Highlights:
- The new features increase the coverage of secrets detection by giving teams the context and openness required to organize developers’ corrective actions.
- More than 250 different secret kinds, including private keys, version control, certificates, tokens, and more, can be detected by the ReversingLabs Software Supply Chain Security solution right out of the box.
New features for secrets detection have been added to the Software Supply Chain Security platform by startup ReversingLabs Inc.
The new features increase the coverage of secrets detection by giving teams the context and transparency required to organize developers’ corrective actions. By doing this, manual triage fatigue is decreased and security measures for stopping leaks are improved.
The platform created by ReversingLabs tackles the problem of complex software having parts that depend on secrets used as application programming interface tokens, encryption keys, and login credentials. Secrets are necessary for the software to operate, but managing them across all the code’s components, the phases of the continuous integration and delivery process (CI/CD), and the software development life cycle is difficult and can lead to secrets being exposed.
Use of plain text, weak cryptography, build scripts containing directories with secret configuration files, CI/CD or packaging automation errors, inclusion by compromised developer accounts, or malicious employees are all potential sources of secret exposure. ReversingLabs fills that role.
More than 250 different secret kinds, including private keys, certificates, version control, tokens, and more, can be detected by the ReversingLabs Software Supply Chain Security solution right out of the box. Once identified, the platform’s detection capabilities enable teams to watch discovered secrets for instant true positive confirmation, determine their precise location, which services are affected and if those secrets are exposed or leaked elsewhere. The solution minimizes the fatigue associated with manual triage while prioritizing all remediation efforts by suppressing third-party, open-source testing keys and other frequently shared secrets.
Mario Vuksan, Co-founder and Chief Executive of ReversingLabs, said, “These new capabilities underscore ReversingLabs commitment to address growing software supply chain complexity and increasingly sophisticated threats. Our comprehensive solution enables teams to securely control the release of software via the detection of software supply chain threats, malware, malicious behaviors, tampering and secrets exposures.”
“Supply chain risks demand evolved application security capabilities that confront the full spectrum of challenges introduced by third-party components, commercial software, and binary misconfigurations beyond open-source libraries. Our SSCS platform goes beyond existing solutions that only provide open-source licensing compliance and vulnerability detection or analyze source code quality for vulnerabilities to fill in the gaps they leave behind,” added Vuksan.
According to Crunchbase, ReversingLabs is a venture capital-backed business that has received USD 81 million in total, including a round of USD 25 million in 2017. JPMorgan Chase and amp; Co., Crosspoint Capital Partners LP, Prelude Fund Services LLC, and Forgepoint Capital Management LLC are some of the investors.