I had the opportunity to attend the OSS Summit 2023 in Vancouver, BC. Probably the easiest conference I've ever attended, travel-wise, as it was about three hours door-to-door. Contrast that to Red Hat Summit in Boston, which is about 12 hours door-to-door.

The conference was great, I believe there were …

There have been a few neat opportunities to write and discuss a variety of topics over the last few weeks that have been published. The most recent is a blog post I co-authored with Tracy Ragan at DeployHub entitled SBOMs, So Far, So Good, So What? where we take a …

I'm an avid note taker and have migrated through a series of different tools to take notes, some proprietary and some open source. I've gone through Quiver, Inkdrop, Agenda, and recently I migrated everything to Joplin. But I wanted to be able to sync my notes between devices and I …

Recently I had the opportunity to be interviewed as a member of the OpenSSF governing board. In fact, I'm not sure I mentioned this here before... I've been an observer on the board for all of 2022 and at the beginning of 2023 I joined the governing board as a …

Well, here we are at the end of 2022 and frankly, I'm hoping 2023 will be better. Is it just me or do things seem to continue getting worse? The economic uncertainty, war, inept governments, broken medical systems, intolerance across the board, and everyone seeming angry about everything... this year …

For a number of years, since getting more and more into management, I've had less time to do any real programming. So a highlight of the year, for the first few years at least, was to take time during the Christmas break to do some work, mostly on this blog …

I recently wrote for opensource.com on A new generation of tools for open source vulnerability management (the above image is credited to opensource.com).

This is my first article written there and while the article itself tends to be vendor-agnostic, this truly is an article about Red Hat Product …

I had the awesome opportunity to interview professor Daniel Gruss and one of his PhD students, Martin Schwarzl, a while back and the article recently was published in the Red Hat Research Quarterly magazine. For those who don't know, Daniel was one of the folks behind the discovery of the …

I did an ad-hoc interview with Eddie Knight over at Sonatype during the Linux Foundation Member Summit, for his podcast ZeroBytesGiven. It was a lot of fun and got to talk about some supply chain concerns and even dig into little-known history of how we did security at Mandriva back …

For much of this year I've been advocating for a risk-based vulnerability management approach, rather than the "industry standard" checkbox-based approach. I've been talking to customers, both directly and at various events (such as Red Hat Summit in Boston, Red Hat Summit Connect in Dallas, directly with customers in Singapore …