June 14, 2023

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

ConversingLabs caught up with Srinivasan to discuss how OpenSSF's Security Scorecard can aid developers in assessing open source software components for their projects.

Read More about How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

June 14, 2023

How hackers access secrets

Bad actors are finding secrets across the supply chain. Here are the key attack methods — and what's needed to prevent them.

Read More about How hackers access secrets

How hackers access secrets

June 13, 2023

MOVEit software exploit walks before it runs

Cl0p quietly tested the flaw for two years before launching the full exploit. Lesson: Look both ways before crossing.

Read More about MOVEit software exploit walks before it runs

MOVEit software exploit walks before it runs

June 12, 2023

Self-attestation on software security: What development teams need to know

Software vendors that do business with the government must prove they are practicing basic supply chain security. Here's a rundown on the requirements.

Read More about Self-attestation on software security: What development teams need to know

Self-attestation on software security: What development teams need to know

June 8, 2023

The Gigabyte firmware backdoor: Lessons learned about supply chain security

Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.

Read More about The Gigabyte firmware backdoor: Lessons learned about supply chain security

The Gigabyte firmware backdoor: Lessons learned about supply chain security

June 8, 2023

The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical

The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical

June 7, 2023

What's the difference between app sec and supply chain security? It's all in the hack

ReversingLabs Field CISO Matt Rose explains the difference between application security hacks and software supply chain hacks.

Read More about What's the difference between app sec and supply chain security? It's all in the hack

What's the difference between app sec and supply chain security? It's all in the hack

June 6, 2023

PyPI hackers code sneaky new tactic. Researchers caught 'em red handed

Compiled-code behavior analysis beats old-skool app sec tools.

Read More about PyPI hackers code sneaky new tactic. Researchers caught 'em red handed

PyPI hackers code sneaky new tactic. Researchers caught 'em red handed

June 5, 2023

5 AI threats keeping SOC teams up at night

Your security operations team should be planning how to stay ahead of these emerging AI risks.

Read More about 5 AI threats keeping SOC teams up at night

5 AI threats keeping SOC teams up at night

June 1, 2023

The state of app sec with Chris Romeo: The year of the application is near

ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.

Read More about The state of app sec with Chris Romeo: The year of the application is near

The state of app sec with Chris Romeo: The year of the application is near

June 1, 2023

The Week in Security: Barracuda email flaw left open for months, calls for AI governance turn existential

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security

Read More about The Week in Security: Barracuda email flaw left open for months, calls for AI governance turn existential

The Week in Security: Barracuda email flaw left open for months, calls for AI governance turn existential

June 1, 2023

When byte code bites: Who checks the contents of compiled Python files?

The ReversingLabs research team has identified a novel attack on PyPI using compiled Python code to evade detection — possibly the first attack to take advantage of PYC file direct execution.

Read More about When byte code bites: Who checks the contents of compiled Python files?

When byte code bites: Who checks the contents of compiled Python files?

May 31, 2023

‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?

Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?

Read More about ‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?

‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?

May 30, 2023

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

Nvidia's tool is among the first to promise to manage the risk from generative AI. Here's what it can do — and an analysis of the scope of risk from AI.

Read More about Can AI-based software supply chain risk be tamed by NeMo Guardrails?

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

May 25, 2023

Q&A with ReversingLabs COO Peter Doggart: With software supply chain security, 'your brand is at stake'

The new Chief Operating Officer at ReversingLabs talks about the challenge of securing software supply chains — and the promise ReversingLabs offers.

Read More about Q&A with ReversingLabs COO Peter Doggart: With software supply chain security, 'your brand is at stake'

Q&A with ReversingLabs COO Peter Doggart: With software supply chain security, 'your brand is at stake'