In this episode, Matt specifies what “good” software supply chain security (SSCS) looks like. By pointing out all of the pieces to the complex puzzle that is SSCS, Matt showcases that you need an SSCS solution that is comprehensive enough to cover all of these parts, but is smart enough to best serve busy development and SOC teams.
In this episode of ReversingGlass, Matt visually explains the components and processes of a software supply chain, from the development process all the way to the continuous delivery of a software package. He then points out the various opportunities attackers can take to compromise a supply chain.
In this week’s ReversingGlass episode, Matt explores the history of application security — and why software supply chain security is where app sec is now, driven by the speed and complexity of modern software development.
In this episode, Matt shares why CISA's new Cyber Supply Chain Risk Management (C-SCRM) office — which will help to operationalize both industry and government efforts on software supply chain security — is key to maturity.
In this episode, Matt draws a visual comparison of ReversingLabs and VirusTotal by assessing the services’ capabilities, such as primary malware research, verified file classification, and more.
In this lesson, Matt refers to The Software Composition Analysis Landscape, Q1 2023 report from Forrester and makes the point that Software Composition Analysis does not equal Software Supply Chain Security.
In this lesson, Matt dives into typosquatting, an attack in which malicious actors will copy and slightly misspell the names of legitimate software packages. As a result of the speed of DevOps and human error, these typosquatted packages get downloaded, causing software supply chain attacks.
In this episode, Matt defines what secrets are, such as API keys, database passwords, encryption keys, and more. He explains that hackers target them in order to gain access to an application, causing a security breach such as with CircleCI recently.
In this lesson, Matt explains why it is essential to integrate automatic software supply chain security scanning into the traditional DevOps process.
In this episode, Matt breaks down the recent CircleCI hack by visualizing the integrated development environment (IDE) process. In doing so, he points out that not only does source code need to be secure, but also the development process itself in order to prevent incidents like the CircleCI secrets hack.
Learn more about how ReversingLabs can help your company reduce attack surface risks with deep software and file threat analysis to speed release and response.
