Blog | ReversingLabs | AppSec & Supply Chain Security (18)

March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.

March 21, 2023

Secrets Exposed: How to mitigate secrets risk — and prevent breaches

Leaks and exposures of sensitive information in open source and proprietary code repositories are approaching epidemic proportions.

March 20, 2023

Application security practices are maturing — but it's a work in progress

While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.

March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).

March 14, 2023

Secrets Exposed: How hackers are gaining access to software secrets

Here’s how attackers are finding software development secrets buried in code repositories — and exploiting them.

March 14, 2023

Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

Development secrets are critical for complex software to work, but hard to manage. That's why we're unveiling features to spot secrets leaks and exposures.

March 13, 2023

When it comes to financial services, mind the gaps in your AppSec testing

Here's what you need to know about the limits of app sec testing, and why comprehensive software supply chain security is critical to mitigating risk.

March 13, 2023

Fixing secrets leaks requires holistic software and technology stack protection

CircleCI and other recent hacks show how vulnerable secrets are on the software supply chain. Here's why an end-to-end security approach is essential.

March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.

March 8, 2023

Why software transparency is critical: Understanding supply chain security in a software-driven society

Chris Hughes shares an overview of his co-authored upcoming book, “Software Transparency: Supply Chain Security in an Era of a Software-Driven Society.”

March 7, 2023

App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

Here's what you need to know about app sec's addiction to vulnerabilities — and why application security needs to evolve to take on supply chain security.

March 7, 2023

White House cyber strategy: A love/hate story

The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (18)

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Secrets Exposed: How to mitigate secrets risk — and prevent breaches

Application security practices are maturing — but it's a work in progress

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

Secrets Exposed: How hackers are gaining access to software secrets

Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

When it comes to financial services, mind the gaps in your AppSec testing

Fixing secrets leaks requires holistic software and technology stack protection

PyPI repo poisoned with "Colour-Blind" RAT

Why software transparency is critical: Understanding supply chain security in a software-driven society

App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

White House cyber strategy: A love/hate story

Topics

Special Reports

The State of Software Supply Chain Security

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (18)

Topics

Follow us

Subscribe

Special Reports