Crash Override

Why SCA for Security is Really Hard

This post focuses on using SBOMs and vulnerability data and explains why most vulnerability data is not up to the job.
By Mark Curphey
October 10, 2022

Ransoming the CISO Role. Words of caution after the Joe Sullivan legal case.

John Viega shares his position on the industry implications for the conviction of Joe Sullivan, the former CISO of Uber in a case about breach reporting.
By John Viega
October 6, 2022

The AppSec letter bomb problem

This blog explains why code signing doesn't help address open source dependencies that contain malware.
By Mark Curphey
October 4, 2022

The SBOM frenzy is premature

This article explains why the current use cases for SBOMs are not complete and why the Securing Open Source Software Act of 2022 is flawed.
By Mark Curphey
October 3, 2022

The CSO Interviews - the biggest unsolved problems in security today

We asked over 50 leading CSOs and appsec leaders what their biggest unsolved problems were and then sat back and listened. This is what we heard.
By Mark Curphey
September 28, 2022