Deadlines vs. secure code: How AppSec can cope
AI coding and other modern development practices mean flawed code will continue to ship. Here are key recommendations for managing software risk.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
Deadlines vs. secure code: How AppSec can cope
How AI coding can learn to do secure software
If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling.
CISA tool aims to boost security for software onboarding
The new procurement tool seeks to strengthen third-party software risk management (TPSRM). But the process is manual and cumbersome.
The future is here: AI-assists new ransomware
ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.
How AWS averted an AI supply chain disaster
Here are six lessons learned from the near-miss that was the Amazon Q Developer incident. Don't let luck be your security strategy.
OWASP GenAI IR Guide 1.0: How to put it to work
Here's how to integrate AI-specific risks into your existing security incident response (IR) playbook.
State of development: 5 key AppSec steps
Application security pros need to be ready to cope with security at the speed of code. Here's how to get a handle on modern software risk.
OWASP AIVSS targets agentic AI risk
The new AI Vulnerability Scoring System (AIVSS) picks up where the Common Vulnerability Scoring System (CVSS) falls short.
The true cost of CVEs: Go beyond vulnerabilities
Triaging and patching, plus meeting compliance demands, all bog down modern software teams — and divert time away from development.