RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Mario Vuksan

Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

SSCS is a footnote that grew up, moved out, and got its own report. 

Read More about Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsBlack Hat 2026
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
AppSec & Supply Chain SecurityAugust 11, 2022

The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022

There are many problems facing the cybersecurity community today, and they will only get worse before they get better. Despite this bleak view, former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs reminded the audience at Black Hat USA 2022 to place their hope in people to have a more secure future.

smiling woman with glasses
Carolynn van Arsdale, Writer, ReversingLabs.Carolynn van Arsdale
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022

The cybersecurity industry has a problem: In 2021, there were 3.5 million cybersecurity positions left unfilled, and it’s expected that in 2025, there will still be 3.5 million job openings in the industry. This worrisome gap isn’t new. In 2013, there were 1 million open cybersecurity positions. For an industry that is considered durable, well-paid and vital to national security, cybersecurity’s future is looking bleak.

Juxtapose the workforce shortage with an equally concerning problem: the lack of technology-centered education in the United States K-12 system. The 2020 State of Computer Science report, for example, found that only 47% of high schools in the U.S. teach computer science. Going deeper, access to computer science education is lowest for students from marginalized backgrounds, and the actual participation levels in these programs varies. This weakens the younger generation’s ability to aid us in the fight to secure technology.

These people-centric problems impacting cybersecurity are just pieces of the puzzle for why the industry’s future looks so worrisome. Put simply by Krebs during his keynote speech at Black Hat on Wednesday:

Things are going to get worse before they get better.

Chris Krebs

As he reflected on what the future holds for the cybersecurity community, Krebs argued the community needs to analyze these four factors to answer the question of where this industry is going: technology, bad actors, government, and people. He stressed that looking at the past, present and future of these factors can teach key the security community how to reorient their goals in order to prepare for a more secure future.

Here's a breakdown of Krebs' key points.

Technology's part in the problem

Krebs argued that up to this point, we have made the entirety of technology more complex and intertwined than ever before. Looking just five years down the line, more and more objects in our daily lives will become connected to the internet, increasing the threat surface for our adversaries.

If we have any hope in making technology more secure in the future, Krebs believes that any company or organization having some stake in the internet or in software, is undeniably connected to the fate of national security. Therefore, making things better in the future means holding people accountable to better secure the technology we are serving.

Bad actors target the low hanging fruit: the software supply chain

Bad actors impacting the fate of cybersecurity is obvious according to Krebs: “They target the software supply chain because that’s where the access is,” and access for these cybercriminals is where the money is.

Krebs also noted that cybercrime will only get worse, since these criminal organizations are only becoming more complex, and are advancing at a similar pace to technology in general. If the cybersecurity industry does not keep up technologically with these criminals, and we neglect to hold them accountable, the future possibilities for cybercrime will be endless.

Government has a key role to play, but needs to step up

Krebs, being a former high-ranking government official, understands that government is a key factor in determining the state of cybersecurity. He feels that government (localized to the U.S.) “has to clean up its own act,” which means reorganizing the various factions within our bureaucracy to make it more approachable and efficient. Also, Krebs doesn’t see current government regulations giving the outcomes that we need in order to aid the industry.

Government doing better means making “the front door clearly visible” for private-public partnerships, said Krebs. He also feels that government will have to make regulations based on outcomes, rather than on checklists. Taking a hard look at the way our government is organized, and optimizing it to combat the problems our industry is facing, will provide the most hope for the future of cybersecurity.

The people problem — and the hope

People in general play a large role in the state of cybersecurity. Krebs already reminded the audience about worrisome labor shortages and lack of technology-centric education. But looking to the future, he has more hope in people than he does in any of the other factors mentioned. A new generation of smarter, increasingly technology-native minds are stepping into this industry when it needs them the most. Krebs argued that a savvier, quicker to problem-solve workforce is exactly what the future of cybersecurity needs.

The cybersecurity community must go all-in

But it can’t just be left off to the younger generation to tackle the future problems cybersecurity will face. Krebs stressed that it’s going to take the security community as a whole to step up as leaders in reorienting cybersecurity’s path forward. Above all else, Krebs believes that it is the people who drive solid principles, establish key partnerships, make thoughtful plans, and engage with our public that bring hope to the future of cybersecurity.

Featured image source: Bree J. Fowler

Keep learning

  • Learn how Gartner® named RL a supply chain security 'visionary.' Download: Gartner® Magic Quadrant™ for Software Supply Chain Security.
  • Get key insights into why Gartner® identified binary analysis as a must-have control in its recent CISO Playbook for Commercial Software Supply Chain Security.
  • Get up to speed on the Agentic Development Security tools landscape in this webinar with Forrester Sr. Analyst Janet Worthington.
  • Take a deep dive on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar discussing the findings.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Plus: Join the free Spectra Assure Community today to get hands-on with RL's binary analysis-based software supply chain security platform.

Tags:AppSec & Supply Chain Security

More Blog Posts

5 takeaways

2026 Gartner® Magic Quadrant™ for Software Supply Chain Security: 5 takeaways

The Magic Quadrant™ for Software Supply Chain Security is a 45-minute read. Here's what we feel security leaders need to pull from it.

Learn More about 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security: 5 takeaways
2026 Gartner® Magic Quadrant™ for Software Supply Chain Security: 5 takeaways
OSS security

Should frontier AI firms fund OSS ecosystem security?

With a ‘vulnpocalypse’ expected, AppSec leaders are calling for the companies to invest in a Great Refactor Fund to secure open source.

Learn More about Should frontier AI firms fund OSS ecosystem security?
Should frontier AI firms fund OSS ecosystem security?
Agentic AI architecture

Agentic AI risk isn't a model problem. It's an architecture problem.

Agentic AI is moving the perimeter from components to data — and most strategies aren't built for that.

Learn More about Agentic AI risk isn't a model problem. It's an architecture problem.
Agentic AI risk isn't a model problem. It's an architecture problem.
AI coding agents

The race to secure AI coding: 4 steps to rein agents in

Coding agents are privileged insiders — with keys to CI/CD pipelines even as they give rise to ‘slopsquatting.’ Here’s how to govern them.

Learn More about The race to secure AI coding: 4 steps to rein agents in
The race to secure AI coding: 4 steps to rein agents in

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top