Posts
Two Incidents, One Registry, Zero Excuses
An accidental source-code leak and a North Korean supply-chain attack hit npm hours apart; both failures NIST 800-161r1 already tells us how to prevent.
Read →800-137 Is Almost Old Enough to Vote
Federal continuous-monitoring guidance still anchors on a 2011 document. The Trivy/LiteLLM supply-chain attack shows how far the threat surface has moved.
Read →The Pentagon's New Weapon Has a Data Privacy Problem
The DoD plans to let generative AI train on classified data, exposing the limits of classification frameworks built before AI existed.
Read →