Blog | ReversingLabs | Dev & DevSecOps (6)

January 25, 2023

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Top leaders and practitioners from eBay, Fidelity, T-Mobile and Tasktop share lessons from the Log4Shell vulnerability. Here are four key takeaways.

January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.

January 23, 2023

AI unleashed: Are you repared for next-gen software supply chain attacks?

ChatGTP and GitHub Copilot seem like a win for developers — under pressure to release new features continuously. But the code produced by generative AI needs serious scrutiny.

January 18, 2023

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!

January 12, 2023

The Week in Security: When AI attacks, ChatGPT lowers the bar for developing malware

This week: Trojan Puzzle attack shows how AI can be trained for malicious purposes. Also: ChatGPT is enabling script kiddies to write functional malware.

January 12, 2023

App sec and the supply chain: Work in tandem with engineers to achieve true software security

Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat.

December 20, 2022

DraftKings fantasy? How YOU can prevent credential stuffing attacks

There’s been a huge uptick in credential stuffing attacks, including at DraftKings. But dev teams can easily prevent it.

December 19, 2022

Expert panel: No ‘silver bullet’ for supply chain security

Experts and a top analyst discussed the state of software supply chain security in a recent Webinar. Here are key takeaways from their discussion.

December 14, 2022

Ahoy! More insecure code washes ashore with AlphaCode

Here comes AlphaCode: Another AI code-generating parlor trick spitting out vulnerabilities. Is your software security team ready for the onslaught?

December 7, 2022

ChatGPT: Parlor trick or Stack Overflow replacement?

The initial flush of enthusiasm for ChatGPT has waned. And quite a few of the bugs in the buggy code it spits out are exploitable security vulnerabilities.

November 30, 2022

Meta’s GDPR fine: Why your DevOps needs red teaming

Meta’s been fined $276 million for scraping data. What can you do to prevent this in your dev shop?

November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Dev & DevSecOps (6)

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Move over, npm: Now VS Code extensions can’t be trusted

AI unleashed: Are you repared for next-gen software supply chain attacks?

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?

The Week in Security: When AI attacks, ChatGPT lowers the bar for developing malware

App sec and the supply chain: Work in tandem with engineers to achieve true software security

DraftKings fantasy? How YOU can prevent credential stuffing attacks

Expert panel: No ‘silver bullet’ for supply chain security

Ahoy! More insecure code washes ashore with AlphaCode

ChatGPT: Parlor trick or Stack Overflow replacement?

Meta’s GDPR fine: Why your DevOps needs red teaming

GitHub repojacking attack: 10 lessons for software teams

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Dev & DevSecOps (6)

Topics

Follow us

Subscribe

Special Reports