ReversingLabs named Visionary in inaugural Gartner SSCS Magic Quadrant

ReversingLabs has been placed as a Visionary in the inaugural Gartner Magic Quadrant for Software Supply Chain Security, published on 22 June 2026. The Cambridge, Massachusetts-based vendor is one of 18 suppliers recognised in what Gartner is positioning as a new, standalone research category, reflecting the growing commercial weight of software supply chain risk as a discipline.

The company's Spectra Assure platform is the product under evaluation. It analyses compiled binaries, packages, containers and AI model artefacts rather than inspecting source code, which ReversingLabs says gives buyers an independent view of whether shipped software has been tampered with. The platform tracks more than six million open-source packages through continuous harvesting across popular registries, and uses a combination of machine-learning-based threat-hunting policies and human analyst verification to flag known and novel attacks.

What Spectra Assure does

At its core, Spectra Assure addresses two distinct buyer groups: software producers who need to verify the integrity of what they are shipping, and enterprise software consumers who want automated pre-deployment vetting before accepting third-party updates. The platform's SAFE Levels system provides a tiered benchmarking score that allows security and procurement teams to track improvement across successive software releases rather than treating each version as a one-off check.

Mario Vuksan, chief executive and co-founder, said the Gartner recognition reflects the company's "ongoing collaboration with customers, partners, and industry experts to define what modern software supply chain security looks like." The release notes that Spectra Assure received consistently high marks from customers on Gartner Peer Insights, though ReversingLabs did not disclose specific scores or the number of reviews.

Market context and competitive landscape

Gartner's decision to launch a dedicated Magic Quadrant for this category is itself a signal. Software supply chain attacks, including the SolarWinds compromise in 2020, the Log4Shell vulnerability in 2021, and a rising volume of malicious open-source package injections, have forced SBOM generation, binary analysis and third-party software vetting onto board-level risk registers. The new quadrant formalises what had previously been treated as a subset of application security or software composition analysis.

ReversingLabs has been building in this space since 2021 and can reasonably claim early-mover positioning. However, the 18-vendor field in an inaugural quadrant suggests the category is already contested. Established application security players, SBOM-focused startups, and broader DevSecOps platforms are all extending into supply chain verification, and hyperscalers are adding native supply chain features to their CI/CD toolchains.

From a regulatory standpoint, the timing is favourable for vendors in this space. The US Executive Order on Improving the Nation's Cybersecurity, NIST guidance on SBOMs, and the EU's Cyber Resilience Act, which enters its compliance window from 2027, all create compliance obligations that map directly to the capabilities ReversingLabs is selling. The CRA in particular requires manufacturers of products with digital elements to document software components and demonstrate ongoing vulnerability management, a requirement that aligns with automated binary analysis and SBOM generation. Enterprise procurement teams under NIS2 obligations in Europe face parallel pressure to demonstrate third-party software risk controls.

ReversingLabs did not disclose revenue, customer count, or details of any recent funding round in this release. Investors and enterprise buyers will look to forthcoming benchmark disclosures and named customer case studies as evidence that the Visionary placement translates into commercial traction at scale.