Special Report: The State of Software Supply Chain Security 2022-2023
READ NOW
Get Your Free Software Bill of Materials (SBOM) Report & Analysis
START HERE

Software Supply Chain Security

Move over, npm: Now VS Code extensions can’t be trusted
January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.
Read More
AI unleashed: Are you prepared for the next generation of software supply chain attacks?
January 23, 2023

AI unleashed: Are you prepared for the next generation of software supply chain attacks?

ChatGTP and GitHub Copilot seem like a win for developers — under pressure to release new features continuously. But the code produced by generative AI needs serious scrutiny.
Read More
The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet
January 19, 2023

The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet

This week: A new software supply chain attack has been discovered on PyPI. Also: A ransomware attack on ship management software impacts 1000 vessels.
Read More
Supply chain security and compliance: Why software organizations should get out in front of requirements
January 18, 2023

Supply chain security and compliance: Why software organizations should get out in front of requirements

Get out in front of software supply chain compliance requirements for a competitive advantage. Here's what your software organization needs to know.
Read More
The CircleCI hack is a red flag for security teams on software supply chain risk
January 13, 2023

The CircleCI hack is a red flag for security teams on software supply chain risk

Security teams should consider consider software supply chain risk through a new lens after the latest CircleCI incident.
Read More
App sec and the supply chain: Work in tandem with engineers to achieve true software security
January 12, 2023

App sec and the supply chain: Work in tandem with engineers to achieve true software security

Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat. 
Read More
If you don't love me now: JsonWebToken could break the software supply chain (again)
January 11, 2023

If you don't love me now: JsonWebToken could break the software supply chain (again)

The JsonWebToken library has a serious flaw, which could lead to remote code execution. While exploitability is questionable, it could be a big problem.
Read More
After hack, CircleCI tells devs to update secrets now
January 11, 2023

After hack, CircleCI tells devs to update secrets now

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.
Read More

SUBSCRIBE

Get the best of the ReversingLabs Blog delivered to your in-box weekly.