Blog | ReversingLabs | AppSec & Supply Chain Security (19)

February 14, 2023

Software composition analysis and the evolution of application security

Here are key takeaways from The Software Composition Analysis Landscape, Q1 2023 report — and how app sec is evolving to adapt to supply chain threats

February 14, 2023

SCA is good, but AppSec must evolve to tackle software supply chain security

Software teams are facing growing supply chain complexity and threats. Here's why SCA should evolve beyond open source licensing and vulnerabilities.

February 14, 2023

The SCA tools landscape and what it means to software supply chain security

Forrester's Software Composition Analysis report provides a competitive analysis of SCA tools. Here's how they deliver on software supply chain security.

February 13, 2023

The case for SBOM benchmarks: "Ground truth" is key

SBOMs help software teams protect their supply chains — but they can also create new challenges. Here's why standardization is needed.

February 9, 2023

Open-source repository malware sows Havoc

Aabquerys is a malicious npm package discovered typosquatting on a legitimate npm module that downloads malicious components, ReversingLabs discovered.

February 9, 2023

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

CISA is working to operationalize cyber supply chain risk management. Also: a GuLoader malware campaign is targeting the global e-commerce industry.

February 7, 2023

C-SCRM: We’re from the government — and we’re here to help with software supply chain security

A whole alphabet soup of agencies, offices and councils are springing up in D.C. and beyond. They’re trying to help us with the software supply chain security problem. It’s all about cybersecurity supply chain risk management, as the Washington wonks now insist on calling it. Beltway chatter is all C-SCRM this, guidance that and policy the other.