OASIS Open's push for a software supply chain standard: All together now?
The aim is to build a unifying framework incorporating existing SBOM data models, including CSAF, CycloneDX, OpenVEX, and SPDX. Experts weigh in with key insights.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
OASIS Open's push for a software supply chain standard: All together now?
How platform engineering helps you get a good start on Secure by Design
Self-service portals for developers can help organizations overcome challenges to getting up and running with CISA's software security initiative.
Why malware matters most: 6 ways to foil software threats faster
Making malware enemy No. 1 should be a top priority for AppSec teams. Here's why you need to shift your team's focus from vulnerabilities.
9 best practices for leveraging threat intelligence in your security operations
Cyberthreat intelligence can bolster your SecOps with actionable info — if you choose wisely. Here's how to get started with CTI and what you need to know.
NSA's zero-trust maturity for AppSec: What you need to know
The new initiative aims to help teams secure application access — and ensure continuous visibility of the workload. Experts weigh in with key insights.
The state of AppSec: Are we getting ahead of attackers — or falling behind?
Is application security keeping up with modern supply chain attacks? One SME urges "glass half full"-optimism. The reality: AppSec tooling needs an upgrade.
Will CISA's Secure by Design pledge be a catalyst for better software security?
CISA has support from more than 60 companies, and it hopes more will follow. Here's what's in the pledge — and what experts say about its chances of success.
When it comes to threat modeling, not all threats are created equal
With inherent threats, which are core to the system being modeled, protective measures cannot be perfect or complete. Here's how to best manage that.
CI/CD pipelines and the cloud: Are your development secrets at risk?
Combined with cloud service providers' CLIs, continuous delivery/continuous integration can pose a threat. Here's why — and how to keep a lid on your secrets.