Blog | ReversingLabs | Dev & DevSecOps (4)

April 18, 2023

EU cyber laws ‘will’ make FOSS devs liable

The goal might be laudable, but aspects of the EU law need a major rethink. In this week’s Secure Software Blogwatch, we fear unintended consequences.

April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.

April 11, 2023

Why 'shift left' is now a dirty term in some security circles

Here's why some security practitioners question the term "shift left" — and what they think application security teams should focus on instead.

April 11, 2023

Has public USB ‘juice jacking’ made it into the wild?

Déjà vu, but carry protection, dev teams traveling with credentials: Theorized as early as 2011, could public-USB attacks have finally gone rogue?

April 5, 2023

With Twitter code in the wild, DevSecOps doubts surface

In this week’s Secure Software Blogwatch, we ponder the unintended consequences of “transparency.”

April 4, 2023

The 3CX breach was targeted — but the plan was broader

The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.

April 4, 2023

Docker's BuildKit adds attestation: How it works and key limitations

Here's what you need to know about BuildKit, how to leverage its SBOM capabilities — and its limitations for comprehensive supply chain security.

March 29, 2023

Do you trust AI to find app sec holes while you sleep?

Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.

March 28, 2023

How bulk pull requests help scale open source bug fixes

Common flaws are duplicated all across the software supply chain. Here's how security researchers want to automate fixes.

March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.

March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).

March 7, 2023

App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

Here's what you need to know about app sec's addiction to vulnerabilities — and why application security needs to evolve to take on supply chain security.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Dev & DevSecOps (4)

EU cyber laws ‘will’ make FOSS devs liable

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Why 'shift left' is now a dirty term in some security circles

Has public USB ‘juice jacking’ made it into the wild?

With Twitter code in the wild, DevSecOps doubts surface

The 3CX breach was targeted — but the plan was broader

Docker's BuildKit adds attestation: How it works and key limitations

Do you trust AI to find app sec holes while you sleep?

How bulk pull requests help scale open source bug fixes

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Dev & DevSecOps (4)

Topics

Follow us

Subscribe

Special Reports