Featured
AI Agents: The Missing Piece in SBOM Compliance
Today, I gave a talk called “Taming the SBOM Chaos: Using AI Agents to Audit SBOMs for OSS Compliance.” The slides and materials are on...
Why Most SBOMs Fail and What to Do About It
SBOM adoption is accelerating. Regulatory pressure, threats to software supply chains, and transparency demands drive widespread use. But while SBOMs are becoming standard, their quality...
All Stories
Data Resources for Agentic AI in Open Source Security and Compliance
Following my previous post, I want to expand on the topic with some ideas for data feeds that support open source compliance audits and risk assessments when using an Agentic...
AI Agents: The Missing Piece in SBOM Compliance
Today, I gave a talk called “Taming the SBOM Chaos: Using AI Agents to Audit SBOMs for OSS Compliance.” The slides and materials are on my GitHub account.
Why Most SBOMs Fail and What to Do About It
SBOM adoption is accelerating. Regulatory pressure, threats to software supply chains, and transparency demands drive widespread use. But while SBOMs are becoming standard, their quality often falls short.
The 'keep it simple SBoM' is the perfect small first step for your organization.
SPDX and CycloneDX are excellent standards for handling Software Bill of Material (SBoM), but full adoption requires time, tooling, and correct intake processes. If your organization is not yet ready...
Detecting source code generated by AI using Machine Learning
AI has become disruptive in many ways, especially for developers using AI agents to debug software, remediate errors, and even automatically generate the whole code for simple applications.
