In this lesson, Matt dives into typosquatting, an attack in which malicious actors will copy and slightly misspell the names of legitimate software packages. As a result of the speed of DevOps and human error, these typosquatted packages get downloaded, causing software supply chain attacks.
In this episode, Matt defines what secrets are, such as API keys, database passwords, encryption keys, and more. He explains that hackers target them in order to gain access to an application, causing a security breach such as with CircleCI recently.
In this lesson, Matt explains why it is essential to integrate automatic software supply chain security scanning into the traditional DevOps process.
In this episode, Matt breaks down the recent CircleCI hack by visualizing the integrated development environment (IDE) process. In doing so, he points out that not only does source code need to be secure, but also the development process itself in order to prevent incidents like the CircleCI secrets hack.
A Software Bill of Materials (SBOM) is a great first step in an organization's software supply chain security journey. But, as Matt explains in this episode of ReversingGlass, organizations need to go beyond using just the SBOM to have a robust secure software program.
In this ReversingGlass, Matt Rose gives an overview of the U.S. Executive Order 14028 and Memorandum M-22-18, which now mandate that any software provider in business with the Federal Government self-attest to having secure software. Matt explains that starting with a comprehensive Software Bill of Materials (SBOM) is the best way to do this.
Learn more about how ReversingLabs can help your company reduce attack surface risks with deep software and file threat analysis to speed release and response.
