ReversingGlass Video: How Software Supply Chains Go Wrong...in less then 5 minutes.
Watch Now
Read the LATEST Software Supply Chain Security Risk Report
Read Now
Webinar Alert! The Future of Complex Code Destruction
Register Now

Software Bill of Materials (SBOM)

CycloneDX 1.5: The next big step for SBOMs and software transparency
July 12, 2023

CycloneDX 1.5: The next big step for SBOMs and software transparency

With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.
Read More
CISA SBOM-a-rama tackles challenges: 5 key takeaways
June 15, 2023

CISA SBOM-a-rama tackles challenges: 5 key takeaways

The challenges — and also the promise — of software bills of materials were on display Wednesday as CISA hosted SBOM-a-rama. Here are five key takeaways.
Read More
Self-attestation: What software teams need to know
June 12, 2023

Self-attestation: What software teams need to know

Software vendors who do business with the federal government now have to prove they are practicing basic supply chain security. Here are the requirements.
Read More
7 obstacles to SBOM success
May 16, 2023

7 obstacles to SBOM success

The path to success for software bills of materials is riddled with hurdles. Experts explain key factors that could threaten your SBOM investments.
Read More
What’s behind SBOM skepticism? One word: Fear
May 10, 2023

What’s behind SBOM skepticism? One word: Fear

In this ConversingLabs talk, Josh Corman, founder of I Am The Cavalry, explains what’s behind industry skepticism around software bills of materials.
Read More
How to operationalize SBOMs for incident response
May 2, 2023

How to operationalize SBOMs for incident response

Learn why Software Bills of Materials are essential for cybersecurity incident response — and how to put them to work.
Read More
Software supply chain security and SBOM automation: The next big step in risk management
February 28, 2023

Software supply chain security and SBOM automation: The next big step in risk management

Here's a look at the state of Software Bills of Materials (SBOMs) — and why automating them is the next big step in managing software supply chain risk.
Read More
The case for SBOM benchmarks: "Ground truth" is key
February 13, 2023

The case for SBOM benchmarks: "Ground truth" is key

SBOMs help software teams protect their supply chains — but they can also create new challenges. Here's why standardization is needed.
Read More
6 misconceptions about Software Bills of Materials
January 30, 2023

6 misconceptions about Software Bills of Materials

SBOMs could become Software Bills of Mediocrity. But not if we can agree on their value for software supply chain security. Chris Romeo explains.
Read More
Supply chain security and compliance: Why software organizations should get out in front of requirements
January 18, 2023

Supply chain security and compliance: Why software organizations should get out in front of requirements

Get out in front of software supply chain compliance requirements for a competitive advantage. Here's what your software organization needs to know.
Read More
Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security
December 1, 2022

Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security

One year ago, a vulnerability in Apache’s Log4j turned the security world on its ear. What has changed since then? Here are the key takeaways from Log4Shell's legacy.
Read More
GitHub repojacking attack: 10 lessons for software teams
November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.
Read More

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Apple Devices as a Growing Attack Vector Apple Devices as a Growing Attack Vector
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key
Glassboard conversations with ReversingLabs Field CISO Matt Rose