Webinar | Delivering Threat Analysis Beyond VirusTotal's Reach
Save Your Seat
ReversingLabs is the #1 Alternative to VirusTotal
Learn Why
New White Paper | The Monsters in Your Software Supply Chain
Read Now

AppSec & Supply Chain Security

The AI executive order: What AppSec teams need to know
November 30, 2023

The AI executive order: What AppSec teams need to know

While the new White House EO is largely focused on foundational AI, security teams reviewing AI initiatives are still in the hot seat.
Read More
Don't let CVEs distract you: Shift your AppSec team's focus to malware
November 22, 2023

Don't let CVEs distract you: Shift your AppSec team's focus to malware

Rather than wasting cycles on vulnerabilities, teams should focus on exploitability, and look for compromises including malware and tampering. Here's why.
Read More
How legacy AppSec is holding back Secure by Design
November 22, 2023

How legacy AppSec is holding back Secure by Design

Legacy development patterns and testing tools are holdovers from a more reactive type of AppSec. Here's why that's a problem — and how to move forward.
Read More
Zero trust and threat modeling: Is it time for AppSec to get on board?
November 15, 2023

Zero trust and threat modeling: Is it time for AppSec to get on board?

Is it time for zero trust-based threat modeling for your AppSec? Understand the benefits and challenges.
Read More
AI needs transparency: How supply chain security tools can protect ML models
November 9, 2023

AI needs transparency: How supply chain security tools can protect ML models

Supply-chain Levels for Software Artifacts (SLSA) and Sigstore are a good first step toward protecting ML models from attack. But they're not a panacea.
Read More
OWASP Top 10 for LLM update bridges the gap between AppSec and AI
November 7, 2023

OWASP Top 10 for LLM update bridges the gap between AppSec and AI

Generative AI is advancing at a breakneck pace. Here's a full rundown for your development and app sec teams to keep it from breaking your org's back.
Read More
5 best practices for putting SBOMs to work with CI/CD
November 1, 2023

5 best practices for putting SBOMs to work with CI/CD

SBOMs are essential — but making them useful is tricky in continuous integration/continuous deployment environments. Here are the key best practices.
Read More
IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations
October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.
Read More
How mature is your open-source risk management? S2C2F helps map out dependencies
October 26, 2023

How mature is your open-source risk management? S2C2F helps map out dependencies

OpenSSF's Secure Supply Chain Consumption Framework can help better lay out risk for open-source components — but remediation is left out of the picture.
Read More
App sec prioritization is priority No. 1 for CISOs
October 25, 2023

App sec prioritization is priority No. 1 for CISOs

Application security veterans Mark Curphey and John Viega went on a CISO listening tour. Here is what they learned.
Read More
GitHub boosts secrets scanning: A necessary step, but supply chain security is key to managing risk
October 24, 2023

GitHub boosts secrets scanning: A necessary step, but supply chain security is key to managing risk

GitHub extending validity checks to AWS, Slack etc. is welcome, but the risk posed by secrets leaks requires a holistic supply chain security approach.
Read More
The evolution of app sec: Getting off the scan-and-fix hamster wheel remains elusive
October 12, 2023

The evolution of app sec: Getting off the scan-and-fix hamster wheel remains elusive

Experts say scan-and-fix will remain for some time. But application security tools are evolving to provide prioritization and automation.
Read More

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs: The State of Open Source Software Security ConversingLabs: The State of Open Source Software Security
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: SBOMS and threat modeling ReversingGlass: SBOMS and threat modeling
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Video Conferencing Software Software Package Deconstruction: Video Conferencing Software
Analyzing Risks To Your Software Supply Chain