Claude Code Security: The pros and cons
The new tool is a step forward on AI coding risk — but it trips on modern threats because it looks only at source code.
AppSec & Supply Chain Security
Claude Code Security: The pros and cons
AI-native AppSec: What it is — and why it matters
AI coding is a game-changer — and requires AI-powered application security to fight fire with fire.
BSIMM16 confirms: AI redefines AppSec
AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.
How AI agents upend supply chain security
Here’s what you need to know about their impact on software security — and what you can do to fight back.
Commercial software risk: New controls required
Legacy strategies and tooling can’t manage today’s software threats. Here’s why binary analysis is necessary.
Gartner® CISO Playbook for Commercial SSCS: 3 key insights
Here are the takeaways CISOs and other security leaders should consider for their TPCRM strategies.
Notepad++ hack: Supply chain threats evolve
A compromise of the source code editor underscores attack method diversification. It's time to go beyond trust.
RL SSCS Report: A 2025 retrospective
ReversingLabs looked at last year’s Software Supply Chain Security Report in the rear-view mirror. Here’s what RL got right — and wrong.
RL SSCS Report 2026: A guidance timeline
Here are the guidelines, mandates, frameworks, and goals that have refined software supply chain security policy.
RL SSCS Report 2026: 5 key takeaways
OSS and dev tools are targets as AI risk rises. Learn more in the Software Supply Chain Security Report 2026.
SSDF 1.2 sees AppSec as a journey
NIST has broadened the Secure Software Development Framework to include the full SDLC. Here’s why it matters.
Mandatory SBOMs: Why CRA matters
The EU’s Cyber Resilience Act legally obliges software producers to create and maintain an SBOM. Are you prepared?
Shai-hulud post-mortem: A call to action on AppSec
Trigger.dev's experience shows that you need modern controls to combat today's supply chain attacks.
How supply chain risk can affect cyber insurance
Gaining visibility into supply chain threats — and adding controls for software risk — are essential to insurability.
OWASP tackles AI risk in bold new push
The Open Worldwide Application Security Project now includes an Agentic Top 10, an AI testing guide, and an AI vulnerability scoring tool.