C-SCRM: We’re from the government — and we’re here to help with software supply chain security
Supply chain risk management guidance incoming, like it or not
C-SCRM: We’re from the government — and we’re here to help with software supply chain security
The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Leverage third-party software validation to bolster your supply chain security
Here's how risks emerge with third-party software, and why third-party partners are best for validating software security end-to-end
Google’s Open Source Team Layoffs A Security Risks
Firing ‘the best of the best’ does not bode well for software security. Will the last to leave please turn off the lights?
Go beyond Software Bills of Mediocrity
Software Bills of Materials could become Software Bills of Mediocrity. But not if we can agree on their real value for software supply chain security.
The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Lessons from Log4Shell: 4 key takeaways for DevSecOps teams
The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.
Move over, npm: Now VS Code extensions can’t be trusted
It’s super easy to spoof Visual Studio Code extensions. And those spoofed extensions are incredibly hard to detect.
AI unleashed: Are you repared for next-gen software supply chain attacks?
ChatGPT and Copilot are a clear and present danger to software security. Modernize your AppSec approach today
From the Labs: YARA Rule for Detecting Black Basta
ReversingLabs’ YARA detection rule for Black Basta can help you find this ransomware in your environment.
The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?
Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!
Why you should get out in front of software security requirements
Get out in front of new compliance requirements for a competitive advantage. Here's what your software organization needs to know.
The CircleCI secrets hack: A red flag on software supply chain risk
Security teams should consider software supply chain risk through a new lens after the latest CircleCI incident.
ReversingLabs Threat Analysis and Hunting Solution January 2023 Update: Driving SecOps Forward
Learn how your organization can reduce cyber risks (as well as operational workload and tool costs) while ensuring data and file privacy. Plus, explore how your security team can reduce MTTD and prioritize malicious files for triage.