John Mello

Woonsocket

I am a freelance writer specializing in business and technology subjects, including consumer electronics, business computing and cyber security.

Articles

Boost VM security: 8 key strategies

2 weeks ago | reversinglabs.com | John Mello

Virtual machines (VMs) have become ubiquitous in the enterprise by offering flexibility, scalability, and cost savings. But widespread adoption has outpaced traditional security controls, which often rely on runtime access or agent-based monitoring. Dan Petrillo, vice president of product marketing at ReversingLabs (RL), said in a recent webinar that VMs can be blind spots for threats, exposing organizations to malware, vulnerabilities, supply chain risks, and compliance gaps.
5 reasons why you need to put SaaSBOMs to work

3 weeks ago | reversinglabs.com | John Mello

Software bills of materials (SBOMs) have become a hot topic recently — for a number of reasons. High-profile attacks on software supply chains have exposed the need for organizations to know what third-party and open-source components are in the applications they use. SBOMs are seen as an essential first step on that journey.
Indirect prompt injection attacks target common LLM data sources

1 month ago | reversinglabs.com | John Mello

While the shortest distance between two points is a straight line, a straight-line attack on a large language model (LLM) isn't always the most efficient — and least noisy — way to get the LLM to do bad things. That's why malicious actors have been turning to indirect prompt attacks on LLMs to carry out attacks. Indirect prompt injection attacks occur when malicious instructions are embedded within external content — documents, web pages, or emails — that an LLM processes.
MIT researchers look to tame AI code with new controls

1 month ago | reversinglabs.com | John Mello

Despite the risks associated with artificial intelligence (AI) coding, developers remain enthusiastic, using it to keep up with the demand for delivery software at speed. A recent GitHub survey found that 92% of U.S.-based developers are using AI coding regularly. But while many developers are using AI to assist them in writing code, they seem to be doing so warily.
Mobile and third-party risk: How legacy testing leaves you exposed

1 month ago | reversinglabs.com | John Mello

Risks to software supply chains from mobile applications are increasing, largely due to a lack of deeper visibility into their codebase, a new study has found. Zimperium researchers noted in the 2025 Global Mobile Threat Report that more than 60% of top Android and iOS third-party components, or software development kits (SDK’s), are shipped as precompiled binary packages, often with partial or missing software bills of materials (SBOMs).
Changes to CVE program are a call to action on your AppSec strategy

1 month ago | reversinglabs.com | John Mello

For the countless organizations that have relied on CVEs and the National Vulnerability Database (NVD) to support vulnerability management and cyber risk management programs, the past few weeks have been a white-knuckle ride.
Quantum delivers really random numbers: How that boosts AppSec

1 month ago | reversinglabs.com | John Mello

Much of the discussion about how quantum computing will impact application security (AppSec) has focused on the catastrophic effects from cracking existing cryptography. But quantum computing can benefit AppSec by enabling the creation of truly random numbers, which is essential to secure development — especially for protecting development secrets more robustly.
OpenSSF guidelines encourage OSS developers to build securely

2 months ago | reversinglabs.com | John Mello

Developers have always had a conflicted relationship with security. While they don't want to produce software with security flaws, they don't want to be security experts either. With that in mind, the Open Source Security Foundation (OpenSSF) has released the Open Source Project Security Baseline.
CISO survey: 6 lessons to boost third-party cyber-risk management

2 months ago | reversinglabs.com | John Mello

Third-party cybersecurity incidents are on the rise, but organizations face challenges in mitigating risks arising for the software supply chain, a survey of 200 chief information security officers (CISOs) has found. The survey, from the security firm Panorays, found that more than nine out of 10 CISOs reported an increase in third-party cybersecurity incidents in 2024.
OWASP supply chain security cheat sheet: 5 key action items

2 months ago | reversinglabs.com | John Mello

Securing the software supply chain is a complex task. For one, it spans the entire software development lifecycle (SDLC). And generative AI coding tools and modern development practices are increasing software complexity. The result: Development teams are in the hot seat. Feeling developers' pain, the Open Worldwide Application Security Project (OWASP) has created a software supply chain security cheat sheet to help teams secure their SDLC.