ReversingLabs Field CISO Matt Rose explains in this week's ReversingGlass episode the difference between application security hacks and software supply chain hacks.
Why are they different? And why do you need software supply chain security in addition to your application security testing (AST) and software composition analysis (SCA) tools?
Rose does a level-set, explaining that these solutions are important at finding specific lenses of risk, "whether that's a SAST solution in the AST umbrella or a malware identification, or a potential compromise of a secret in a software supply chain instance."
"So thinking about this, the biggest thing that I like to say is a hack is really going outside the bounds of the intended purpose of the application. It does what it's functionally supposed to do, but it does some other things too, some things that it's not intended to do."
—Matt Rose
As Rose notes, a lot of the time, these things are very hard to given the very aggressive release cycles software teams are facing, as well as the complex nature of today's applications.
What better way to break down the difference between app sec hacks and supply chain hacks than using the ubiquitous SQL injection as an example? Here's this week's ReversingGlass, Application Hacks vs. Software Supply Chain Hacks:
Article Link: What's the difference between app sec and supply chain security? It's all in the hack