Blog | ReversingLabs | John P. Mello Jr. (4)

May 21, 2024

Will CISA's Secure by Design pledge be a catalyst for better software security?

The push to take the Secure by Design pledge depends on peer pressure. With support from more than 60 companies, however, CISA hopes the industry will follow the leaders.

May 16, 2024

When it comes to threat modeling, not all threats are created equal

With inherent threats, which are core to the system being modeled, protective measures cannot be perfect or complete. Here's how to best manage that.

May 8, 2024

CI/CD pipelines and the cloud: Are your development secrets at risk?

Combined with cloud service providers' CLIs, continuous delivery/continuous integration can pose a threat. Here's why — and how to keep a lid on secrets.

April 18, 2024

OWASP looks to future-proof software bills of materials with CycloneDX 1.6

The foundation is upgrading the standard for the quantum era, adding ML-readable attestation and more. Here's how it boosts software supply chain security.

April 16, 2024

OWASP's LLM AI Security & Governance Checklist: 13 action items for your team

The new checklist is organized into 13 areas of analysis. Here's what your security team needs to know about the most important points from each.

April 10, 2024

The state of secrets security: 7 action items for better managing risk

The Circle CI breach made secrets security front of mind. Now AI and low-code are introducing more risk. Here are key takeaways for managing secrets risk.

March 21, 2024

Memory-safe languages and security by design: Key insights, lessons learned

Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.

March 13, 2024

Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1

Here's a rundown of the top cybersecurity trends of this year — and what your team needs to know about them. AI, for one, has pros and cons for security.

March 6, 2024

NIST CSF 2.0: Better risk management for the new era of supply chain security

NIST's Cybersecurity Framework 2.0 has been released, complete with a new focus on software supply chain security. Here are key takeaways for your team.

March 5, 2024

NIST updates supply chain guidance: 3 ways to pump up your CI/CD security

The National Institute of Standards and Technology has beefed up its guidelines for securing CI/CD environments. Are you ready to bulk up your program?

February 29, 2024

All SBOMs are not created equal: What's required for them to be effective

Here are key challenges with SBOMs, how tools affect their usefulness — and what it will take to make them effective at software supply chain security.

February 27, 2024

Lessons in threat modeling: How attack trees can deliver AppSec by design

Here's what development and application security teams need to know about using attack trees in tandem with threat modeling to lock down their software.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Will CISA's Secure by Design pledge be a catalyst for better software security?

When it comes to threat modeling, not all threats are created equal

CI/CD pipelines and the cloud: Are your development secrets at risk?

OWASP looks to future-proof software bills of materials with CycloneDX 1.6

OWASP's LLM AI Security & Governance Checklist: 13 action items for your team

The state of secrets security: 7 action items for better managing risk

Memory-safe languages and security by design: Key insights, lessons learned

Gartner outlines top cybersecurity trends — and (spoiler alert) AI is No. 1

NIST CSF 2.0: Better risk management for the new era of supply chain security

NIST updates supply chain guidance: 3 ways to pump up your CI/CD security

All SBOMs are not created equal: What's required for them to be effective

Lessons in threat modeling: How attack trees can deliver AppSec by design

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports