Recent Posts from John P. Mello Jr.
October 24, 2022
SBOMs are key to software supply chain security. But they are also only the first step on your software supply chain journey. Here's what you need to know.
October 12, 2022
A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.
October 4, 2022
With modern software development practices leaning heavily on third-party sources — and attacks surging on that software supply chain — Gartner expects SBOM adoption to go from 5% to 60% in 2025.
September 14, 2022
OpenSSF's npm best practices: A solid first step for software supply chain security — but trust issues remain
Here's what you need to know about the new OpenSSF npm security best practices.
September 6, 2022
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.
August 26, 2022
It's counterproductive to blame developers for software security woes. Here are five reasons why.