secure by Design's cousin can help make software more secure out of the box by adding guardrails to development. Here's how it helps — and its limitation

July 18, 2024

The top AppSec Substacks to follow

Rev up your application security and software supply chain security engines by subscribing to these six practitioner-curated Substacks.

July 17, 2024

How RL Spectra Assure Analyzes Reproducible Builds to Find Compromises

Early detection of software build tampering is key. Here's how RL's software supply chain security platform delivers this critical pre-release check.

July 16, 2024

AppSec alert fatigue: 4 ways to reduce burnout — and boost security

Tool sprawl is making alert fatigue a major problem for teams responsible for application security. Here are four ways to combat it in your organization.

July 11, 2024

Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs

Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.

July 10, 2024

The state of DevSecOps: Why upgrading your AppSec tooling is essential

Here's what's holding DevSecOps back — and why modernizing your application security tooling is critical in the software supply chain security era.

July 9, 2024

Three Pillars to Strengthen Software Supply Chain Security

In a new report, Gartner® is redefining software supply chain security and calling on enterprises to make some big changes.

June 28, 2024

The Polyfill.io vulnerability: Software supply chain attack lessons

The compromise of the widely used Pollyfill.io CDN contains important lessons for organizations on trust.

June 27, 2024

OASIS Open's push for a software supply chain standard: All together now?

The aim is to build a unifying framework for existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. Experts weigh in with key insights.

June 26, 2024

Malicious npm package targets AWS users

The package's history is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.