The rise of software supply chain attacks, with SolarWinds SunBurst being the most notable, has elevated this issue with every board of directors for every company that’s producing or accepting software.
The strategic importance of addressing the security of software, the very code that controls our daily lives - our banking systems and ATMs, medical records, utilities and even our connected homes and cars - cannot be understated. The world moves at a faster pace each day. Which is why the software industry puts a significant amount of pressure on software development to keep up with these increasing demands. There’s a need to get product releases out the door quickly, and without compromising on the quality. Software security is an expectation, not a feature that can be pushed down on the roadmap.
Malicious actors have noticed this pressure as well. They are now actively targeting software developers and publishers, with a new level of sophistication and patience. Looking for weaknesses to exploit, subvert the established trust, and gain unauthorized access through an unchecked software supply chain.
In response, ReversingLabs is announcing the launch of its Managed Software Assurance Service to assist companies in mitigating against future software supply chain attacks. On the forefront of hunting down the source of the SunBurst supply chain breach, as well as sounding earlier alerts on Python, NPM and RubyGems supply chain attacks, ReversingLabs is offering new SDLC security solutions, and additional managed services to further assist organizations in their fight against supply chain attacks.
Introducing the ReversingLabs Managed Software Assurance Service
The service is built on the foundation of ReversingLabs Titanium Platform, and provides advanced analysis of software packages, interpretation and audit tracking. Leveraging a secure channel, developers, release engineers and IT operations upload software packages requiring analysis by ReversingLabs.
The ReversingLabs Managed Software Assurance Service delivers the following actionable analysis report:
And offers the following managed software assurance services:
- Deep inspection for malware presence through recursive package decomposition, extracting all possible components for advanced analysis
- Description of full software bill of materials, software quality metrics, vulnerability mitigation coverage assessment, malicious behavior and explainable insights tracked across software versions
- An audit report in both machine-readable and human-readable formatting for all embedded files
- Designated ReversingLabs research analyst to verify whether software is fit for its purpose and safe to put in production
This managed service will be offered as part of ReversingLabs limited early adopters program. Please register here to discuss the offering with a ReversingLabs account executive.