Blog | ReversingLabs | AppSec & Supply Chain Security (12)

January 17, 2024

GitHub Actions hack bolsters case for complex binary analysis

Here are key takeaways from the research — and why you need to evolve your application security approach with binary analysis and reproducible builds.

January 16, 2024

Key takeaways from the 2024 State of SSCS Report

ReversingLabs has released its annual report covering the state of software supply chain security. Learn top trends and get unique insights.

January 16, 2024

SSCS attacks: A (partial) history

A list of known (documented, reported) attacks involving compromises of software supply chains (from latest to oldest).

January 11, 2024

Evolution of AppSec: 4 requirements for the software supply chain security era

AppSec must make a giant leap forward to modern practices and tooling in order to tackle the new era of software supply chain attacks. Here are four steps.

January 9, 2024

Zoom joins the vulnerability fray: Will VISS move the needle on AppSec?

Here's what you need to know about Zoom's Vulnerability Impact Scoring System, how it compares to EPSS — and how it can advance your application security.

January 4, 2024

A definitive guide: Federal software supply chain security initiatives

The federal government added important new guidance in 2023. Get up to speed — and see our interactive timeline of attacks — to stay ahead in 2024.

January 3, 2024

The state of container security: 5 key steps to locking down your releases

Here are best practices — and recommendations for tooling — to modernize your software supply chain security approach.

January 2, 2024

Key reasons third-party cyber risk management programs fail

Here's why organizations are struggling with TPCRM — and how to develop an effective program.

January 1, 2024

Gartner® report addresses SSCS risks

A new Gartner report provide guidance for organizations aiming to mitigate software supply chain risks, including a call for automated analysis of malware.

December 21, 2023

The JetBrains TeamCity software supply chain attack: Lessons learned

The TeamCity incident is similar to SunBurst, which was behind the attack on SolarWinds. But there are differences. Here are lessons learned, to help secure your pipeline.

December 20, 2023

ESF steps up supply chain security guidance with call for binary analysis

To advance the state of software supply chain security, the ESF has called for going beyond legacy testing with binary analysis and reproducible builds.

December 14, 2023

The Hugging Face API token breach: 5 lessons learned

More than 1,500 tokens were exposed, leaving millions of AI models and datasets vulnerable. Here's what your security team can learn from the compromise.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (12)

GitHub Actions hack bolsters case for complex binary analysis

Key takeaways from the 2024 State of SSCS Report

SSCS attacks: A (partial) history

Evolution of AppSec: 4 requirements for the software supply chain security era

Zoom joins the vulnerability fray: Will VISS move the needle on AppSec?

A definitive guide: Federal software supply chain security initiatives

The state of container security: 5 key steps to locking down your releases

Key reasons third-party cyber risk management programs fail

Gartner® report addresses SSCS risks

The JetBrains TeamCity software supply chain attack: Lessons learned

ESF steps up supply chain security guidance with call for binary analysis

The Hugging Face API token breach: 5 lessons learned

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (12)

Topics

Follow us

Subscribe

Special Reports