Blog | ReversingLabs | Dev & DevSecOps (4)

Dev & DevSecOps (4)

April 19, 2023

Secrets security: The why, the how – and what to do about it

Secrets are increasingly exposed in code, creating a field-day for malicious actors. Here are key takeaways from our Secrets Exposed special report.

April 18, 2023

EU cyber laws ‘will’ make FOSS devs liable

The goal might be laudable, but aspects of the EU law need a major rethink. In this week’s Secure Software Blogwatch, we fear unintended consequences.

April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.

April 11, 2023

Why 'shift left' is now a dirty term in some security circles

Here's why some security practitioners question the term "shift left" — and what they think application security teams should focus on instead.

April 11, 2023

Has public USB ‘juice jacking’ made it into the wild?

Déjà vu, but carry protection, dev teams traveling with credentials: Theorized as early as 2011, could public-USB attacks have finally gone rogue?

April 5, 2023

With Twitter code in the wild, DevSecOps doubts surface

In this week’s Secure Software Blogwatch, we ponder the unintended consequences of “transparency.”

April 4, 2023

The 3CX breach was targeted — but the plan was broader

The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.

April 4, 2023

Docker's BuildKit adds attestation: How it works and key limitations

Here's what you need to know about BuildKit, how to leverage its SBOM capabilities — and its limitations for comprehensive supply chain security.

March 29, 2023

Do you trust AI to find app sec holes while you sleep?

Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.

March 28, 2023

How bulk pull requests help scale open source bug fixes

Common flaws are duplicated all across the software supply chain. Here's how security researchers want to automate fixes.

March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.

March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Dev & DevSecOps (4)

Secrets security: The why, the how – and what to do about it

EU cyber laws ‘will’ make FOSS devs liable

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Why 'shift left' is now a dirty term in some security circles

Has public USB ‘juice jacking’ made it into the wild?

With Twitter code in the wild, DevSecOps doubts surface

The 3CX breach was targeted — but the plan was broader

Docker's BuildKit adds attestation: How it works and key limitations

Do you trust AI to find app sec holes while you sleep?

How bulk pull requests help scale open source bug fixes

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Dev & DevSecOps (4)

Topics

Follow us

Subscribe

Special Reports