Blog | ReversingLabs | Dev & DevSecOps (8)

September 28, 2022

DevOps teams: BGP security is BAD. But you can fix it

Border Gateway Protocol’s security is laughable — but there are things you can do to mitigate the risks.

September 23, 2022

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis. (Updated with MachO executable information.)

September 22, 2022

Rust finds its mojo: Move forward to memory-safe code

It’s confirmed: The Linux kernel will have Rust support soon. Linus Torvalds and Mark Russinovich say the time is now if you want to memory-safe code.

September 19, 2022

White House now requires software adhere to NIST standards

The new memo calls on firms selling software to the government to attest to its conformity with NIST security standards. Here's what you need to know.

September 15, 2022

Why Twitter security sucks: Half of staff has PII access

Twitter’s former head of security, Peiter “Mudge” Zatko (pictured), has some damning things to say about the service’s DevOps security — or lack of it.

September 14, 2022

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.

September 7, 2022

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.

September 6, 2022

The SBOM is evolving: 4 key trends boosting software supply chain security

Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.

August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.

August 22, 2022

To secure your CI/CD pipelines, round up the usual suspects

Exploring the “how” of CI/CD compromises, researchers show many of the culprits will be familiar to security teams.

August 12, 2022

NVD Analysis: Why you need to modernize your application security

The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.

June 29, 2022

7 container security best practices

Containers are powerful, but also a challenge to secure. Here's how to protect your containers — and their underlying infrastructure — across your SDLC.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Dev & DevSecOps (8)

DevOps teams: BGP security is BAD. But you can fix it

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

Rust finds its mojo: Move forward to memory-safe code

White House now requires software adhere to NIST standards

Why Twitter security sucks: Half of staff has PII access

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The SBOM is evolving: 4 key trends boosting software supply chain security

New malicious packages in PyPI: What it means for securing open source repositories

To secure your CI/CD pipelines, round up the usual suspects

NVD Analysis: Why you need to modernize your application security

7 container security best practices

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Dev & DevSecOps (8)

Topics

Follow us

Subscribe

Special Reports