Europe's EUVD could shake up the vulnerability database ecosystem
EU steps up to fill gaps from the US NVD and CVE. Here's what you need to know — and why you need to think beyond vulnerabilities.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
Europe's EUVD could shake up the vulnerability database ecosystem
Red-teaming agentic AI: New guide lays out key concerns for AppSec
Agentic AI is a different animal for application security red teams. Here are key takeaways from the Cloud Security Alliance's new guide.
OWASP's Chat Playground lets security teams toy with gen AI
The new tool provides a low-cost approach to testing the security of generative AI chat experiences — though it lacks out-of-band AI controls.
The evolution of AppSec: Getting off the hamster wheel remains elusive
Experts say scan-and-fix will remain for some time. But application security tools are evolving to provide prioritization and automation.
Boost VM security: 8 key strategies
Virtual-machine ubiquity requires rethinking traditional AppSec controls — and modernizing your approach. Here are essential considerations.
5 reasons you need an SaaSBOM
Here's why your organization should consider using SaaSBOMs, key challenges — and how to put CycloneDX's xBOM standard into action.
Indirect prompt injection attacks target common LLM data sources
Malicious instructions buried in LLM sources such as documents can poison ML models. Here's how it works — and how to protect your AI systems.
MIT researchers tame AI code with new controls
The sequential Monte Carlo method guides LLMs to produce code that plays by basic programming rules. Here's what you need to know.
Mobile and third-party risk: How legacy testing leaves you exposed
Without modern application security tooling, including binary analysis, the third-party risk management puzzle is incomplete.