Blog | ReversingLabs | AppSec & Supply Chain Security (27)

September 7, 2022

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.

September 6, 2022

The SBOM is evolving: 4 key trends boosting software supply chain security

Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.

August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.

August 18, 2022

6 reasons AppSec teams should shift gears and go beyond legacy vulnerabilities

The NVD represents a minority of software supply chain threats. With attacks surging, teams must shift from legacy vulnerabilities to focusing on malware.

August 12, 2022

NVD Analysis: Why you need to modernize your application security

The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.

August 11, 2022

The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022

Chris Krebs challenged Black Hat attendees to consider four factors that will determine cybersecurity's future: tech, bad actors, government, and people.

August 4, 2022

Buckle up for Black Hat 2022: Sessions your security team should not miss

Black Hat is set to return next week with two years of pent up cybersecurity research and discoveries. Here are the talks you don't want to miss.

August 3, 2022

Software supply chain security takes center stage at Black Hat 2022

Black Hat is best known for hardware and traditional software exploits, but this year it showcases more software supply chain security issues—marking the shift in the threat landscape.

August 2, 2022

OpenSSF's open source security mobilization initiative: Inside the 10-point action plan

Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.

July 21, 2022

The Week in Cybersecurity: SolarWinds attackers tap Google Drive, malware spreads via Play Store apps

The Week in Cybersecurity highlights: An APT group is using Dropbox and Google Drive to cover up attacks, and malware is spreading via Play Store apps.

July 19, 2022

CISA: Log4j threat will linger for years—so be prepared

A survey of the post-Log4j landscape found few successful hacks linked to it. The bad news? Log4Shell will linger for years — so you need to prepare.

June 29, 2022

SBOM Facts: Know what's in your software to fend off supply chain attacks

Not knowing what’s in your food can have consequences. The same is true for software. You need a software bill of materials (SBOM) to minimize risk.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (27)

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The SBOM is evolving: 4 key trends boosting software supply chain security

New malicious packages in PyPI: What it means for securing open source repositories

6 reasons AppSec teams should shift gears and go beyond legacy vulnerabilities

NVD Analysis: Why you need to modernize your application security

The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022

Buckle up for Black Hat 2022: Sessions your security team should not miss

Software supply chain security takes center stage at Black Hat 2022

OpenSSF's open source security mobilization initiative: Inside the 10-point action plan

The Week in Cybersecurity: SolarWinds attackers tap Google Drive, malware spreads via Play Store apps

CISA: Log4j threat will linger for years—so be prepared

SBOM Facts: Know what's in your software to fend off supply chain attacks

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (27)

Topics

Follow us

Subscribe

Special Reports