Blog | ReversingLabs (28)

February 28, 2023

SBOM Automation: The next big step in risk management

Why SBOM automation is the next big step in managing software supply chain risk.

February 27, 2023

Lessons learned from the CircleCI secrets breach

The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned.

February 23, 2023

Secrets Exposed: Why modern development, open source repos spill secrets en masse

The Circle CI breach and other hacks expose why the secrets problem is so prolific. Here's what you need to know about the state of secrets security.

February 23, 2023

How C-SCRM could fill the gaps on supply chain security

The new CISA office for Cyber Supply Chain Risk Management (C-SCRM) could make a difference with clear and consistent guidance for industry and government.

February 23, 2023

The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

A misconfiguration likely caused a U.S. government server to leak sensitive military emails, and a massive phishing spam campaign has taken over npm.

February 22, 2023

Developers beware: Imposter HTTP libraries lurk on PyPI

ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.

February 21, 2023

Core-JS: Beware hidden dependencies from indebted Russian developers

Denis Pushkarev has big debts — and his code is everywhere. The supply chain security alarm should be at DEFCON 2 by now. We sum it up at fast pace.

February 21, 2023

OSC&R targets software supply chain attacks

Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.

February 16, 2023

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

This week: Russian-linked PIPEDREAM malware targeted critical infrastructure. Also: 400 malicious packages found on PyPI demonstrates attacker prowess.

February 15, 2023

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development.

February 15, 2023

Less talk, more action: High hopes for CISA's new C-SCRM office

CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?

February 14, 2023

Software composition analysis and the evolution of application security

Here are key takeaways from The Software Composition Analysis Landscape, Q1 2023 report — and how app sec is evolving to adapt to supply chain threats

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

SBOM Automation: The next big step in risk management

Lessons learned from the CircleCI secrets breach

Secrets Exposed: Why modern development, open source repos spill secrets en masse

How C-SCRM could fill the gaps on supply chain security

The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

Developers beware: Imposter HTTP libraries lurk on PyPI

Core-JS: Beware hidden dependencies from indebted Russian developers

OSC&R targets software supply chain attacks

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Less talk, more action: High hopes for CISA's new C-SCRM office

Software composition analysis and the evolution of application security

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports