Blog | ReversingLabs | AppSec & Supply Chain Security (24)

August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.

August 18, 2022

6 reasons AppSec teams should shift gears and go beyond legacy vulnerabilities

The NVD represents a minority of software supply chain threats. With attacks surging, teams must shift from legacy vulnerabilities to focusing on malware.

August 12, 2022

NVD Analysis: Why you need to modernize your application security

The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.

August 11, 2022

The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022

Chris Krebs challenged Black Hat attendees to consider four factors that will determine cybersecurity's future: tech, bad actors, government, and people.

August 4, 2022

Buckle up for Black Hat 2022: Sessions your security team should not miss

Black Hat is set to return next week with two years of pent up cybersecurity research and discoveries. Here are the talks you don't want to miss.

August 3, 2022

Software supply chain security takes center stage at Black Hat 2022

Black Hat is best known for hardware and traditional software exploits, but this year it showcases more software supply chain security issues—marking the shift in the threat landscape.

August 2, 2022

OpenSSF's open source security mobilization initiative: Inside the 10-point action plan

Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.

July 21, 2022

The Week in Cybersecurity: SolarWinds attackers tap Google Drive, malware spreads via Play Store apps

The Week in Cybersecurity highlights: An APT group is using Dropbox and Google Drive to cover up attacks, and malware is spreading via Play Store apps.

July 19, 2022

CISA: Log4j threat will linger for years—so be prepared

A survey of the post-Log4j landscape found few successful hacks linked to it. The bad news? Log4Shell will linger for years — so you need to prepare.

June 29, 2022

SBOM Facts: Know what's in your software to fend off supply chain attacks

Not knowing what’s in your food can have consequences. The same is true for software. You need a software bill of materials (SBOM) to minimize risk.

June 23, 2022

ConversingLabs highlights: RSA Conference spotlights software supply chain, critical infrastructure risk

ConversingLabs invited Robert Martin of MITRE and Steve Lipner of Safecode, who spoke at RSAC, to discuss supply chain risk, software assurance and more.

June 14, 2022

5 CI/CD breaches analyzed: Why you need to update your software security

Omer Gil and Daniel Krivelevich outlined the top 10 CI/CD security risks at RSA Conference, analyzing five recent breaches. Here's what you need to know.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (24)

New malicious packages in PyPI: What it means for securing open source repositories

6 reasons AppSec teams should shift gears and go beyond legacy vulnerabilities

NVD Analysis: Why you need to modernize your application security

The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022

Buckle up for Black Hat 2022: Sessions your security team should not miss

Software supply chain security takes center stage at Black Hat 2022

OpenSSF's open source security mobilization initiative: Inside the 10-point action plan

The Week in Cybersecurity: SolarWinds attackers tap Google Drive, malware spreads via Play Store apps

CISA: Log4j threat will linger for years—so be prepared

SBOM Facts: Know what's in your software to fend off supply chain attacks

ConversingLabs highlights: RSA Conference spotlights software supply chain, critical infrastructure risk

5 CI/CD breaches analyzed: Why you need to update your software security

Topics

Special Reports

The State of Software Supply Chain Security

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (24)

Topics

Follow us

Subscribe

Special Reports