Blog | ReversingLabs | AppSec & Supply Chain Security (18)

March 13, 2023

Fixing secrets leaks requires holistic software and technology stack protection

CircleCI and other recent hacks show how vulnerable secrets are on the software supply chain. Here's why an end-to-end security approach is essential.

March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.

March 8, 2023

Why software transparency is critical: Understanding supply chain security in a software-driven society

Chris Hughes shares an overview of his co-authored upcoming book, “Software Transparency: Supply Chain Security in an Era of a Software-Driven Society.”

March 7, 2023

App sec is addicted to vulnerability reporting: Why supply chain security requires evolution

Here's what you need to know about app sec's addiction to vulnerabilities — and why application security needs to evolve to take on supply chain security.

March 7, 2023

White House cyber strategy: A love/hate story

The new National Cybersecurity Strategy will punish big software developers for failing to follow best practices. And, for the first time, make them liable.

March 1, 2023

3 reasons to upgrade your AppSec testing to tackle supply chain security

Modern software development practices are a primary target for software supply chain attacks. Here's why traditional application security tools alone are not enough to mitigate these new risks

February 28, 2023

SBOM Automation: The next big step in risk management

Why SBOM automation is the next big step in managing software supply chain risk.

February 27, 2023

Lessons learned from the CircleCI secrets breach

The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned.

February 23, 2023

Secrets Exposed: Why modern development, open source repos spill secrets en masse

The Circle CI breach and other hacks expose why the secrets problem is so prolific. Here's what you need to know about the state of secrets security.

February 23, 2023

How C-SCRM could fill the gaps on supply chain security

The new CISA office for Cyber Supply Chain Risk Management (C-SCRM) could make a difference with clear and consistent guidance for industry and government.