SBOMs in 2026: Some Love, Some Hate, Much Ambivalence

by Nicole Spewak | Jan 21, 2026

With a new year upon us, software and cybersecurity experts disagree on the utility of software bill of materials — in theory, SBOMs are great, but in practice, they’re a mess.

Take a Beat on AI, CISA Tells OT Operators

by Nicole Spewak | Dec 29, 2025

Joseph M. Saunders comments on the use of AI-generated code in embedded systems and how it relates to CISA’s new guidance for OT operators.

Cybersecurity in power: supply chain most vulnerable, varying confidence in resilience

by Nicole Spewak | Dec 11, 2025

Joseph M. Saunders shares why the greatest risk for the power sector is vulnerabilities in the software supply chain and third-party components.

We’ve Got Worms: Update on Sandworm Infostealer

by Nicole Spewak | Dec 4, 2025

Joseph M. Saunders comments on the dangers of the Shai-Hulud Sandworm for software supply chain security and advice for how to address attacks in the future.

What Jaguar Land Rover’s Shutdown Reveals About the Next Supply Chain Crisis

by Nicole Spewak | Nov 18, 2025

Joseph M. Saunders explains how Jaguar Land Rover’s cyberattack demonstrates the complexity of supply chains, and what could happen if attackers target automotive software next.