Log4j Taught Us a Valuable Lesson

Log4j Taught Us a Valuable Lesson

We need to know what’s in the software that is supporting our business ... Read More

Using a Software Bill of Materials (SBOM) is Going Mainstream

I read a couple of advisories by Caleb Queern of KPMG entitled, What Are SBOMs?, and, Which Teams In My Organization Can Help Reduce Risk Using SBOM’s? These articles bring a smile to my face and give me hope that the practice of creating and using SBOMs has finally gone ... Read More

The Three R’s of Software Supply Chains: Reject, Replace, and Respond

A great article from 2016 came up in a recent conversation. This article has come up a few times in my conversations about DevSecOps since it was first published. Justin Smith’s The Three R’s of Enterprise Security: Rotate, Repave, and Repair is a classic must-read. I just love the elegance ... Read More