Blog | ReversingLabs | AppSec & Supply Chain Security (27)

October 18, 2022

What an SBOM is — and why it matters

Software bills of materials have become key to mitigating software threats. Here's what you need to know — and how to put them to work.

October 17, 2022

4 takeaways from the MITRE software security panel

With software supply chain attacks ramping up, software bills of materials are getting the nod from both government and industry experts as a "no brainer."

October 13, 2022

The Week in Security: Google takes next step on supply chain risk, UK issues software security guidance

This week: Google Cloud announces new solution to tackle software supply chain risk, multiple vulnerabilities in Adobe products could lead to arbitrary code execution, and more.

October 11, 2022

Packagist PHP repo supply chain attack: 3 key takeaways

A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.

October 6, 2022

Week in Security: Open source tool used to steal data from defense firm

This week: APT groups targeted a defense industrial base sector organization, why SBOMs are a great “first step,” and more.

October 4, 2022

Gartner: Knowing your software's ingredients is critical to managing risk

With third-party sources — and supply chain attacks surging — Gartner expects adoption of SBOMs to go from less than 5% now to 60% in 2025.

September 29, 2022

The Week in Security: Bill tasks CISA Director with responsibility for open source software security

This week: A new bill tasks the CISA Director with tackling open source software security, a leaked LockBit builder is being used by a new ransomware gang, and more.

September 19, 2022

White House now requires software adhere to NIST standards

The new memo calls on firms selling software to the government to attest to its conformity with NIST security standards. Here's what you need to know.

September 14, 2022

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.

September 7, 2022

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.

September 6, 2022

The SBOM is evolving: 4 key trends boosting software supply chain security

Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.

August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (27)

What an SBOM is — and why it matters

4 takeaways from the MITRE software security panel

The Week in Security: Google takes next step on supply chain risk, UK issues software security guidance

Packagist PHP repo supply chain attack: 3 key takeaways

Week in Security: Open source tool used to steal data from defense firm

Gartner: Knowing your software's ingredients is critical to managing risk

The Week in Security: Bill tasks CISA Director with responsibility for open source software security

White House now requires software adhere to NIST standards

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The SBOM is evolving: 4 key trends boosting software supply chain security

New malicious packages in PyPI: What it means for securing open source repositories

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (27)

Topics

Follow us

Subscribe

Special Reports