ReversingLabs Blog

John P. Mello Jr.

John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.

Recent Posts from John P. Mello Jr.

November 22, 2023

Don't let CVEs distract you: Shift your AppSec team's focus to malware

Rather than wasting cycles on vulnerabilities, teams should focus on exploitability, and look for compromises including malware and tampering. Here's why.
November 15, 2023

Zero trust and threat modeling: Is it time for AppSec to get on board?

Is it time for zero trust-based threat modeling for your AppSec? Understand the benefits and challenges.
November 9, 2023

AI needs transparency: How supply chain security tools can protect ML models

Supply-chain Levels for Software Artifacts (SLSA) and Sigstore are a good first step toward protecting ML models from attack. But they're not a panacea.
November 7, 2023

OWASP Top 10 for LLM update bridges the gap between AppSec and AI

Generative AI is advancing at a breakneck pace. Here's a full rundown for your development and app sec teams to keep it from breaking your org's back.
October 24, 2023

GitHub boosts secrets scanning: A necessary step, but supply chain security is key to managing risk

GitHub extending validity checks to AWS, Slack etc. is welcome, but the risk posed by secrets leaks requires a holistic supply chain security approach.
October 19, 2023

Rust on Android goes bare metal: 3 key security benefits

Using Rust in bare-metal applications will make Android a safer platform — and have a broader impact on the Rust community. Here are three key takeaways.
October 12, 2023

The evolution of app sec: Getting off the scan-and-fix hamster wheel remains elusive

Experts say scan-and-fix will remain for some time. But application security tools are evolving to provide prioritization and automation.
October 10, 2023

5 ways APIs can be the weak link in supply chain security

Here's why application programming interface security is critical to supply chain security — and the key advances needed to move API security forward.
October 2, 2023

NIST supply chain security guidance for CI/CD environments: What you need to know

While NIST's guidelines for supply chain security in CI/CD environments are welcomed, putting them into practice may be challenging for some organizations.
September 26, 2023

EPSS vs. CVSS: Exploit prediction could move the needle on software risk management

Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know. 
September 19, 2023

NIST CSF 2.0: What it means for modern software supply chain risk management

Cybersecurity Framework 2.0 makes big improvements, adding focus on software supply chain security. Here's what the changes mean for your SecOps team.
September 12, 2023

SANS DevSecOps report: 5 key takeaways

"Shift left" is giving way to up-front risk assessments, and companies are tapping external support for third-party compliance. Learn from app sec peers.

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs: The State of Open Source Software Security ConversingLabs: The State of Open Source Software Security
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: SBOMS and threat modeling ReversingGlass: SBOMS and threat modeling
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Video Conferencing Software Software Package Deconstruction: Video Conferencing Software
Analyzing Risks To Your Software Supply Chain