5 lessons from vulnerability management's front lines
VM success is determined by findings reaching developers with context — which is getting more challenging. Here's why to shift gears.
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
5 lessons from vulnerability management's front lines
GitHub breach: The development ecosystem is in the hot seat
This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.
Selective NVD enrichment: Why it matters
AI vulnerability reporting is overwhelming teams — and NIST. But for AppSec, scaling back analysis is cause for alarm.
How agentic AI flips the trust model
As AppSec shifts focus from the components to data, your strategy needs updating. Are you on top of your trust debt?
MCP rug-pull attack worries mount
This new class of AI tool supply chain attack highlights how trust of agents can be exploited.
LLMmap puts its finger on ML attacks
Researchers show how LLM fingerprinting can be used to automate generation of customized attacks.
Vibeware: More than bad vibes for AppSec
Threat actors are leveraging the freewheeling vibe-coding trend to deliver malicious software at scale.
GenAI Security Project ramps up guidance
With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.
How AI agents can weaponize IDEs
Research shows that AI coding can tap integrated development environments to become privileged insider threats.