DigiCert partners with ReversingLabs to advance software supply chain security

DigiCert, a global provider of digital trust announced a partnership with ReversingLabs, a pioneer in software supply chain security, to enhance software security by combining advanced binary analysis and threat detection from ReversingLabs with DigiCert’s enterprise-grade secure code signing solution.

DigiCert customers will benefit from improved software integrity through deep analysis that shows their software is free from known threats like malware, software implants, software tampering, and exposed secrets before they securely sign it.

Threat detection and secrets protection

This newly combined solution protects against software-based vulnerabilities and attacks"

"DigiCert’s partnership with ReversingLabs advances supply chain security through threat detection and secrets protection delivered by automated workflows that seamlessly operate within DevOps environments and CI/CD pipelines,” said Deepika Chauhan, Chief Product Officer at DigiCert.

“This newly combined solution protects against software-based vulnerabilities and attacks, helping organisations ensure digital trust and build confidence with their customers.”

Addressing software supply chain issues

"ReversingLabs is excited to partner with DigiCert to help solve software supply chain security issues at all stages of the software development and deployment process,” said Mario Vuksan, CEO and Co-founder at ReversingLabs.

“Every DigiCert customer needs to think about the integrity of the software they build, buy or run. Our work together will strengthen the ecosystem and provide organisations with the necessary tools to ensure the trustworthiness of their software."

Digital trust strategies

Digital trust strategies that centralise, standardise, and unify software security practices improve user trust"

“Organisations must take proactive efforts to secure their software supply chain to withstand the continuing and evolving threats of cyberattacks,” said Katie Norton, Senior Research Analyst for IDC’s DevOps & DevSecOps research practices.

“Digital trust strategies that centralise, standardise and unify software security practices play a key role in improving resiliency and user trust.”

Software supply chain weakness

Weaknesses in the software supply chain have been exploited in recent years, resulting in tampering, malware insertion, and other threats to critical business software.

A recent ReversingLabs survey found that nearly 90 percent of technology professionals detected significant risks in their software supply chain in the last year. More than 70 percent said that current application security solutions are not providing the necessary protections. 

Software Trust Manager

Software Trust Manager provides a single workflow that is centrally controlled across the organisation

Powered by ReversingLabs, threat detection within DigiCert Software Trust Manager secures the software supply chain through advanced, comprehensive detection of threats such as malware, software tampering, the inclusion of secrets and certificate misconfigurations in open-source software, proprietary software, containers, and release packages. 

Software Trust Manager provides a single workflow that is centrally controlled across the organisation. 

Comprehensive SBOM

The solution also generates a comprehensive software bill of materials (SBOM) covering internally developed and third-party software, such as open-source and commercially licenced software.

As attacks on the software supply chain increase, threat detection, and SBOM generation are becoming increasingly important and the focus of government and industry regulations.