Blog | ReversingLabs | AppSec & Supply Chain Security (20)

April 4, 2023

Docker's BuildKit adds attestation: How it works and key limitations

Here's what you need to know about BuildKit, how to leverage its SBOM capabilities — and its limitations for comprehensive supply chain security.

March 30, 2023

Red flags flew over software supply chain-compromised 3CX update

The VOIP software vendor missed signs that its client software had been tampered with before it pushed the update to customers.

March 28, 2023

How bulk pull requests help scale open source bug fixes

Common flaws are duplicated all across the software supply chain. Here's how security researchers want to automate fixes.

March 27, 2023

VS Code hack shows how supply chain attacks can extend to other software development tools

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.

March 23, 2023

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

This week: NuGet is hit with a malicious typosquatting campaign. Also: A malicious ChatGPT Chrome extension is hijacking Facebook accounts.

March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.

March 21, 2023

How to mitigate secrets risk — and prevent future breaches

Leaks and exposures of sensitive information in open source and proprietary code repositories are approaching epidemic proportions.

March 20, 2023

Application security practices are maturing — but it's a work in progress

While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.

March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).

March 14, 2023

How hackers access secrets

Here’s how attackers are finding software development secrets buried in code repositories — and exploiting them.

March 14, 2023

Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

Development secrets are critical for complex software to work, but hard to manage. That's why we're unveiling features to spot secrets leaks and exposures.

March 13, 2023

When it comes to financial services, mind the gaps in your AppSec testing

Here's what you need to know about the limits of app sec testing, and why comprehensive software supply chain security is critical to mitigating risk.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (20)

Docker's BuildKit adds attestation: How it works and key limitations

Red flags flew over software supply chain-compromised 3CX update

How bulk pull requests help scale open source bug fixes

VS Code hack shows how supply chain attacks can extend to other software development tools

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

How to mitigate secrets risk — and prevent future breaches

Application security practices are maturing — but it's a work in progress

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

How hackers access secrets

Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

When it comes to financial services, mind the gaps in your AppSec testing

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (20)

Topics

Follow us

Subscribe

Special Reports