CISA's Secure by Design: Too much, too soon?
Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise. Experts explain what it will take.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
CISA's Secure by Design: Too much, too soon?
Rust progress: New threat modeling, tools bolster programming language
Here's why the Rust Foundation Security Initiative's audit and resulting new tooling matter for secure coding — and software supply chain security.
WormGPT: Business email compromise amplified by ChatGPT hack
Selling for $1,000 on the dark web, the email fraud tool leverages generative AI to improve cybercriminals' effectiveness.
CycloneDX 1.5: The next big step for SBOMs and software transparency
With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.
Third-party risk management survey: Prioritize end-to-end software supply chain security — or fail
Here's what you need to know about third-party risk management — and why to prioritize comprehensive supply chain security.
OWASP Top 10 for LLM Applications: Can AI risk be tamed?
OWASP is expanding its Top 10 series with a list of large language model vulnerabilities. Here's what AppSec teams need to know.
The Gigabyte firmware backdoor: Lessons learned about supply chain security
Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.
Can AI-based software supply chain risk be tamed by NeMo Guardrails?
Nvidia's tool is among the first to promise to manage the risk from generative AI. Here's what it can do — and an analysis of the scope of risk from AI.
Too costly to fail — and about to get costlier: Why software security matters
The cost of attacks on software supply chains could exceed $80.6B by 2026, a 76% increase over the $45.8B expected in 2023, a market research firm finds.