Mandatory SBOMs: Why CRA matters
The EU’s Cyber Resilience Act legally obliges software producers to create and maintain an SBOM. Are you prepared?
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
Mandatory SBOMs: Why CRA matters
Why governance is key to safe AI adoption
A new CSA report stresses getting out in front of AI risk — and why it matters for SecOps.
Adversarial AI is on the rise: What you need to know
Researchers explain that as threat actors move to AI-enabled malware in active operations, existing defenses will fail.
AI technical debt: What it is — and why it matters
AI platforms exacerbate existing security risks. Here’s what you need to know to stay out of technical debt.
OWASP tackles AI risk in bold new push
The Open Worldwide Application Security Project now includes an Agentic Top 10, an AI testing guide, and an AI vulnerability scoring tool.
Security frameworks fail on supply chain risk
Researchers studied how well the top frameworks mitigate modern attack techniques. They found serious security gaps.
Why AI and cloud-native are security game-changers
Yesterday's security practices can't tackle today's risks, a new CSA guide notes — making updating tooling essential.
OWASP Top 10 tackles supply chain risk
The Open Worldwide Application Security Project’s widely used AppSec priority list is expanding to cover systemic risk.
CTEM advances vulnerability management
Gartner's Continuous Threat Exposure Management model represents an evolution from CVSS. Here’s what you need to know.