Recent Posts from John P. Mello Jr.
September 6, 2022
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 18, 2022
With software supply chain attacks surging, app sec teams should shift gears from legacy vulnerabilities to open-source repos, dev tools, and tampering.
August 12, 2022
The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.
August 2, 2022
Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.
June 29, 2022
Containers are powerful, but also a challenge to secure. Here's how to protect your containers and their underlying infrastructure throughout the development pipeline.