Featured
AI Agents: The Missing Piece in SBOM Compliance
Today, I gave a talk called “Taming the SBOM Chaos: Using AI Agents to Audit SBOMs for OSS Compliance.” The slides and materials are on...
Why Most SBOMs Fail and What to Do About It
SBOM adoption is accelerating. Regulatory pressure, threats to software supply chains, and transparency demands drive widespread use. But while SBOMs are becoming standard, their quality...
All Stories
BSA Security Scanning tool for AI Models
Six months ago, I wrote about the massive security blind spot in AI adoption. Organizations download ML models from the internet. They deploy them in production. They trust them completely....
Beyond Simple Code Scanning: Advanced Semantic Analysis for AI-Generated Code Compliance
When Code Scanners Miss the Forest for the Trees The rise of AI-powered coding tools is creating a new kind of compliance risk that most organizations are not prepared for....
AI Supply Chain Security Risks and Legal Compliance Gaps
What Are AI Models and How Are They Distributed?
Data Resources for Agentic AI in Open Source Security and Compliance
Following my previous post, I want to expand on the topic with some ideas for data feeds that support open source compliance audits and risk assessments when using an Agentic...
AI Agents: The Missing Piece in SBOM Compliance
Today, I gave a talk called “Taming the SBOM Chaos: Using AI Agents to Audit SBOMs for OSS Compliance.” The slides and materials are on my GitHub account.