Who is ReversingLabs?
In this episode, Matt answers a simple yet important question: Who is ReversingLabs? Matt does this by recalling the company’s history, dating back to 2009, which began with ReversingLabs hosting the world’s largest reputational database for malware. He then details ReversingLabs’ growth into a leading provider of software supply chain security.
Keep learning
• More RG: Supply Chain in Art and Life
• Blog: RSAC 23: Supply Chain and AI
• Special: The State of Supply Chain Security
Episode Transcript
MATT ROSE: Hi everyone. My name is Matt Rose Field CISO at ReversingLabs. I wanted to have a little conversation about who is ReversingLabs, as you can see by the title of this session here. So a lot of people ask about, who's ReversingLabs? I hear you're talking, you're a lot about software supply chain security and SBOM but a lot of people don't realize that they've probably been reusing ReversingLabs on the back end of some other major software vendors in the security space for years.
So I'll give an overview of what ReversingLabs is, who we are and what we do for our customers and the industry as a whole. So thinking back I'll get my pen out here. Around the 2009 timeframe, ReversingLabs came into existence. It came into existence as a reputational database for malware.
So this thing's been growing for years, since 2009. It is currently the largest private repo reputational database of malware in the world. And in the early days of the company, there wasn't really a selling to customers with this reputational database, but it was used for a feed, for probably a security product you've used.
There's just so many software vendors that use our reputational feed for the database to be enhanced their product, to make their product better with the capabilities in our database. Then we moved through the timeframe and we decided to help the SOC analyst and the malware analysis and threat hunting individuals with a UI on top of that database to proactively research potential malware threats, to respond to incidents, to sandbox and detonate malware to see how it works. And that was when we came out with a platform called the A1000.
The A1000 was a UI on top of the database that gave that the malware analysis, threat hunting activities for the SOC analyst the capabilities. Now, here's where the interesting stuff happened.
If you haven't heard about a little software supply chain security attack of a few years ago, which was [00:02:00] SolarWinds, and I'll just use "SW" as the example here. SolarWinds was the first kind of blue chip new frontier of software supply chain. Based on ReversingLab's capability to look and detonate and research malware, we wrote a blog about how the SolarWinds attack happened based on our own research. This blog was basically picked up by a lot of press. It was picked up even by the individuals at SolarWinds. So it started this new kind of identity for the company, which is software supply chain security, or SSCS.
Field CISO at ReversingLabs. Matt Rose has an extensive background in application security, object-oriented programming, multi-tier architecture design and implementation, and internet/intranet development. His areas of expertise include Application Security, SAST, DAST, IAST, SCA, DevSecOps, and Threat Modeling. Matt is an accomplished public speaker and has been quoted in 50+ AST industry media publications.



