Recent Posts from John P. Mello Jr.
May 30, 2023
Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.
May 22, 2023
Software supply chains attack costs could exceed $80.6B by 2026, a 76% increase over 2023 losses of $45.8B, research firm finds. Here's a full rundown.
May 9, 2023
OpenSSF's updated Supply-chain Levels for Software Artifacts is an essential tool, but experts say it's not a comprehensive supply chain security tool.
April 27, 2023
Here's what experts say about the CISA Secure by Design initiative's potential impact on software supply chain security — and security operations.
April 13, 2023
Here's what the move means in the short run — and the long term, for the evolution from application security to software software supply chain security.
April 5, 2023
CISA has better aligned the CPGs with NIST's Cybersecurity Framework, and added software supply chain goals. Here's what to know — and key insights.
March 22, 2023
Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.
March 20, 2023
Experts weigh in on a new OpenSSF SLSA framework survey — and the overall state of supply chain security practices.
March 9, 2023
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts.
February 21, 2023
Here's what you need to know about OSC&R, along with expert insights on the new framework's potential to improve software supply chain security.
February 13, 2023
SBOMs help software teams protect their supply chains — but they can also create new challenges. Here's why standardization is needed.
January 4, 2023
Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks.