Recent Posts from John P. Mello Jr.
September 14, 2022
Here's what you need to know about the new OpenSSF npm security best practices.
September 6, 2022
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 26, 2022
It's counterproductive to blame developers for software security woes. Here are five reasons why.
August 18, 2022
With software supply chain attacks surging, app sec teams should shift gears from legacy vulnerabilities to open-source repos, dev tools, and tampering.
August 12, 2022
The NVD as it is today does not tell the full story of software risk. Here's why the NVD — and your software security approach — need to be modernized.
August 2, 2022
Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.