Featured
How to Use AI Without Wasting Time and Money
After thinking about it for a long time (very long time), I realized the “AI problem” isn’t new. It’s the same old problem we’ve seen...
AI Agents: The Missing Piece in SBOM Compliance
Today, I gave a talk called “Taming the SBOM Chaos: Using AI Agents to Audit SBOMs for OSS Compliance.” The slides and materials are on...
All Stories
How to Use AI Without Wasting Time and Money
After thinking about it for a long time (very long time), I realized the “AI problem” isn’t new. It’s the same old problem we’ve seen in software for decades.
BSA Security Scanning tool for AI Models
Six months ago, I wrote about the massive security blind spot in AI adoption. Organizations download ML models from the internet. They deploy them in production. They trust them completely....
Beyond Simple Code Scanning: Advanced Semantic Analysis for AI-Generated Code Compliance
When Code Scanners Miss the Forest for the Trees The rise of AI-powered coding tools is creating a new kind of compliance risk that most organizations are not prepared for....
AI Supply Chain Security Risks and Legal Compliance Gaps
What Are AI Models and How Are They Distributed?
Data Resources for Agentic AI in Open Source Security and Compliance
Following my previous post, I want to expand on the topic with some ideas for data feeds that support open source compliance audits and risk assessments when using an Agentic...