June 14, 2023

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

In this ConversingLabs Cafe interview, Naveen Srinivasan, a maintainer of the OpenSSF Security Scorecard, talks about evaluating software dependency risk.
May 1, 2023

RSAC in review: Supply chain security, cyber war and AI

The stakes were raised at RSAC 2023: A “hot” cyber war in Ukraine, supply chain attacks on the rise — and let's not forget about artificial intelligence.
April 27, 2023

The rise of malware in the software supply chain – and what to do about it

Charlie Jones of ReversingLabs explains risk with supply chain attacks — and what development teams can do to spot malware lurking in signed code.
April 26, 2023

#RSAC is big again — and AI + security is huge: #StrongerTogether?

RSA Conference is back big in 2023, with large language models buzzing: Al to fight AI, and generative AI and supply chain security.
April 24, 2023

Package names repurposed to push malware on PyPI

What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
April 24, 2023

What traditional app sec tools miss: The monsters in your software supply chain

Matt Rose will present at RSAC 2023 on the mismatch between traditional app sec tools like SCA and modern supply chain threats. Here are key highlights.
April 19, 2023

Secrets Exposed: The why, the how – and what to do about – secrets security in software

Secrets are increasingly exposed in code, creating a field-day for malicious actors. Here are key takeaways from our Secrets Exposed special report.
April 19, 2023

What’s hot at RSA Conference 2023: 8 must-see software supply chain security talks

Software supply chain security is taking center-stage at RSAC 2023. Here are the talks you don't want to miss.
April 18, 2023

What’s hot at RSA Conference 2023: 6 must-see malware analysis and threat hunting talks

There is so much to take in at RSAC. Cut through the noise with our list of threat-focused talks you don't want to miss.
March 21, 2023

Secrets Exposed: How to mitigate risk from secrets leaks — and prevent future breaches

Software secrets are targeted by malicious actors. Here are three key steps to mitigate risk — and best practices you can take to prevent future breaches.
March 14, 2023

Secrets Exposed: How hackers are gaining access to software secrets

Here’s how attackers are finding software development secrets buried in code repositories — and exploiting them. 
February 23, 2023

Secrets Exposed: Why modern development, open source repositories spill secrets en masse

The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Learn the why in this first post in our Secrets Revealed series.


Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The Art of Security Chaos Engineering The Art of Security Chaos Engineering
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: Happy Birthday, ReversingGlass ReversingGlass: Happy Birthday, ReversingGlass
Glassboard conversations with ReversingLabs Field CISO Matt Rose