ReversingLabs Data Mentioned by Gartner® in its Leader’s Guide to Software Supply Chain Security
July 09 2024 - 11:00AM
ReversingLabs (RL), the trusted name in file and software security,
today announced it was mentioned in the Gartner report Leader’s
Guide to Software Supply Chain Security. The new report outlines
the three pillars of software supply chain security organizations
should adopt to defend against the increase in software supply
chain attacks and their associated costs. RL was also recently
listed in the 2024 Gartner Hype Cycle™ for Platform Engineering.
The Gartner Leader’s Guide to Software Supply Chain Security
report posits that “software supply chain security can be viewed as
a framework spanning three pillars: curation, creation, and
consumption. By implementing such a framework, and supporting
processes and tools, security and risk management leaders can
ensure a coordinated response to the problem, minimize blind spots
or gaps in protection, and reduce risk across the software
development and consumption life cycle.”
The Gartner Report mentions ReversingLabs data when describing
the creation pillar, which focuses on secure development and the
protection of software artifacts and the development pipeline. The
report states, “Artifacts (including open-source and commercial
dependencies, SDKs, container images, and proprietary code) are
imported into or created during the development process. Attacks
based on the surreptitious introduction of malicious code into
dependencies are increasingly common. Downloading and adding such a
dependency enables activation of the malware, which can be passed
through to downstream users, providing attackers with access to
development resources or other adverse outcomes.” We believe
analysis conducted by ReversingLabs and being included in the
report, provides evidence of the increasing number of malicious
components discovered in open-source dependencies.
Data is cited from RL’s State of Software Supply Chain Security
report where the company reported a 1,300% increase in malicious
open-source packages from 2020 to 2023, and an increase of 28% over
2022, when a little more than 8,700 malicious packages were
detected.
The report also recommends that organizations purchasing
software “implement active testing (binary analysis, penetration
testing, etc.) for code, especially for sensitive or high-risk
systems” as a part of the consumption pillar.
“The rise in software supply chain attacks and the growing
associated costs and compliance implications underscore the need
for increased transparency among and between software producers and
enterprise software buyers,” said Mario Vuksan, CEO and co-founder,
ReversingLabs. “More than ever, it’s critical that teams focused on
developing and deploying software be able to verify open source,
commercial and proprietary software components, identify threats
including malware, tampering, secrets, and hardening, and assess
and manage third-party and commercial software risk.”
Gartner, “Hype Cycle for Platform Engineering, 2024” Manjunath
Bhat, Bill Blosen, 19 June 2024
Gartner, “Leader’s Guide to Software Supply Chain Security”,
Dale Gardner, Manjunath Bhat, 20 June 2024
GARTNER is a registered trademark and service mark of Gartner,
Inc. and/or its affiliates in the U.S. and internationally, and
HYPE CYCLE is a registered trademark of Gartner, Inc. and/or its
affiliates and are used herein with permission. All rights
reserved.
Gartner does not endorse any vendor, product or service depicted
in its research publications, and does not advise technology users
to select only those vendors with the highest ratings or other
designation. Gartner research publications consist of the opinions
of Gartner’s research organization and should not be construed as
statements of fact. Gartner disclaims all warranties, expressed or
implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
Learn More about ReversingLabs Click here to
read the Gartner report “Leader’s Guide to Software Supply Chain
Security.”
About ReversingLabsReversingLabs is the trusted
name in file and software security. We provide the modern
cybersecurity platform to verify and deliver safe binaries. Trusted
by the Fortune 500 and leading cybersecurity vendors, RL Spectra
Core powers software supply chain and file security insights,
tracking over 40 billion searchable files daily with the ability to
deconstruct full software binaries in seconds to minutes. Only
ReversingLabs provides that final exam to determine whether a
single file or full software binary presents a risk to your
organization and your customers.
Media ContactDoug FraimGuyer
GroupDoug@Guyergroup.com