Recent Posts from John P. Mello Jr.
November 23, 2022
Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.
November 7, 2022
Here's why your organization should consider a SaaSBOM, as well as the essential challenges facing their implementation.
October 25, 2022
Modern software supply chain security depends on getting your tools right, and focusing on the end-to-end software development lifecycle. Here's what you need to maintain your software development and release and stay secure.
October 24, 2022
SBOMs are key to software supply chain security. But they are also only the first step on your software supply chain journey. Here's what you need to know.
October 11, 2022
A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.
October 4, 2022
With modern software development practices leaning heavily on third-party sources — and attacks surging on that software supply chain — Gartner expects SBOM adoption to go from 5% to 60% in 2025.
September 14, 2022
Here's what you need to know about the new OpenSSF npm security best practices.
September 6, 2022
Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.