Blog | ReversingLabs | Dev & DevSecOps (5)

March 7, 2023

White House cyber strategy: A love/hate story

The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.

March 2, 2023

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

New details expose that the recent hack on LastPass was worse than previously thought. Also: CISA has called for for software makers who develop insecure software to be held liable.

March 1, 2023

LastPass revelations: BIG lessons for DevSecOps teams

LastPass has revealed a little more about the vault breach that occurred during August last year. And there are big, big lessons to be learned for DevSecOps teams.

February 22, 2023

Developers beware: Imposter HTTP libraries lurk on PyPI

ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.

February 21, 2023

Core-JS: Beware hidden dependencies from indebted Russian developers

Denis Pushkarev has big debts — and his code is everywhere. The supply chain security alarm should be at DEFCON 2 by now. We sum it up at fast pace.

February 21, 2023

OSC&R targets software supply chain attacks

Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.

February 15, 2023

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development.

February 14, 2023

Software composition analysis and the evolution of application security

Here are key takeaways from The Software Composition Analysis Landscape, Q1 2023 report — and how app sec is evolving to adapt to supply chain threats

February 8, 2023

Leaky app gives researcher 'total, global control' over the Toyota supplier network

A researcher discovered a JsonWebToken flaw in a Toyota app that gave access to corporate user accounts, as well as suppliers — and even Toyota parts.

January 31, 2023

Google’s Open Source Team Layoffs A Security Risks

Firing ‘the best of the best’ in open source does not bode well for software security. Will the last to leave please turn off the lights?

January 25, 2023

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Top leaders and practitioners from eBay, Fidelity, T-Mobile and Tasktop share lessons from the Log4Shell vulnerability. Here are four key takeaways.

January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Dev & DevSecOps (5)

White House cyber strategy: A love/hate story

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

LastPass revelations: BIG lessons for DevSecOps teams

Developers beware: Imposter HTTP libraries lurk on PyPI

Core-JS: Beware hidden dependencies from indebted Russian developers

OSC&R targets software supply chain attacks

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Software composition analysis and the evolution of application security

Leaky app gives researcher 'total, global control' over the Toyota supplier network

Google’s Open Source Team Layoffs A Security Risks

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Move over, npm: Now VS Code extensions can’t be trusted

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Dev & DevSecOps (5)

Topics

Follow us

Subscribe

Special Reports