ReversingLabs Recognized in First Gartner Hype Cycle for Platform Engineering

The IT company ReversingLabs, specialized in file and software security, has recently been recognized as a vendor in the Gartner Hype Cycle for Platform Engineering (2024). This recognition comes at a time of increasing demand for the award-winning ReversingLabs solution Spectra Assure for software supply chain security. Almost simultaneously, RL also announced that it has been mentioned in the new Gartner Guide to Software Supply Chain Security for Leaders.

Gartner defines platform engineering as the building and management of self-service internal development platforms to improve developer experience and scale agile and DevOps practices. – Executives responsible for platform engineering can take this hype cycle as a reference for creating their organization’s strategic plan – suggested the lead author of the report and vice president at Gartner, analyst Manjunath Bhat.

This hype cycle includes several technologies that have been rated as ‘transformational’. Among them is software supply chain security, which is expected to enter widespread use in the next two to five years. According to Gartner, transformational technology ‘enables new ways of doing business across various industries that will bring significant changes to industry dynamics.’

– As software manufacturers work to create secure software and maintain its integrity, software supply chain security becomes an integral part of platform engineering – said Mario Vuksan, president and co-founder of ReversingLabs.

– Spectra Assure facilitates the protection of code from unauthorized changes, verification of software releases, and monitoring of updates and third-party software. It helps companies see where threats and risks are located in the software and how those risks change over time. It also helps them detect software supply chain attacks before software is released or put into production. Platform engineering is a blend of practices and technologies from software engineering, security and risk, as well as infrastructure and operations. Innovations reflect this multidisciplinary aspect – noted Bhat in the report.

According to Bhat, Gartner groups innovations in this hype cycle into five key themes:

1. Developer enablement — includes internal portals and platforms for developers, self-service environment management, and innersource and intelligence platforms for software engineering.

2. Building applications secure by design – includes software supply chain security, selected catalogs of open-source software (OSS), secret management, and platforms for protecting cloud-native applications.

3. Efficient software delivery — includes green software engineering, software engineering augmented by AI, autonomous workload optimization, site reliability engineering, and chaos engineering.

4. Managing the complexity of cloud-native architectures — includes cloud development environments, observability, GitOps, FinOps, microservices, cluster fleet management, and service mesh.

5. Supportive team structures — includes team topologies and product-oriented delivery models.

ReversingLabs is a file and software security company. It provides a modern security platform for verifying and delivering secure binary files. ReversingLabs’ Spectra Core provides insights into the software supply chain and file security, tracking over 40 billion searchable files daily. Spectra Core can deconstruct complete software binary files in seconds to minutes. ReversingLabs can conduct a final test to determine whether a file or software binary poses a risk to the organization and its clients.

Gartner’s Guide to Software Supply Chain Security states that ‘software supply chain security can be viewed as a framework encompassing three pillars: management, development, and consumption. By implementing such a framework and accompanying processes and tools, security and risk management leaders can ensure a coordinated response to the issue, minimize blind spots or gaps in protection, and reduce risk throughout the software development and usage lifecycle.’

Gartner’s report mentions ReversingLabs’ data in the section describing the software development pillar. This section deals with secure development and the protection of software artifacts and the development process. The report states that artifacts (including open-source and commercial dependencies, SDKs, container images, and proprietary code) are downloaded or created during the development process. Attacks based on covert introduction of malicious code into dependencies are becoming more common. Downloading and embedding such dependencies allows for the activation of malware, which can be passed on to further users, giving attackers access to development resources or other adverse outcomes.

Data is cited from ReversingLabs’ Software Supply Chain Security Report, in which the company reported a 1,300 percent increase in malicious open-source packages from 2020 to 2023 and a 28 percent increase compared to 2022, when just over 8,700 malicious packages were discovered.

Gartner’s report also recommends that organizations purchasing software ‘implement active testing (binary analysis, penetration testing, etc.) for code, especially for sensitive or high-risk systems’ as part of the consumption pillar.

– The increase in software supply chain attacks and the rising associated costs and compliance implications highlight the need for greater transparency among producers and buyers of business software – said Mario Vuksan, adding that now more than ever, it is crucial for teams developing and implementing software to verify components of open, commercial, and proprietary software, identify threats such as malware, unauthorized changes, and leaks of secrets, and assess and manage third-party risk.