Blog | ReversingLabs | John P. Mello Jr. (7)

April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.

April 5, 2023

CISA Cybersecurity Performance Goals update: Key changes and additions

CISA has better aligned the CPGs with NIST's Cybersecurity Framework, and added software supply chain goals. Here's what to know — and key insights.

March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.

March 20, 2023

Application security practices are maturing — but it's a work in progress

While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.

March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.

February 21, 2023

OSC&R targets software supply chain attacks

Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.

February 13, 2023

Why knowing the "ground truth" is key to software security

Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.

January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks.

November 23, 2022

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

November 7, 2022

5 reasons why you need an SaaSBOM

Here's why your organization should consider a SaaSBOM, as well as the essential challenges facing their implementation.

October 25, 2022

The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security

Modern software supply chain security depends on getting your tools right, and focusing on the end-to-end software development lifecycle. Here's what you need to maintain your software development and release and stay secure.

October 24, 2022

SBOMs are critical to software supply chain security — but only the first step in your journey

SBOMs are key to software supply chain security. But they are also only the first step on your software supply chain journey. Here's what you need to know.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press