ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Overview
News
Currencies
International
Treasuries

ReversingLabs Data Mentioned by Gartner® in its Leader’s Guide to Software Supply Chain Security

By: via GlobeNewswire

CAMBRIDGE, Mass., July 09, 2024 (GLOBE NEWSWIRE) -- ReversingLabs (RL), the trusted name in file and software security, today announced it was mentioned in the Gartner report Leader’s Guide to Software Supply Chain Security. The new report outlines the three pillars of software supply chain security organizations should adopt to defend against the increase in software supply chain attacks and their associated costs. RL was also recently listed in the 2024 Gartner Hype Cyclefor Platform Engineering.

The Gartner Leader’s Guide to Software Supply Chain Security report posits that “software supply chain security can be viewed as a framework spanning three pillars: curation, creation, and consumption. By implementing such a framework, and supporting processes and tools, security and risk management leaders can ensure a coordinated response to the problem, minimize blind spots or gaps in protection, and reduce risk across the software development and consumption life cycle.”

The Gartner Report mentions ReversingLabs data when describing the creation pillar, which focuses on secure development and the protection of software artifacts and the development pipeline. The report states, “Artifacts (including open-source and commercial dependencies, SDKs, container images, and proprietary code) are imported into or created during the development process. Attacks based on the surreptitious introduction of malicious code into dependencies are increasingly common. Downloading and adding such a dependency enables activation of the malware, which can be passed through to downstream users, providing attackers with access to development resources or other adverse outcomes.” We believe analysis conducted by ReversingLabs and being included in the report, provides evidence of the increasing number of malicious components discovered in open-source dependencies.

Data is cited from RL’s State of Software Supply Chain Security report where the company reported a 1,300% increase in malicious open-source packages from 2020 to 2023, and an increase of 28% over 2022, when a little more than 8,700 malicious packages were detected.

The report also recommends that organizations purchasing software “implement active testing (binary analysis, penetration testing, etc.) for code, especially for sensitive or high-risk systems” as a part of the consumption pillar.

“The rise in software supply chain attacks and the growing associated costs and compliance implications underscore the need for increased transparency among and between software producers and enterprise software buyers,” said Mario Vuksan, CEO and co-founder, ReversingLabs. “More than ever, it’s critical that teams focused on developing and deploying software be able to verify open source, commercial and proprietary software components, identify threats including malware, tampering, secrets, and hardening, and assess and manage third-party and commercial software risk.”

Gartner, “Hype Cycle for Platform Engineering, 2024” Manjunath Bhat, Bill Blosen, 19 June 2024

Gartner, “Leader’s Guide to Software Supply Chain Security”, Dale Gardner, Manjunath Bhat, 20 June 2024

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Learn More about ReversingLabs
Click here to read the Gartner report “Leader’s Guide to Software Supply Chain Security.”

About ReversingLabs
ReversingLabs is the trusted name in file and software security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, RL Spectra Core powers software supply chain and file security insights, tracking over 40 billion searchable files daily with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.

Media Contact
Doug Fraim
Guyer Group
Doug@Guyergroup.com


Primary Logo

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.