Software Supply Chain Security (2)

May 10, 2023

What’s behind SBOM skepticism? One word: Fear

In this ConversingLabs talk, Josh Corman, founder of I Am The Cavalry, explains what’s behind industry skepticism around software bills of materials.
May 9, 2023

SLSA 1.0 delivers build provenance: What application security teams need to know

OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.
May 8, 2023

Modernize your SOC with advanced malware analysis, real supply chain security — and best practices

Today's SOCs need the right tools for malware and supply chain security. Here's why — and best practices for a modern SOC.
May 4, 2023

The Week in Security: SolarWinds hack set off alarms for months before discovery

The DOJ detected the SolarWinds Orion breach six months prior to public disclosure. Also: anxiety, fear, depression - the life of a ransomware criminal.
May 3, 2023

SolarWinds hack: Did DOJ know 6 months earlier?

The Department of Justice is reported to have stayed on the down-low on SolarWinds. Poster child for software supply chain security? The plot thickens...
May 2, 2023

How to operationalize SBOMs for incident response

Learn why Software Bills of Materials are essential for cybersecurity incident response — and how to put them to work.
May 1, 2023

RSAC in review: Supply chain security, cyber war and AI

The stakes were raised at RSAC 2023: A “hot” cyber war in Ukraine, supply chain attacks on the rise — and let's not forget about artificial intelligence.
April 27, 2023

The rise of malware in the software supply chain – and what to do about it

Charlie Jones of ReversingLabs explains risk with supply chain attacks — and what development teams can do to spot malware lurking in signed code.
April 27, 2023

CISA's Secure by Design for software development: 'It's a starting point, not an endpoint'

Here's what experts say about the CISA Secure by Design initiative's potential impact on software supply chain security — and security operations. 
April 26, 2023

#RSAC is big again — and AI + security is huge: #StrongerTogether?

RSA Conference is back big in 2023, with large language models buzzing: Al to fight AI, and generative AI and supply chain security.
April 24, 2023

Package names repurposed to push malware on PyPI

What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
April 24, 2023

What traditional app sec tools miss: The monsters in your software supply chain

Matt Rose will present at RSAC 2023 on the mismatch between traditional app sec tools like SCA and modern supply chain threats. Here are key highlights.

SUBSCRIBE

Get the Best of the ReversingLabs newsletter delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs Cafe: Chris Romeo on the state of application security ConversingLabs Cafe: Chris Romeo on the state of application security
Conversations About Threat Hunting and Software Supply Chain Security
Behaviors & Diffs: Better Together for Software Supply Chain Security Behaviors & Diffs: Better Together for Software Supply Chain Security
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Deconstructing UPS Ship Manager Software Package Deconstruction: Deconstructing UPS Ship Manager
Analyzing Risks To Your Software Supply Chain