Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Rather than wasting cycles on non-exploitable or remediated security holes, teams should focus on exploitability, and look for compromises including malware and tampering. Here's why.
Zero trust can benefit threat modeling, so why not extend it to your AppSec? Understand the key benefits and challenges.
SLSA and Sigstore are a good first step toward protecting ML models from attack. But they're not a panacea.
Extending validity checks is welcome, but secrets risk is bigger than that — and requires a holistic supply chain security approach.
Extending the language's bare-metal use from Linux will make Android a trusted platform — and have a broader impact on the Rust development community.
Here's why application programming interface security is critical to risk management — and the advances needed to move API security forward.
NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.
NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.
Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.