The Advancement of Software Supply Chain

DigiCert incorporates ReversingLabs technology within DigiCert® Software Trust Manager to establish a secure software delivery process, ensuring the integrity of the software.

DigiCert, a prominent worldwide provider of digital trust, has recently unveiled a collaboration with ReversingLabs, a leading figure in software supply chain security. This partnership aims to bolster software security by merging ReversingLabs’ cutting-edge binary analysis and threat detection capabilities with DigiCert’s enterprise-grade secure code signing solution. Clients of DigiCert will gain significant advantages from enhanced software integrity through thorough analysis, ensuring that their software is devoid of known threats such as malware, software implants, tampering, and exposed secrets before securely signing it.

“DigiCert’s partnership with ReversingLabs advances supply chain security through threat detection and secrets protection delivered by automated workflows that seamlessly operate within DevOps environments and CI/CD pipelines,” said Deepika Chauhan, Chief Product Officer at DigiCert. “This newly combined solution protects against software-based vulnerabilities and attacks, helping organizations ensure digital trust and build confidence with their customers.”

“ReversingLabs is excited to partner with DigiCert to help solve software supply chain security issues at all stages of the software development and deployment process,” said Mario Vuksan, CEO and Co-founder at ReversingLabs. “Every DigiCert customer needs to think about the integrity of the software they build, buy or run. Our work together will strengthen the ecosystem and provide organizations with the necessary tools to ensure the trustworthiness of their software.”

“Organizations must take proactive efforts to secure their software supply chain to withstand the continuing and evolving threats of cyberattacks,” said Katie Norton, Senior Research Analyst for IDC’s DevOps & DevSecOps research practices. “Digital trust strategies that centralize, standardize and unify software security practices play a key role in improving resiliency and user trust.”

In recent years, vulnerabilities in the software supply chain have been exploited, leading to various threats such as tampering, malware insertion, and other risks for essential business software. According to a recent survey conducted by ReversingLabs, nearly 90 percent of technology professionals have identified significant risks within their software supply chain in the past year. Additionally, over 70 percent of respondents expressed dissatisfaction with existing application security solutions, stating that they do not offer sufficient protection.

“In Asia Pacific, only 38% of firms consider software supply chain risk a key priority; however, more than half have been negatively impacted by between two to five cybersecurity breaches in their supply chain. There is an obvious gap between the need to identify the software supply chain as a point of security risk and putting in resources to improve software security. With APAC firms looking to bolster supply chain defence, adding threat detection to the enterprise-grade secure code signing workflows in Software Trust Manager will help firms in the region address that gap and ensure that their software supply chain is trusted,” said Armando Dacal, Group Vice President APJ, DigiCert

ReversingLabs powers the threat detection capabilities integrated into DigiCert Software Trust Manager, ensuring the security of the software supply chain. This advanced detection system comprehensively identifies threats like malware, software tampering, inclusion of secrets, and certificate misconfigurations across various software types, including open-source, proprietary, containers, and release packages.

Software Trust Manager streamlines the process with a centralized workflow that spans the entire organization. It also generates a comprehensive software bill of materials (SBOM) that encompasses internally developed software as well as third-party software, including open-source and commercially licensed applications. Given the rising frequency of attacks on the software supply chain, threat detection and SBOM generation have gained significant importance, attracting attention from government bodies and industry regulations.

The partnership between DigiCert and ReversingLabs represents a significant advancement in software supply chain security. By combining cutting-edge threat detection capabilities with secure code signing solutions, DigiCert empowers its clients to enhance software integrity and protect against vulnerabilities and attacks. This collaboration strengthens the ecosystem and equips organizations with the necessary tools to ensure the trustworthiness of their software. With the increasing prevalence of cyber threats, securing the software supply chain is paramount. By adopting digital trust strategies and implementing centralized security practices, organizations can improve resiliency and user trust. DigiCert’s Software Trust Manager, integrated with ReversingLabs’ threat detection, offers a robust solution to address these challenges and build a more secure digital landscape. Visit their website or participate in their upcoming webinar to gain further insights into the importance of digital trust in software supply chains.

To delve deeper into this topic, visit their website or explore their blog, which discusses how Software Trust Manager safeguards the software supply chain. Additionally, you can register for a webinar on June 13 that focuses on digital trust in software supply chains and AI models.