ReversingGlass Key concepts in AppSec and Software Supply Chain Security Explained

In this episode of ReversingGlass, Matt stresses the importance of not only finding secrets in software, but also identifying them so that development teams can efficiently mitigate potentially threatening secrets leaks.

In this episode of ReversingGlass, Matt reviews the new report from ReversingLabs, The State of Software Supply Chain Security 2024, and highlights some of the key takeaways. In short: It's a big deal.

In this episode of ReversingGlass, Matt digs into Section 4.3.2 of the Enduring Security Framework working group's latest supply chain security guidance to highlight key recommendations for complex binary analysis and reproducible builds.

In this episode of ReversingGlass, Matt Rose compares comprehensive software supply chain security to Russian Matryoshka dolls to showcase the several layers within software that need to be tested for malicious and vulnerable components.  

In this episode, Matt Rose explains how a comprehensive SBOM can assist with the threat modeling of both existing and future software applications.

In this episode, Matt Rose digs into the White House’s new executive order on AI, and what it means for software supply chain security.

In this episode, ReversingLabs Field CISO Matt Rose explains why it's key for teams to understand the process by which supply chain attacks happen — and the results of those attacks.

In this episode, Matt gives an overview of the National Institute for Standards and Technology (NIST)’s newest version of their Cybersecurity Framework (CSF). He points out what’s new in CSF 2.0, such as the addition of governance as a discipline, plus a greater focus on software supply chain security. 

In this episode, Matt explains what the newest version of the Exploit Prediction Scoring System (EPSS) is, and how it compares to the Common Vulnerability Scoring System (CVSS) when it comes to minimizing alert fatigue — and prioritizing the highest-risk vulnerabilities.