The rise of software supply chain attacks, with SolarWinds SunBurst being the most notable, has elevated this issue with every board of directors for every company that’s producing or accepting software.
The strategic importance of addressing the security of software, the very code that controls our daily lives - our banking systems and ATMs, medical records, utilities and even our connected homes and cars - cannot be understated. The world moves at a faster pace each day. Which is why the software industry puts a significant amount of pressure on software development to keep up with these increasing demands. There’s a need to get product releases out the door quickly, and without compromising on the quality. Software security is an expectation, not a feature that can be pushed down on the roadmap.
Malicious actors have noticed this pressure as well. They are now actively targeting software developers and publishers, with a new level of sophistication and patience. Looking for weaknesses to exploit, subvert the established trust, and gain unauthorized access through an unchecked software supply chain.
In response, ReversingLabs is announcing the launch of its Managed Software Assurance Service to assist companies in mitigating against future software supply chain attacks. On the forefront of hunting down the source of the SunBurst supply chain breach, as well as sounding earlier alerts on Python, NPM and RubyGems supply chain attacks, ReversingLabs is offering new SDLC security solutions, and additional managed services to further assist organizations in their fight against supply chain attacks.
Introducing the ReversingLabs Managed Software Assurance Service
The service is built on the foundation of ReversingLabs Titanium Platform, and provides advanced analysis of software packages, interpretation and audit tracking. Application security teams, developers, or release engineers upload software packages requiring analysis by ReversingLabs leveraging a secure channel. The resulting report (see Figure 1) enables you to understand software quality at a glance with an overview dashboard.
Figure 1: Sample report overview.
Fully interactive sample reports are available at https://www.secure.software/
The report tabs deliver additional insights needed to improve and assure the software package behaves in a trustworthy manner, such as:
- Description of full software bill of materials extracted with recursive package decomposition
- Components are verified if they are found in our file reputation dbs or trusted repositories
- Have correct version information, and have no malware
- Software quality issues, malware threats, vulnerability mitigation coverage, data protection issues, and malicious behavior uncovered by deep inspection and advanced analysis
- An audit report with explainable insights in both machine-readable and human-readable formatting for all embedded files
This managed service also includes a review session with one of ReversingLabs research analysts to help teams:
- Understand the reported results
- Obtain guidance on remediating software supply chain issues
- Prioritize and monitor remediation efforts
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.