Blog | ReversingLabs | Dev & DevSecOps (2)

Dev & DevSecOps (2)

September 12, 2023

SANS DevSecOps report: 5 key takeaways

"Shift left" is giving way to up-front risk assessments, and companies are tapping external support for third-party compliance. Learn from app sec peers.

September 7, 2023

20 application security pros you should follow

These leading app sec experts provide a steady of flow of security knowledge to keep you up to speed.

August 21, 2023

Risk modeling model exposes supply chain's 'hiddenness of knowledge'

GUAC-ALYTICs will model risk across open source software supply chain interdependencies using a new algorithmic engine. Here's what you need to know.

August 16, 2023

CISA's Secure by Design: Too much, too soon?

Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise.

August 15, 2023

AI coding helpers get FAILing grade

Purdue researchers expose generative AI tools like Copilot's frequent errors when asked basic development questions. Only fools rush in.

August 8, 2023

Listen up, devs: AI trained to overhear passwords

Deep learning model knows what keys you press — “with 95% accuracy.” The password's days are numbered.

August 3, 2023

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.

August 2, 2023

FraudGPT/WormGPT: Scammy for now — but a worrying signpost for software security

Your app sec team should factor in more capable malicious AI tools, coming soon.

July 25, 2023

No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’

It’s an optional trial program (for now). How would your dev team cope? Is this the future of zero trust?

July 19, 2023

Safe programming languages: A solid first step for application security

Safe programming languages and packages can dramatically reduce vulnerabilities. Here's my rundown on the safest bets for secure coding.

July 17, 2023

Federal security guidance: Been there, done that

CISA and NSA issued security guidance on continuous integration/continuous delivery environments — but missed an opportunity to escalate the conversation.

July 5, 2023

Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites

C’mon, dev teams — it's about time to get serious about memory safety, XSS and SQLi.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Dev & DevSecOps (2)

SANS DevSecOps report: 5 key takeaways

20 application security pros you should follow

Risk modeling model exposes supply chain's 'hiddenness of knowledge'

CISA's Secure by Design: Too much, too soon?

AI coding helpers get FAILing grade

Listen up, devs: AI trained to overhear passwords

VMConnect: Malicious PyPI packages imitate popular open source modules

FraudGPT/WormGPT: Scammy for now — but a worrying signpost for software security

No net for some, no root for devs — Google pilot walls off staff internet, access for ‘safety’

Safe programming languages: A solid first step for application security

Federal security guidance: Been there, done that

Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Dev & DevSecOps (2)

Topics

Follow us

Subscribe

Special Reports