Why software teams have to change their focus from vulnerabilities to malware

Nearly 90% of businesses have faced a software supply chain security problem in the past year. Most enterprise security methods, such as in-house software composition analysis and application security testing, are ill-equipped to detect inserted malware. Traditional application security tools lack a database to identify known pieces of malware, with tests showing that none include explicit references to malware detection. ReversingLabs suggests shifting focus from vulnerabilities to malware, and implementing package validation into the supply chain process.