SBOMS and threat modeling: Why continuous is key
In this episode, Matt Rose explains how a comprehensive SBOM can assist with the threat modeling of both existing and future software applications.
In this episode, Matt Rose explains how a comprehensive SBOM can assist with the threat modeling of both existing and future software applications.
In this episode, Matt Rose digs into the White House’s new executive order on AI, and what it means for software supply chain security.
In this episode, ReversingLabs Field CISO Matt Rose explains why it's key for teams to understand the process by which supply chain attacks happen — and the results of those attacks.
In this episode, Matt gives an overview of the National Institute for Standards and Technology (NIST)’s newest version of their Cybersecurity Framework (CSF). He points out what’s new in CSF 2.0, such as the addition of governance as a discipline, plus a greater focus on software supply chain security.
In this episode, Matt explains what the newest version of the Exploit Prediction Scoring System (EPSS) is, and how it compares to the Common Vulnerability Scoring System (CVSS) when it comes to minimizing alert fatigue — and prioritizing the highest-risk vulnerabilities.
In this week’s episode, we’re celebrating ReversingGlass’s first trip around the sun! In honor of the show’s birthday, Matt is looking for feedback and ideas from viewers on what kinds of episodes he should make for ReversingGlass’s second year. If there’s a topic you want Matt to do a glassboard on, please email him at matthew.rose@reversinglabs.com.
In this episode, Matt compares his recent move into his new home to software production, making a strong point that no matter how great your team and efforts are, mistakes are still inevitable in the build and release process.
In this episode of ReversingGlass, Matt makes the essential point that trust in your software supply chain is all or nothing. He explains that trusting anything less than 100% of the components in your software package will set your organization up for major risk. This is why trust in software supply chains needs to be complete, so that the risk of a software supply chain attack to your organization can be minimized.
In this episode, Matt explains why organizations need to strengthen their software supply chain security efforts immediately, given the increase in both the speed and complexity of development environments.