RoguePuppet software supply chain exposure: Lessons learned
A flaw in Puppet Forge on GitHub could have led to a supply chain disaster matching the scope of the attack on SolarWinds. Here are the key takeaways.
RoguePuppet software supply chain exposure: Lessons learned
RL @ Black Hat: Here’s what to expect
ReversingLabs is returning to Las Vegas for the annual Black Hat USA conference. We’ve got a lot in store for the show, and you can find all of the details below.
'Software Supply Chain Security for Dummies': 3 takeaways for your team
ReversingLabs' new guide is a great starting point for software builders and buyers who are serious about supply chain security.
OSC&R's supply chain risk report: 95% of organizations face severe threat
AppSec risk managers and development teams: Take note of the key takeaways — and expert analysis.
9 SecOps talks you don’t want to miss at Black Hat
SecOps pros are in the hot seat. Here are the top 2024 talks that practitioners and leaders can use to stay up to speed on defending their organizations.
Secure by Default: Lock down your development for better AppSec
Secure by Design's cousin can help make software more secure out of the box by adding guardrails to development. Here's how it helps — and its limitations.
The top AppSec Substacks to follow
Rev up your application security and software supply chain security engines by subscribing to these six practitioner-curated Substacks.
How RL Spectra Assure Analyzes Reproducible Builds to Find Compromises
Early detection of software build environment tampering is key. Here's how RL's software supply chain security platform delivers this critical pre-release check.
AppSec alert fatigue: 4 ways to reduce burnout — and boost security
Tool sprawl is making alert fatigue a major problem for teams responsible for application security. Here are four ways to combat it in your organization.
Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs
Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.
The state of DevSecOps: Why upgrading your AppSec tooling is essential
Here's what's holding DevSecOps back — and why modernizing your application security tooling is critical in the software supply chain security era.
Three Pillars to Strengthen Software Supply Chain Security
In a new report, Gartner® is redefining software supply chain security and calling on enterprises to make some big changes.
The Polyfill.io vulnerability: Software supply chain attack lessons
The compromise of the widely used Polyfill.io CDN contains important lessons for organizations on trust.
OASIS Open's push for a software supply chain standard: All together now?
The aim is to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. Experts weigh in with key insights.
New Portal Helps Devs Spot Malicious Open Source Packages
RL's Spectra Assure Community offers free comprehensive risk assessment of more than 5 million npm, PyPi, and RubyGems packages.