RL SSCS Report: A 2025 retrospective
ReversingLabs looked at last year’s Software Supply Chain Security Report in the rear-view mirror. Here’s what RL got right — and wrong.
AppSec & Supply Chain Security
RL SSCS Report: A 2025 retrospective
RL SSCS Report 2026: A guidance timeline
Here are the guidelines, mandates, frameworks, and goals that have refined software supply chain security policy.
RL SSCS Report 2026: 5 key takeaways
OSS and dev tools are targets as AI risk rises. Learn more in the Software Supply Chain Security Report 2026.
SSDF 1.2 sees AppSec as a journey
NIST has broadened the Secure Software Development Framework to include the full SDLC. Here’s why it matters.
Mandatory SBOMs: Why CRA matters
The EU’s Cyber Resilience Act legally obliges software producers to create and maintain an SBOM. Are you prepared?
Shai-hulud post-mortem: A call to action on AppSec
Trigger.dev's experience shows that you need modern controls to combat today's supply chain attacks.
How supply chain risk can affect cyber insurance
Gaining visibility into supply chain threats — and adding controls for software risk — are essential to insurability.
OWASP tackles AI risk in bold new push
The Open Worldwide Application Security Project now includes an Agentic Top 10, an AI testing guide, and an AI vulnerability scoring tool.
Security frameworks fail on supply chain risk
Researchers studied how well the top frameworks mitigate modern attack techniques. They found serious security gaps.
Why AI and cloud-native are security game-changers
Yesterday's security practices can't tackle today's risks, a new CSA guide notes — making updating tooling essential.
OWASP Top 10 tackles supply chain risk
The Open Worldwide Application Security Project’s widely used AppSec priority list is expanding to cover systemic risk.
CTEM advances vulnerability management
Gartner's Continuous Threat Exposure Management model represents an evolution from CVSS. Here’s what you need to know.
AI vulnerability reporting fails maintainers
Google and others are inundating developers with AI-driven reporting. Are AI-enabled fixes the answer?
New AI security tool lays out key exposures
Risk Rubric gives assessments for LLM transparency, security and more. But it's only one tool in your AI security toolbox.
Why core security controls for vibe coding are critical
Vibe coding is not going away — and the threat is real. But are developer tools like VibeSec that shift controls left up to the job?