Blog | ReversingLabs | Dev & DevSecOps (7)

Dev & DevSecOps (7)

November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

November 22, 2022

Your support must scale: Don’t be like Meta, dev teams

Your users have targets on their backs: Is your dev team tooling up for that?

November 21, 2022

4 ways GitOps can help secure your software pipeline

GitOps can help control configuration drift and enable your infrastructure security to shift left, for starters. Here are four ways it can enable better software security.

November 16, 2022

Track this: Apple, Google hit with BIG privacy law claims

Google has lost a long standing privacy case. And now Apple faces a big ol’ privacy class action. In this week’s Secure Software Blogwatch, we navigate the minefield.

November 9, 2022

Dropbox reveals hack: What DevOps can learn from it

Dropbox was recently hacked. So what can your DevOps team learn from it? For one, not all MFA schemes are created equal.

November 2, 2022

Reflection attacks: Don’t be part of the problem

Once again, Microsoft shows devs what NOT to do.

October 31, 2022

National Cyber Director: Higher bar for software supply chain security is key to cyber resilience

National Cyber Director Chris Inglis said the government is setting a new bar for supply chain security as the focus shifts from response to resilience.

October 27, 2022

OWASP at a crossroads: Founder Mark Curphey's call for relevance in the age of DevSecOps

After two decades of raising awareness about the big problems in application security, the Open Web Application Security Project (OWASP) stands at a crossroads. Founder Mark Curphey outlines his manifesto for modernization.

October 26, 2022

Google pairs GUAC with SLSA to take a bite out of software supply chain insecurity

Are you ready to dip into this tasty repo for better software security?

October 19, 2022

Devs: Don’t rely on GitHub Copilot — legal risk gets real

GitHub’s Copilot ML code-completion engine is violating copyright wholesale, say high-profile open source advocates.

October 12, 2022

DevOps lesson from Toyota FAIL: Crash test secrets

Do: Detect daft devs defying doctrine — Toyota stored prod database credentials in GitHub for five years

October 11, 2022

Packagist PHP repo supply chain attack: 3 key takeaways

A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Dev & DevSecOps (7)

GitHub repojacking attack: 10 lessons for software teams

Your support must scale: Don’t be like Meta, dev teams

4 ways GitOps can help secure your software pipeline

Track this: Apple, Google hit with BIG privacy law claims

Dropbox reveals hack: What DevOps can learn from it

Reflection attacks: Don’t be part of the problem

National Cyber Director: Higher bar for software supply chain security is key to cyber resilience

OWASP at a crossroads: Founder Mark Curphey's call for relevance in the age of DevSecOps

Google pairs GUAC with SLSA to take a bite out of software supply chain insecurity

Devs: Don’t rely on GitHub Copilot — legal risk gets real

DevOps lesson from Toyota FAIL: Crash test secrets

Packagist PHP repo supply chain attack: 3 key takeaways

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Dev & DevSecOps (7)

Topics

Follow us

Subscribe

Special Reports