Software supply chain threats driving rapid innovation in malicious package detection and SBOMs
CAMBRIDGE, MASS., February 15, 2023 - ReversingLabs, the leader in software supply chain security, today announced its inclusion in the Forrester report, The Software Composition Analysis Landscape, Q1 2023. ReversingLabs is included among a group of 23 large, medium, and small Software Composition Analysis (SCA) vendors, along with key details on each company’s geographic and industry focus and offering type.
According to the Landscape, security, and app dev leaders should pay attention to the following market dynamics. "Software supply chain security and selecting healthy and secure open source libraries require new capabilities. Healthy open source libraries do not need to rely on security scores alone. Other risk-score-based factors about the project, author, and contributors are also useful. Currently, the set of factors used to determine health varies but will evolve as more research is done in the industry. Additionally, SCA vendors will add software supply chain capabilities such as malicious package detection, SBOM ingestion and sharing, and pipeline composition analysis. Evaluate startups that focus on a particular use case that is underserved and marketed as software supply chain security tools, but beware of lack of breadth and depth."
The Software Composition Analysis Landscape, Q1 2023 identifies six extended use cases by vendor for this market: open source component health and package integrity, policy management, remediation, reporting and analytics, and container, serverless and IaC scanning, and security developer education.
“Forrester’s SCA Landscape report helps security and application development leaders understand the value they can expect from a software composition analysis vendor and equips them with insights necessary to select a tool that best meets their needs,” said Mario Vuksan, CEO of ReversingLabs. “When it comes to software supply chain threats, SCA is a great foundational building block, which can address open source vulnerabilities and compliance issues. But as we see these attacks become increasingly more sophisticated and software packages increasing in complexity prior to release, companies will require more expansive software supply chain security capabilities that include malware, tampering, secrets exposures, and malicious behavior detection through binary analysis that can all be packaged in a more advanced SBOM capable of effectively mitigating these threats.”
The ReversingLabs Software Supply Chain Security platform uses proprietary binary analysis to scan large complex software builds, binaries, release packages, and containers for malware, software tampering, and other software supply chain threats, deployment, or compliance risks. Every scan generates an analysis report offered through a portal or CLI detailing the software’s composition, risk levels, prioritization and remediation details, and the ability to drill down into detailed findings. This enables software development teams to securely release, procurement to confidently purchase, IT to monitor automatic update issues, and the SOC to effectively hunt and respond.
The ReversingLabs Software Supply Chain Security platform also delivers an advanced SBOM. Given ReversingLabs ability to break down large complex software packages it is able to generate the most comprehensive SBOM in the industry. This provides the enterprise with an end-to-end view of all software components and dependencies to ensure governance of software risk standards across the organization.
For more information about ReversingLabs, and the ReversingLabs Software Supply Chain Security platform, visit https://www.reversinglabs.com.
To view the Forrester Q1 2023 Software Composition Analysis Landscape, learn more about SCA tools and how app sec is evolving to tackle supply chain security, click here.
ReversingLabs empowers modern software development, application security and security operations center teams to protect their software releases and organizations from sophisticated software supply chain security attacks, malware, ransomware, and other threats.
The ReversingLabs Titanium Platform analyzes any file, binary, or software, including those that evade traditional security solutions. It's a hybrid-cloud, privacy centric platform that unifies Dev, IT, Risk and SOC teams with transparent risk and threat analysis, arming developers, DevSecOps, third party risk management, SOC analysts and threat hunters to confidently release and respond to software tampering and security incidents.
ReversingLabs data is used by more than 65 of the world's most advanced security vendors and their tens of thousands of security professionals. ReversingLabs enterprise customers span all industries, leveraging integrations with popular DevSecOps and SOC platforms that enable teams to access the analysis they need to make quick security verdicts, eliminate threats, and release software with confidence.
ReversingLabs Guyer Group – Doug Fraim