March 14, 2023

Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

ReversingLabs is giving dev and app sec teams something new: broader visibility into software supply chain risks — and data-driven prioritization to automatically suppress third-party secrets and other false positive results.

Read More about Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

March 13, 2023

Fixing secrets leaks requires holistic software stack protection

The recent hacks at CircleCI and other organizations show that your software supply chain may be a grab bag of software secrets. Only an end-to-end security approach can solve the problem.

Read More about Fixing secrets leaks requires holistic software stack protection

Fixing secrets leaks requires holistic software stack protection

March 13, 2023

When it comes to financial services, mind the gaps in your AppSec testing

Why you need to upgrade to software supply chain security: Adversaries can compromise your organization without comprehensive malware identification.

Read More about When it comes to financial services, mind the gaps in your AppSec testing

When it comes to financial services, mind the gaps in your AppSec testing

March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts

Read More about PyPI repo poisoned with "Colour-Blind" RAT

PyPI repo poisoned with "Colour-Blind" RAT

March 9, 2023

The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

March 8, 2023

Why software transparency is critical: Understanding supply chain security in a software-driven society

Here's an overview of our upcoming book, with highlights and key takeaways from each chapter.

Read More about Why software transparency is critical: Understanding supply chain security in a software-driven society

Why software transparency is critical: Understanding supply chain security in a software-driven society

March 7, 2023

App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

Teams are mired in CVEs, the NVD (which is fed by CVE data), and the CVSS. Experts explain why it's time to modernize.

Read More about App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

March 7, 2023

White House cyber strategy: A love/hate story

In a first, the Biden administration will hold software developers accountable for vulnerabilities. Naturally, it’s dividing opinions

Read More about White House cyber strategy: A love/hate story

White House cyber strategy: A love/hate story

March 2, 2023

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

March 1, 2023

LastPass revelations: BIG lessons for DevSecOps teams

Why was an engineer allowed to access critical keys from a home computer? "DevOops."

Read More about LastPass revelations: BIG lessons for DevSecOps teams

LastPass revelations: BIG lessons for DevSecOps teams

March 1, 2023

3 reasons to upgrade your AppSec testing to tackle supply chain security

Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.

Read More about 3 reasons to upgrade your AppSec testing to tackle supply chain security

3 reasons to upgrade your AppSec testing to tackle supply chain security

February 28, 2023

SBOM Automation: The next big step in risk management

SBOM automation is no longer just a nice-to-have — it's an absolute necessity.

Read More about SBOM Automation: The next big step in risk management

SBOM Automation: The next big step in risk management

February 27, 2023

Lessons learned from the CircleCI secrets breach

The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar

Read More about Lessons learned from the CircleCI secrets breach

Lessons learned from the CircleCI secrets breach

February 23, 2023

How C-SCRM could fill the gaps on supply chain security

The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security

Read More about How C-SCRM could fill the gaps on supply chain security

How C-SCRM could fill the gaps on supply chain security

February 23, 2023

Why devs and repos spill secrets

The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Here's what you need to know.

Read More about Why devs and repos spill secrets

Why devs and repos spill secrets