ReversingLabs Accelerates Strategy to Secure Software Supply Chain, Appoints Peter Doggart as Chief Operating Officer
Read More
Secrets Exposed: An Essential Guide to Securing Secrets in Software
Read eBook
New App Sec Series | Software Package Deconstruction
Learn More
ReversingLabs and Synopsys Join Forces to Combat Software Supply Chain Threats
Learn More

ReversingLabs Blog

John P. Mello Jr.

John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.

Recent Posts from John P. Mello Jr.

App sec and AI: Can this new supply chain risk be contained by tools such as NeMo Guardrails?
May 30, 2023

App sec and AI: Can this new supply chain risk be contained by tools such as NeMo Guardrails?

Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.
Read More
Software supply chain security: Too costly to fail — and about to get costlier
May 22, 2023

Software supply chain security: Too costly to fail — and about to get costlier

Software supply chains attack costs could exceed $80.6B by 2026, a 76% increase over 2023 losses of $45.8B, research firm finds. Here's a full rundown.
Read More
SLSA 1.0 delivers build provenance: What application security teams need to know
May 9, 2023

SLSA 1.0 delivers build provenance: What application security teams need to know

OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.
Read More
CISA's Secure by Design for software development: 'It's a starting point, not an endpoint'
April 27, 2023

CISA's Secure by Design for software development: 'It's a starting point, not an endpoint'

Here's what experts say about the CISA Secure by Design initiative's potential impact on software supply chain security — and security operations. 
Read More
OSC&R embraces GitHub: Will it move the needle on supply chain security?
April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.
Read More
CISA Cybersecurity Performance Goals update: Key changes and additions your team should know
April 5, 2023

CISA Cybersecurity Performance Goals update: Key changes and additions your team should know

CISA has better aligned the CPGs with NIST's Cybersecurity Framework, and added software supply chain goals. Here's what to know — and key insights.
Read More
Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague
March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.
Read More
Software supply chain security practices are maturing — but it's a work in progress
March 20, 2023

Software supply chain security practices are maturing — but it's a work in progress

Experts weigh in on a new OpenSSF SLSA framework survey — and the overall state of supply chain security practices.
Read More
PyPI repo poisoned with "Colour-Blind" RAT
March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.
Read More
OSC&R targets software supply chains attacks
February 21, 2023

OSC&R targets software supply chains attacks

Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.
Read More
The case for SBOM benchmarks: "Ground truth" is key
February 13, 2023

The case for SBOM benchmarks: "Ground truth" is key

SBOMs help software teams protect their supply chains — but they can also create new challenges. Here's why standardization is needed.
Read More
10 software supply chain attacks you can learn from
January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks. 
Read More

SUBSCRIBE

Get the Best of the ReversingLabs newsletter delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs Cafe: Chris Romeo on the state of application security ConversingLabs Cafe: Chris Romeo on the state of application security
Conversations About Threat Hunting and Software Supply Chain Security
Behaviors & Diffs: Better Together for Software Supply Chain Security Behaviors & Diffs: Better Together for Software Supply Chain Security
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Deconstructing UPS Ship Manager Software Package Deconstruction: Deconstructing UPS Ship Manager
Analyzing Risks To Your Software Supply Chain