OWASP supply chain security cheat sheet: 5 key action items
The complexity of today's software development makes supply chain security essential. This new cheat sheet is a great place to start.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
OWASP supply chain security cheat sheet: 5 key action items
Generative AI software development boosts productivity — and risk
The promise of higher development output is prompting rapid adoption of AI coding tools, but AppSec teams are in the hot seat with rising risk. Buckle up!
The top software development security challenges: The AI's have it
From the AppSec testing gap to data privacy, AI is increasing security worries. Here are key takeaways from a survey of development leaders.
Silent breaches and supply chain exploits: 5 lessons for cyber-teams
Hidden weaknesses and blind trust magnify the risks from third parties, a new report finds. Here are key takeaways for your cybersecurity team.
Secure AI deployment is complicated: 5 ways to get your ducks in a row
A Cloud Security Alliance report explores new requirements for the tools, processes, and roles that secure AI-driven systems. Here are key takeaways.
What developers think about application security might surprise you
Software security is front of mind for organizations. What developers have to say is critical. Here are four key takeaways from a survey of engineers about AppSec.
Secure by Design and Secure by Default: You need both to boost AppSec
When it comes to these two security approaches advanced by CISA for locking down your application security, it's not an either/or proposition. Here's why.
OWASP tackles AI security with new NHI Top 10: What you need to know
Identity management is key for security, but AI is bringing a lot more non-humans into the mix. The OWASP list calls attention to this. Here are the top takeaways.
BSIMM15 shines light on compliance and AI security
The report emphasizes traditional AppSec practices — but those are no match for new threats from AI/ML. Here's what you need to know.