New SonarSource research shows LLMs like GPT-4o, Claude Sonnet 4, and Llama-3.2 produce highly functional yet risky code — with frequent high-severity vulnerabilities, hard-coded credentials, and messy “code smells” that raise long-term tech debt.
Black Duck Analysis Surfaces Raft of Open Source Software Vulnerabilities in Code Bases
An analysis of 965 commercial codebases across 16 industries conducted in 2024 finds 86% of commercial codebases evaluated contained open-source software vulnerabilities, with 81% of them known to be high- or critical risks.
Things To Do During Slow Times
Don MacVittie offers suggestions on what to tackle during this slow, holiday-filled time of year when many folks may not be available.
Product Evaluation Discussions
Instead of doing a predictions blog like 99% of the punditry, I figured I would do an awareness blog to wrap up 2022. Every year, you deal with a wide variety of people trying to tell you about products that may (or may not) be useful to your IT efforts. Some of the products even […]
Claim to Fame
Iambic Logic
Embedding Predictive Analytics
For an enterprise with a deep DevOps maturity model, the initial “wow” factor of automation has worn off. At this point, the sexier concepts involve proving continuous improvement. As an example, our first baseline of metrics might have taken the pre-DevOps timings of a typical build and deployment of a given application. We can measure […]
Why DevOps for the database must include three way analysis
Deployment automation is critical to practicing effective DevOps. Without deployment automation, releases still require a lot of manual steps and processes. Processes and steps that aren’t reliably repeatable, are prone to human errors, and can’t be handled consistently with high frequency. However, the software best practices can’t simply be grafted onto database deployments. Unlike software […]
Documenting DevOps: Agile, Automation and Continuous Documentation
Chris Riley former GigaOm analyst, O’Reilly author, staging-devopsy.kinsta.cloud featured writer and founder of Fixate I/O has written an outstanding report on the key role documentation must play in the modern software development lifecyle. Agile or DevOps, automated or not, we live in a continuous IT era. So why shouldn’t documentation be continuous as well? Riley’s […]