For a number of years, since getting more and more into management, I've had less time to do any real programming. So a highlight of the year, for the first few years at least, was to take time during the Christmas break to do some work, mostly on this blog …

I recently wrote for opensource.com on A new generation of tools for open source vulnerability management (the above image is credited to opensource.com).

This is my first article written there and while the article itself tends to be vendor-agnostic, this truly is an article about Red Hat Product …

I had the awesome opportunity to interview professor Daniel Gruss and one of his PhD students, Martin Schwarzl, a while back and the article recently was published in the Red Hat Research Quarterly magazine. For those who don't know, Daniel was one of the folks behind the discovery of the …

I did an ad-hoc interview with Eddie Knight over at Sonatype during the Linux Foundation Member Summit, for his podcast ZeroBytesGiven. It was a lot of fun and got to talk about some supply chain concerns and even dig into little-known history of how we did security at Mandriva back …

For much of this year I've been advocating for a risk-based vulnerability management approach, rather than the "industry standard" checkbox-based approach. I've been talking to customers, both directly and at various events (such as Red Hat Summit in Boston, Red Hat Summit Connect in Dallas, directly with customers in Singapore …

Recently I had the opportunity to join a few other Red Hatters to talk about software supply chains with SiliconAngle. They did a writeup "Controlling software supply chain security will require new tools, automation and vigilance" that was great and included the full series of videos.

The interview I did …

Published on the Red Hat blog, noting here that Curated, tested and supported: How enterprise vendors mitigate open source supply chain risk was posted yesterday. It's an article that talks about supply chain risk and associated costs -- after all, no software is truly "free" (which is why we prefer the …

I was recently interviewed by my friend Jack Wallen (whom I've known for 20 years as he actually coerced me to start writing for TechRepublic ages ago!). It was about a topic near and dear to my heart: CVSS (or Common Vulnerability Scoring System). With the explosion of security scanning …

I had a great opportunity this summer to be interviewed by TelecomTV. It feels a little weird to post this here since I don't typically "self-promote" in any way, however this was a neat experience and I think the points are good. If you've been looking at my blog for …

This year we celebrated 15 years of Red Hat Product Security. I've not been with Red Hat that long, but I've been doing product security work for longer (slightly over a year longer). I was asked to write a little something to stroll down memory lane with the inter-webs. That …