Google pairs GUAC with SLSA to take a bite out of software supply chain insecurity
Google is putting its weight behind a project to offer a comprehensive view of your software. Enter GUAC: Graph for Understanding Artifact Composition.
AppSec & Supply Chain Security
Google pairs GUAC with SLSA to take a bite out of software supply chain insecurity
The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security
Here's what you need to know about the state of CI/CD tools — and why you need to upgrade your tools and approach to deliver secure software at speed.
SBOMs are critical to AppSec — but only the first step in your journey
Here's what to focus on for a comprehensive approach to application security across your entire software development pipeline.
SBOMs are coming for medical devices. Prof. Kevin Fu explains what to expect
The medical device sector is under pressure to improve software supply chain security, and software bills of materials (SBOMs) are front and center. ReversingLabs talks with Professor Kevin Fu of the Archimedes Center at University of Michigan about what to expect.
The Week in Security: Attacks on critical infrastructure and the software supply chain take off
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
What an SBOM is — and why it matters
Software bills of materials have become key to mitigating software threats. Here's what you need to know — and how to put them to work.
4 takeaways from the MITRE software security panel
With software supply chain attacks ramping up, software bills of materials (SBOMs) are getting the nod from both government and industry experts as a "no brainer."
The Week in Security: Google takes next step on supply chain risk, UK issues software security guidance
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of cybersecurity.
Packagist PHP repo supply chain attack: 3 key takeaways
A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.
Week in Security: Open source tool used to steal data from defense firm
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Gartner: Knowing your software's ingredients is critical to managing risk
With third-party sources — and supply chain attacks surging — Gartner expects adoption of SBOMs to go from less than 5% now to 60% in 2025
The Week in Security: Bill tasks CISA Director with responsibility for open source software security
Welcome to the latest edition of The Week in Security, which brings you the most important headlines from the world and our team across the full stack of security: application security, cybersecurity, and beyond.
White House now requires software adhere to NIST standards
Selling software to the government? You must now attest to conformity with NIST standards. And SBOMs, while not required, are preferred.
OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain
Here's what you need to know about the new OpenSSF npm security best practices.
Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world
New federal guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. A software bill of materials (SBOM) is central. Here are four key takeaways.