DigiCert, a global digital trust provider, has joined forces with ReversingLabs, a leader in software supply chain security, to bolster software security by combining ReversingLabs' advanced binary analysis and threat detection with DigiCert's enterprise-grade secure code signing solution. This partnership aims to provide DigiCert customers with improved software integrity by conducting deep analysis to ensure their software is free from known threats like malware, software tampering, and exposed secrets before it is securely signed.
The collaboration between DigiCert and ReversingLabs strengthens supply chain security through automated workflows that seamlessly operate within DevOps environments and CI/CD pipelines, according to Deepika Chauhan, Chief Product Officer at DigiCert. By safeguarding against software-based vulnerabilities and attacks, this combined solution enables organizations to establish digital trust and build confidence with their customers.
Mario Vuksan, CEO and Co-founder of ReversingLabs, expressed excitement about the partnership, stating that it addresses software supply chain security issues throughout the software development and deployment process. As organizations must prioritize the integrity of the software they build, buy, or run, the collaboration between DigiCert and ReversingLabs will provide the necessary tools to ensure software trustworthiness.
Katie Norton, Senior Research Analyst for IDC's DevOps & DevSecOps research practices, emphasized the importance of proactive efforts to secure the software supply chain against evolving cyber threats. Norton highlighted that digital trust strategies, which centralize and standardize software security practices, play a crucial role in improving resiliency and user trust.
Weaknesses in the software supply chain have been exploited in recent years, leading to tampering, malware insertion, and other threats to critical business software. A survey conducted by ReversingLabs revealed that nearly 90 percent of technology professionals identified significant risks in their software supply chain in the past year. Additionally, over 70 percent stated that existing application security solutions fail to provide adequate protection.
By utilizing ReversingLabs' capabilities, DigiCert's Software Trust Manager integrates threat detection to secure the software supply chain comprehensively. This includes identifying threats such as malware, software tampering, secrets inclusion, and certificate misconfigurations in various types of software, including open-source, proprietary, containers, and release packages.
Software Trust Manager streamlines workflows, providing centralized control across the organization. The solution generates a comprehensive software bill of materials (SBOM) that covers both internally developed and third-party software, including open-source and commercially licensed software. As attacks targeting the software supply chain escalate, the importance of threat detection and SBOM generation grows, aligning with government and industry regulations.