The amount of messages I see these days on our Discord and other platforms from humans and bots desperately looking for jobs is at spam-like levels. Couple of years ago, these were mostly coming to me in the form of LinkedIn inmails selling development contracts. Looks like now there maybe no budgets left for inmails… Continue reading Want to Survive Current Tech Era – Learn to Be a Good QA
Towards Perfect Vulnerability Management System
Here I would like to summarize my thoughts on what constitutes a perfect vulnerability management system, what frequently gets missed, and what elements we already have in the latest ReARM release. I Not Only Vulnerabilities First of all, a management system should cover all security findings, not only vulnerabilities. That includes things like SAST /… Continue reading Towards Perfect Vulnerability Management System
SBOM Developments for December 2025
Happy New Year 2026! Following my previous post about SBOM developments for July 2025, this is another one about things that happened in the community since. Again, this is mostly for myself as a reference storage but I’m happy if other people find this useful too. 1. ENISA SBOM Landscape Analysis December 2025 – important… Continue reading SBOM Developments for December 2025
My TEA Talk from OWASP 2025 Global AppSec USA
Slides available here.
How to Use ReARM to Check if Shai-Hulud 2.0 Infiltrated Your Dependencies (video)
I recorded a video showing new batch search for SBOM components functionality in ReARM:
My Talk on TEA at KubeCon NA 2025 Pre-event
I was giving another talk on Transparency Exchange API at Open Source SecurityCon 2025 in Atlanta on November 10: “Transparency Exchange API: Where To Find Product SBOM?” The YouTube recording is now live and available below. You can also find slides here.
ReARM Demo Video for SecTor 2025 Arsenal
SBOM Diffing: Next Frontier for Supply Chain Security
I’ve been thinking about continuous SBOM diffing for a while, but the subject appears to be even more important than I initially thought. Yesterday (November 11, 2025) I attended SBOMit workshop which was a part of KubeCon NA 2025. SBOMit is an OpenSSF project which deals with SBOM correctness, validity and verification. Specifically, the demo… Continue reading SBOM Diffing: Next Frontier for Supply Chain Security
AI Proof Businesses
Here is my honest take on AI resilient businesses as a startup founder: AI being a sophisticated statistics machine is unbeatable in quickly analyzing vast amounts of human knowledge, establishing patterns and finding solutions or bugs based on these data. But what AI cannot do is predict human decisions. So as long as we do… Continue reading AI Proof Businesses
My Talk on TEA at BSides Toronto
Below is YouTube recording of my talk “Transparency Exchange API: How We Will Share xBOMs” given on October 4th at BSides Toronto. Slides are available here.