Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security

The Week in Security: Docker Hub leaks secrets, Black Basta ransomware gangs up on retailer

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

The Week in Security: Disguised Russian software used in U.S. Army, CDC applications

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

The Week in Security: Former Uber CSO convicted over hack cover-up, supply chain attack targets media

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Forrester Security & Risk Forum: Go beyond the software bill of materials

The Forrester Security & Risk Forum tool place this week in Washington D.C. with a full agenda, tackling a range of issues, from the cyber implications of geopolitical disruptions to the privacy and security implications of the Metaverse.

Special report: End-to-end supply chain security demands dev and SOC teams shift left together

Security operations centers (SOCs) and developers need to share the responsibility for securing the software supply chain. Find out why in ReversingLabs' latest report.

National Cyber Director: Higher bar for software supply chain security is key to cyber resilience

Chris Inglis said the government is setting a new bar for supply chain security as the national cybersecurity focus shifts from incident response to cyber resilience.

Google pairs GUAC with SLSA to take a bite out of software supply chain insecurity

Google is putting its weight behind a project to offer a comprehensive view of your software. Enter GUAC: Graph for Understanding Artifact Composition.

The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security

Here's what you need to know about the state of CI/CD tools — and why you need to upgrade your tools and approach to deliver secure software at speed.

SBOMs are critical to AppSec — but only the first step in your journey

Here's what to focus on for a comprehensive approach to application security across your entire software development pipeline.

SBOMs are coming for medical devices. Prof. Kevin Fu explains what to expect

The medical device sector is under pressure to improve software supply chain security, and software bills of materials (SBOMs) are front and center. ReversingLabs talks with Professor Kevin Fu of the Archimedes Center at University of Michigan about what to expect.

The Week in Security: Attacks on critical infrastructure and the software supply chain take off

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

What an SBOM is — and why it matters

Software bills of materials have become key to mitigating software threats. Here's what you need to know — and how to put them to work.

4 takeaways from the MITRE software security panel

With software supply chain attacks ramping up, software bills of materials (SBOMs) are getting the nod from both government and industry experts as a "no brainer."