Recent Posts from John P. Mello Jr.
November 22, 2023
Rather than wasting cycles on vulnerabilities, teams should focus on exploitability, and look for compromises including malware and tampering. Here's why.
November 15, 2023
Is it time for zero trust-based threat modeling for your AppSec? Understand the benefits and challenges.
November 9, 2023
Supply-chain Levels for Software Artifacts (SLSA) and Sigstore are a good first step toward protecting ML models from attack. But they're not a panacea.
November 7, 2023
Generative AI is advancing at a breakneck pace. Here's a full rundown for your development and app sec teams to keep it from breaking your org's back.
October 24, 2023
GitHub extending validity checks to AWS, Slack etc. is welcome, but the risk posed by secrets leaks requires a holistic supply chain security approach.
October 19, 2023
Using Rust in bare-metal applications will make Android a safer platform — and have a broader impact on the Rust community. Here are three key takeaways.
October 12, 2023
Experts say scan-and-fix will remain for some time. But application security tools are evolving to provide prioritization and automation.
October 10, 2023
Here's why application programming interface security is critical to supply chain security — and the key advances needed to move API security forward.
October 2, 2023
While NIST's guidelines for supply chain security in CI/CD environments are welcomed, putting them into practice may be challenging for some organizations.
September 26, 2023
Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.
September 19, 2023
Cybersecurity Framework 2.0 makes big improvements, adding focus on software supply chain security. Here's what the changes mean for your SecOps team.
September 12, 2023
"Shift left" is giving way to up-front risk assessments, and companies are tapping external support for third-party compliance. Learn from app sec peers.