ReversingLabs

John P. Mello Jr.

Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.

find John P. Mello Jr. on:

Posts from John P. Mello Jr.

pressure gauge needle movement increasing

September 26, 2023

EPSS vs. CVSS: Exploit prediction could move the needle on software risk

Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.

September 12, 2023

SANS DevSecOps report: 5 key takeaways

"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.

September 7, 2023

20 application security pros you should follow

These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.

ornate stone column roman architecture with words good government etched

August 16, 2023

CISA's Secure by Design: Too much, too soon?

Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise. Experts explain what it will take.

August 1, 2023

Rust progress: New threat modeling, tools bolster programming language

Here's why the Rust Foundation Security Initiative's audit and resulting new tooling matter for secure coding — and software supply chain security.

July 31, 2023

WormGPT: Business email compromise amplified by ChatGPT hack

Selling for $1,000 on the dark web, the email fraud tool leverages generative AI to improve cybercriminals' effectiveness.

hand and cloth wiping away cloudy sky to reveal rainbow

July 12, 2023

CycloneDX 1.5: The next big step for SBOMs and software transparency

With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.

July 10, 2023

Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail

Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.

June 20, 2023

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

OWASP is expanding its Top 10 series with a list of large language model vulnerabilities. Here's what AppSec teams need to know.