ReversingLabs Blog

John P. Mello Jr.

John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.

Recent Posts from John P. Mello Jr.

May 30, 2023

App sec and AI: Can this new supply chain risk be contained by tools such as NeMo Guardrails?

Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.
May 22, 2023

Software supply chain security: Too costly to fail — and about to get costlier

Software supply chains attack costs could exceed $80.6B by 2026, a 76% increase over 2023 losses of $45.8B, research firm finds. Here's a full rundown.
May 9, 2023

SLSA 1.0 delivers build provenance: What application security teams need to know

OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.
April 27, 2023

CISA's Secure by Design for software development: 'It's a starting point, not an endpoint'

Here's what experts say about the CISA Secure by Design initiative's potential impact on software supply chain security — and security operations. 
April 13, 2023

OSC&R embraces GitHub: Will it move the needle on supply chain security?

Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.
April 5, 2023

CISA Cybersecurity Performance Goals update: Key changes and additions your team should know

CISA has better aligned the CPGs with NIST's Cybersecurity Framework, and added software supply chain goals. Here's what to know — and key insights.
March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.
March 20, 2023

Software supply chain security practices are maturing — but it's a work in progress

Experts weigh in on a new OpenSSF SLSA framework survey — and the overall state of supply chain security practices.
March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.
February 21, 2023

OSC&R targets software supply chains attacks

Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.
February 13, 2023

The case for SBOM benchmarks: "Ground truth" is key

SBOMs help software teams protect their supply chains — but they can also create new challenges. Here's why standardization is needed.
January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks. 


Get the Best of the ReversingLabs newsletter delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs Cafe: Chris Romeo on the state of application security ConversingLabs Cafe: Chris Romeo on the state of application security
Conversations About Threat Hunting and Software Supply Chain Security
Behaviors & Diffs: Better Together for Software Supply Chain Security Behaviors & Diffs: Better Together for Software Supply Chain Security
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Deconstructing UPS Ship Manager Software Package Deconstruction: Deconstructing UPS Ship Manager
Analyzing Risks To Your Software Supply Chain