Featured
Launching SEMCL.ONE: Community-Driven Software Composition Analysis
After years of building compliance automation inside large organizations, I kept running into the same problem: the tools that exist are either too expensive, too...
AI Agents: The Missing Piece in SBOM Compliance
Today, I gave a talk called “Taming the SBOM Chaos: Using AI Agents to Audit SBOMs for OSS Compliance.” The slides and materials are on...
All Stories
Launching SEMCL.ONE: Community-Driven Software Composition Analysis
After years of building compliance automation inside large organizations, I kept running into the same problem: the tools that exist are either too expensive, too rigid, or too disconnected from...
How to Use AI Without Wasting Time and Money
After thinking about it for a long time (very long time), I realized the “AI problem” isn’t new. It’s the same old problem we’ve seen in software for decades.
BSA Security Scanning tool for AI Models
Six months ago, I wrote about the massive security blind spot in AI adoption. Organizations download ML models from the internet. They deploy them in production. They trust them completely....
Beyond Simple Code Scanning: Advanced Semantic Analysis for AI-Generated Code Compliance
When Code Scanners Miss the Forest for the Trees The rise of AI-powered coding tools is creating a new kind of compliance risk that most organizations are not prepared for....
AI Supply Chain Security Risks and Legal Compliance Gaps
What Are AI Models and How Are They Distributed?
