ReversingLabs Field CISO Matt Rose explains in this week's ReversingGlass episode the difference between application security hacks and software supply chain hacks.
Why are they different? And why do you need software supply chain security in addition to your application security testing (AST) and software composition analysis (SCA) tools?
Rose does a level-set, explaining that these solutions are important at finding specific lenses of risk, "whether that's a SAST solution in the AST umbrella or a malware identification, or a potential compromise of a secret in a software supply chain instance."
"So thinking about this, the biggest thing that I like to say is a hack is really going outside the bounds of the intended purpose of the application. It does what it's functionally supposed to do, but it does some other things too, some things that it's not intended to do."
—Matt Rose
As Rose notes, a lot of the time, these things are very hard to find given the very aggressive release cycles software teams are facing, as well as the complex nature of today's applications.
What better way to break down the difference between app sec hacks and supply chain hacks than using the ubiquitous SQL injection as an example? Here's this week's ReversingGlass, Application Hacks vs. Software Supply Chain Hacks:

Learn about ReversingLabs Software Supply Chain Security, see the three-minute demo — and start a free trial. Who is ReversingLabs? Matt Rose explains.
Keep learning
- Join Webinar: Threat Modeling & Software Supply Chain Security
- Supply Chain Risk Report: Learn why you need to upgrade your app sec
- See Special Report: The Evolution of Application Security
- Track key trends: The State of Supply Chain Security 2022-23
- Get report: Supply chain and the SOC: Why end-to-end security is key