Blog | ReversingLabs | AppSec & Supply Chain Security (13)

November 7, 2023

OWASP Top 10 for LLM update bridges gap between AppSec and AI

Generative AI is advancing at a breakneck pace. Here's a full rundown for your development and app sec teams to keep it from breaking your org's back.

November 1, 2023

5 best practices for securing your CI/CD with software bills of materials

SBOMs are essential — but making them useful is tricky in continuous integration/continuous deployment environments. Here are the key best practices.

October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.

October 26, 2023

How mature is your open-source risk management? S2C2F helps map dependencies

OpenSSF's Secure Supply Chain Consumption Framework can help better lay out risk for open-source components — but remediation is left out of the picture.

October 25, 2023

App sec prioritization is priority No. 1 for CISOs

Application security veterans Mark Curphey and John Viega went on a CISO listening tour. Here is what they learned.

October 24, 2023

GitHub boosts secrets scanning: A necessary step, but supply chain security is key to managing risk

GitHub extending validity checks to AWS, Slack etc. is welcome, but the risk posed by secrets leaks requires a holistic supply chain security approach.

October 12, 2023

The evolution of AppSec: Getting off the hamster wheel remains elusive

Experts say scan-and-fix will remain for some time. But application security tools are evolving to provide prioritization and automation.

October 10, 2023

5 ways APIs can be the weak link in supply chain security

Here's why application programming interface security is critical to supply chain security — and the key advances needed to move API security forward.

October 2, 2023

NIST supply chain security guidance for CI/CD environments: What you need to know

While NIST's guidelines for supply chain security in CI/CD environments are welcomed, putting them into practice may be challenging for some organizations.

September 26, 2023

EPSS vs. CVSS: Exploit prediction could move the needle on software risk

EPSS vs CVSS: Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future?

September 21, 2023

Threat modeling and the supply chain: An essential tool for managing SDLC risk

Here's what your team needs to understand about threat modeling and software supply chain security — a critical mapping of risk.

September 20, 2023

The art of security chaos engineering

What if dev and app sec teams showed the same nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why it's essential.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (13)

OWASP Top 10 for LLM update bridges gap between AppSec and AI

5 best practices for securing your CI/CD with software bills of materials

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

How mature is your open-source risk management? S2C2F helps map dependencies

App sec prioritization is priority No. 1 for CISOs

GitHub boosts secrets scanning: A necessary step, but supply chain security is key to managing risk

The evolution of AppSec: Getting off the hamster wheel remains elusive

5 ways APIs can be the weak link in supply chain security

NIST supply chain security guidance for CI/CD environments: What you need to know

EPSS vs. CVSS: Exploit prediction could move the needle on software risk

Threat modeling and the supply chain: An essential tool for managing SDLC risk

The art of security chaos engineering

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (13)

Topics

Follow us

Subscribe

Special Reports