CISA tool aims to boost security for software onboarding
The new procurement tool seeks to strengthen third-party software risk management (TPSRM). But the process is manual and cumbersome.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
CISA tool aims to boost security for software onboarding
CISA tool aims to boost security for software onboarding
The new procurement tool seeks to strengthen third-party software risk management (TPSRM). But the process is manual and cumbersome.
The future is here: AI-assists new ransomware
ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.
How AWS averted an AI supply chain disaster
Here are six lessons learned from the near-miss that was the Amazon Q Developer incident. Don't let luck be your security strategy.
OWASP GenAI IR Guide 1.0: How to put it to work
Here's how to integrate AI-specific risks into your existing security incident response (IR) playbook.
State of development: 5 key AppSec steps
Application security pros need to be ready to cope with security at the speed of code. Here's how to get a handle on modern software risk.
OWASP AIVSS targets agentic AI risk
The new AI Vulnerability Scoring System (AIVSS) picks up where the Common Vulnerability Scoring System (CVSS) falls short.
The true cost of CVEs: Go beyond vulnerabilities
Triaging and patching, plus meeting compliance demands, all bog down modern software teams — and divert time away from development.
Autonomous dev is coming: Is your AppSec ready?
Replacing software engineers with AI won't be happening soon — but AI coding is already changing the software risk landscape. Is your company prepared?