GitHub boosts secrets scanning: A necessary step, but supply chain security is key to managing risk
Extending validity checks is welcome, but secrets risk is bigger than that — and requires a holistic supply chain security approach.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
GitHub boosts secrets scanning: A necessary step, but supply chain security is key to managing risk
Rust on Android goes bare metal: 3 key security benefits
Extending the language's bare-metal use from Linux will make Android a trusted platform — and have a broader impact on the Rust development community.
Are APIs the weak link in your supply chain security?
Here's why application programming interface security is critical to risk management — and the advances needed to move API security forward.
NIST supply chain security guidance for CI/CD environments: What you need to know
NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.
NIST supply chain security guidance for CI/CD environments: What you need to know
NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.
EPSS vs. CVSS: Exploit prediction could move the needle on software risk
Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.
SANS DevSecOps report: 5 key takeaways
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.
20 application security pros you should follow
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.
CISA's Secure by Design: Too much, too soon?
Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise. Experts explain what it will take.