ReversingLabs Field CISO Matt Rose explains in this week's ReversingGlass episode the difference between application security hacks and software supply chain hacks.
Why are they different? And why do you need software supply chain security in addition to your application security testing (AST) and software composition analysis (SCA) tools?
Rose does a level-set, explaining that these solutions are important at finding specific lenses of risk, "whether that's a SAST solution in the AST umbrella or a malware identification, or a potential compromise of a secret in a software supply chain instance."
"So thinking about this, the biggest thing that I like to say is a hack is really going outside the bounds of the intended purpose of the application. It does what it's functionally supposed to do, but it does some other things too, some things that it's not intended to do."
—Matt Rose
As Rose notes, a lot of the time, these things are very hard to find given the very aggressive release cycles software teams are facing, as well as the complex nature of today's applications.
What better way to break down the difference between app sec hacks and supply chain hacks than using the ubiquitous SQL injection as an example? Here's this week's ReversingGlass, Application Hacks vs. Software Supply Chain Hacks:
![](https://play.vidyard.com/uTi9emYS1WFsvwyV2ZgVnT.jpg)
Keep learning
- Gartner is redefining software supply chain security, and calling on enterprises to make some big changes. Get the new Gartner Leader's Guide — and learn more in our Special Report.
- Learn about complex binary analysis and why it is critical to software supply chain security in our Special Report. Plus: Take a deep dive with RL's white paper.
- Commercial software risk is under-addressed. Get key insights with our Special Report, download the related white paper — and see our related Webinar for more insights.
- Understand key trends and get expert insights with our special report package: The State of Supply Chain Security (SSCS) 2024. Plus: Download the full State of SSCS report.
- Read about why you need to upgrade your AppSec tools for the SSCS era. Plus: Download and share our Definitive Guide to SSCS.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.