Blog | ReversingLabs | John P. Mello Jr. (7)

July 31, 2023

WormGPT: Business email compromise amplified by ChatGPT hack

Here's what researchers know about WormGPT — and what your team can do to fight back against this new AI-fueled threat.

July 12, 2023

CycloneDX 1.5: The next big step for SBOMs and software transparency

With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.

July 10, 2023

Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail

Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.

June 20, 2023

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

OWASP is expanding its Top 10 series with a list of Large Language Model (LLM) vulnerabilities. Here's what application security teams need to know.

June 8, 2023

The Gigabyte firmware backdoor: Lessons learned about supply chain security

Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.

May 30, 2023

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.

May 22, 2023

Too costly to fail — and about to get costlier: Why software security matters

Software supply chains attack costs could exceed $80.6B by 2026, a 76% increase over 2023 losses of $45.8B, research firm finds. Here's a full rundown.

May 9, 2023

SLSA 1.0 delivers build provenance: What application security teams need to know

OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.

April 27, 2023

CISA Secure by Design: 'It's a starting point, not an endpoint'

Here's what experts say about the CISA Secure by Design initiative's potential impact on software supply chain security — and security operations.

April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.