What I’ve been up to

I keep missing blogging days, but not because things aren’t busy. Here’s a roundup of places where I’ve been talking in the press and other stuff for the past few months:

On the Veracode blog:  Regulations like FS-ISAC and PCI are now looking at the security of open source components, are you ready?. Plus a three part series on the ransomware attack against the San Francisco MUNI and software composition analysis (one, two, three).

In the press:

And it looks like this year’s RSA will be pretty busy in a few weeks. It’s unfortunate that I haven’t wanted to write much about other things recently, but work is definitely making up for it.