<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">

Dev & DevSecOps

September 20, 2023

The art of security chaos engineering

What if dev and app sec teams showed the same nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why it's essential.
September 12, 2023

SANS DevSecOps report: 5 key takeaways

"Shift left" is giving way to up-front risk assessments, and companies are tapping external support for third-party compliance. Learn from app sec peers.
September 7, 2023

20 application security pros you should follow

These leading app sec experts provide a steady of flow of security knowledge to keep you up to speed.
August 21, 2023

Risk modeling initiative aims to expose the 'hiddenness of knowledge' in the supply chain

GUAC-ALYTICs will model risk across open source software supply chain interdependencies using a new algorithmic engine. Here's what you need to know.
August 16, 2023

CISA's Secure by Design: Too much, too soon?

Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise.
August 15, 2023

AI coding helpers get FAILing grade

Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions. Only fools rush in.
August 8, 2023

Listen up, devs: AI trained to overhear passwords

Deep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.
August 3, 2023

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
August 2, 2023

FraudGPT/WormGPT: Scammy for now — but a worrying signpost for software security

Your app sec team should factor in more capable malicious AI tools, coming soon.
July 25, 2023

No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’

It’s an optional trial program (for now). How would your dev team cope? Is this the future of zero trust?
July 19, 2023

Safe programming languages: A solid first step for application security

Safe programming languages and packages can dramatically reduce vulnerabilities. Here's my rundown on the safest bets for secure coding.
July 17, 2023

Federal CI/CD security guidance: Been there, done that

CISA and NSA issued security guidance on continuous integration/continuous delivery environments — but missed an opportunity to escalate the conversation.

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The Art of Security Chaos Engineering The Art of Security Chaos Engineering
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: Happy Birthday, ReversingGlass ReversingGlass: Happy Birthday, ReversingGlass
Glassboard conversations with ReversingLabs Field CISO Matt Rose