Blog | ReversingLabs (6)

The Polyfill.io vulnerability: Software supply chain attack lessons

June 28, 2024

The Polyfill.io vulnerability: Software supply chain attack lessons

The compromise of the widely used Pollyfill.io CDN contains important lessons for organizations on trust.

OASIS Open's push for a software supply chain standard: All together now?

June 27, 2024

OASIS Open's push for a software supply chain standard: All together now?

The aim is to build a unifying framework for existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. Experts weigh in with key insights.

Malicious npm package targets AWS users

June 26, 2024

Malicious npm package targets AWS users

The package's history is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.

New Portal Helps Devs Spot Malicious Open Source Packages

June 26, 2024

New Portal Helps Devs Spot Malicious Open Source Packages

RL's Spectra Assure Community offers free comprehensive risk assessment of more than 5 million npm, PyPi, and RubyGems packages.

How platform engineering helps you get a good start on Secure by Design

June 25, 2024

How platform engineering helps you get a good start on Secure by Design

Self-service portals for developers can help organizations overcome challenges to getting off and running with CISA's software security initiative.

The Power of Complex Binary Analysis

June 25, 2024

The Power of Complex Binary Analysis

RL Spectra Assure’s complex binary static analysis delivers critical visibility into software to flag malware and threats, closing the supply chain security gap.

How to secure mergers & acquisitions from software supply chain attacks

June 20, 2024

How to secure mergers & acquisitions from software supply chain attacks

When engaging in M&A, acquiring firms often inherit a software stack that presents security concerns. Here’s how you can effectively manage these risks.

Top cybersecurity Substacks to follow

June 18, 2024

Top cybersecurity Substacks to follow

Get up to speed on the state of security operations and related cybersecurity practices by subscribing to these 10 expert-curated Substacks.

Why malware matters most: 6 ways to foil software threats faster

June 12, 2024

Why malware matters most: 6 ways to foil software threats faster

Making malware enemy No. 1 should be a top priority for AppSec teams. Here's why you need to shift your team's focus from vulnerabilities to malware.

Verizon DBIR 2024: The rise in software supply chain attacks explained

June 11, 2024

Verizon DBIR 2024: The rise in software supply chain attacks explained

Verizon's DBIR marked a dramatic shift in threats. Learn about it from Verizon — and how to get ahead of software supply chain risk — in the Webinar.

How to assess and manage commercial software risk

June 10, 2024

How to assess and manage commercial software risk

Major attacks show that commercial software is the principal attack surface. Here’s why – and how your team can mitigate its risks.

Listen up: 10 cybersecurity podcasts you can learn from

June 6, 2024

Listen up: 10 cybersecurity podcasts you can learn from

Get up to speed on all things cybersecurity by subscribing to these knowledge-dropping podcasts. You're welcome.

‹ previous next ›