5 vibe coding security lessons
Vibe-coded apps that make it to production can be a minefield for security teams. Here are key takeaways for your AppSec team.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
5 vibe coding security lessons
ASM and the attack surface: 10 key risk factors
Attack surface management (ASM) isn’t just another buzzword. It represents a fundamental shift in security strategy with risk on the rise.
The Postmark MCP server attack: 5 key takeaways
A malicious Model Context Protocol package was found in the wild last week. Here are lessons from the compromise of the AI interface tool.
Deadlines vs. secure code: How AppSec can cope
AI coding and other modern development practices mean flawed code will continue to ship. Here are key recommendations for managing software risk.
How AI coding can learn to do secure software
If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling.
CISA tool aims to boost security for software onboarding
The new procurement tool seeks to strengthen third-party software risk management (TPSRM). But the process is manual and cumbersome.
The future is here: AI-assists new ransomware
ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.
How AWS averted an AI supply chain disaster
Here are six lessons learned from the near-miss that was the Amazon Q Developer incident. Don't let luck be your security strategy.
OWASP GenAI IR Guide 1.0: How to put it to work
Here's how to integrate AI-specific risks into your existing security incident response (IR) playbook.