A new malicious campaign has been found on the Python Package Index (PyPI) open-source repository involving 24 malicious packages that closely imitate three popular open-source tools: vConnector, eth-tester and databases.

This newly discovered "dual use" campaign enables software supply chain compromise as well as phishing.

Efforts to establish SBOM standards and guidance have progressed, but unanswered questions persist -- including how the federal government plans to enforce its own requirements.

DigiCert announced that it had partnered with ReversingLabs June 6 to enhance supply chain software security by combining ReversingLabs’ binary analysis and threat detection services with DigiCert’s secure code signing solution.

DigiCert today announced it has allied with ReversingLabs to integrate binary analysis and threat detection capabilities

As part of Solutions Review’s Expert Insights Series—a collection of contributed articles written by industry experts in enterprise software categories—Tomislav Peričin, the co-founder and Chief Software Architect at ReversingLabs, outlines some of the reasons software supply chain security is going “mainstream” in 2023.