Blog | ReversingLabs | John P. Mello Jr. (6)

July 10, 2023

Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail

Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.

June 20, 2023

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

OWASP is expanding its Top 10 series with a list of Large Language Model (LLM) vulnerabilities. Here's what application security teams need to know.

June 8, 2023

The Gigabyte firmware backdoor: Lessons learned about supply chain security

Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.

May 30, 2023

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.

May 22, 2023

Software supply chain security: Too costly to fail — and about to get costlier

Software supply chains attack costs could exceed $80.6B by 2026, a 76% increase over 2023 losses of $45.8B, research firm finds. Here's a full rundown.

May 9, 2023

SLSA 1.0 delivers build provenance: What application security teams need to know

OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.

April 27, 2023

CISA Secure by Design: 'It's a starting point, not an endpoint'

Here's what experts say about the CISA Secure by Design initiative's potential impact on software supply chain security — and security operations.

April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.