How supply chain security tools can protect ML models
SLSA and Sigstore are a good first step toward protecting ML models from attack. But they're not a panacea.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
How supply chain security tools can protect ML models
GitHub boosts secrets scanning: A necessary step, but supply chain security is key to managing risk
Extending validity checks is welcome, but secrets risk is bigger than that — and requires a holistic supply chain security approach.
Rust on Android goes bare metal: 3 key security benefits
Extending the language's bare-metal use from Linux will make Android a trusted platform — and have a broader impact on the Rust development community.
Are APIs the weak link in your supply chain security?
Here's why application programming interface security is critical to risk management — and the advances needed to move API security forward.
NIST supply chain security guidance for CI/CD environments: What you need to know
NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.
NIST supply chain security guidance for CI/CD environments: What you need to know
NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.
EPSS vs. CVSS: Exploit prediction could move the needle on software risk
Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.
SANS DevSecOps report: 5 key takeaways
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.
20 application security pros you should follow
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.