Blog | ReversingLabs | AppSec & Supply Chain Security (8)

May 16, 2024

When it comes to threat modeling, not all threats are created equal

With inherent threats, which are core to the system being modeled, protective measures cannot be perfect or complete. Here's how to best manage that.

May 15, 2024

CISA's 'vulnrichment' aims to fix the NVD

The new program, which follows NIST's slowdown on the NVD, will enrich CVEs with contextual data for better vulnerability management.

May 14, 2024

What you missed at RSA Conference 2024: Key trends and takeaways

Missed RSAC 2024? Here are the highlights from last week’s mother-of-all cybersecurity shows that practitioners and leaders should know.

May 2, 2024

Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic

The new Data Breach Investigations Report sounds the alarm over software supply chain security — and calls for higher standards for development organizations.

May 1, 2024

What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss

Software supply chain security (SSCS) remains one of the most popular talk tracks at RSA Conference. Here are the sessions that look most interesting.

April 30, 2024

Introducing the Unified RL Spectra Suite

RL announced the Spectra Advanced File Analysis and Malware Detection suite, a strategic update of our malware analysis and threat hunting solutions for advanced file analysis and threat detection. Here’s what you need to know.

April 25, 2024

How NIST and C-SCRM help manage software supply chain risk

Cybersecurity Framework 2.0 includes measures for C-SCRM, a NIST office that aims to improve software risk management. Get key insights from our Webinar.

April 23, 2024

NVD delays highlight vulnerability management woes: Put malware first

Here's what changes to the National Vulnerability Database mean for vulnerability management — and why you should instead focus on malware and tampering.

April 18, 2024

OWASP looks to future-proof software bills of materials with CycloneDX 1.6

The foundation is upgrading the standard for the quantum era, adding ML-readable attestation and more. Here's how it boosts software supply chain security.