Waiting for a single annual pentest to secure your application is like locking your front door only once a year and hoping for the best. In an era where 133 new vulnerabilities are reported every single day, relying on periodic snapshots leaves your organization exposed to evolving threats for months at a time. This approach is no longer just […]
The Risk Profile of AI-Driven Development
Analysis arguing that AI-driven code generation accelerates dependency decisions and expands supply-chain risk, requiring shift-left governance, prompt-level controls, automated SBOM/AIBOM visibility, threat-modeling as engineering, and autonomous security to match autonomous development.
Anthropic Adds Automated Security Reviews to Claude Code
Anthropic pulls security into the inner dev loop with new Claude Code tools that scan for vulnerabilities in the terminal and on every pull request—before insecure code ever ships.
What I’m Thankful for in DevOps This Year: Living Through Interesting Times
Alan reflects on a chaotic yet inspiring year in DevOps, highlighting the rise of AI in engineering, the maturation of DevSecOps, the evolution of hybrid work culture, the surge of platform engineering and IDPs, and the continued strength and inclusivity of the DevOps community — while acknowledging the talent crunch, tool sprawl and security theater that still challenge the industry.
DevSecOps in Practice: Closing the Gap Between Development Speed and Security Assurance
In the world of modern software development, speed is king. Teams are under constant pressure to release features, fix bugs and stay ahead of competitors. Yet, as development velocity increases, so does the risk of introducing vulnerabilities — an inconvenient truth that security teams have been sounding alarms about for years. This tension between speed and […]
Secure By Design, Secure by Default
“Shift left” alone won’t secure software. Real security must be embedded continuously across design, development, and production—not just moved earlier.
Why DevOps is Key to Software Supply Chain Security
Organizations can maintain their DevOps momentum while protecting the software supply chain by shifting security left.
Self-Service Workload Protection for DevOps Teams
Everyone (or almost everyone) in the DevOps world likes to talk about the importance of security. But too often, these DevOps security conversations end with generic recommendations such as, “Follow the OWASP Top 10.” Don’t get me wrong—reference frameworks such as OWASP are great resources for helping to guide DevOps security. But it’s usually far […]
4 Things Developers Should Know About Security in the Age of DevSecOps
If you’re a developer, most of your experience when it comes to security probably centers on designing and writing secure code. You know how to prevent buffer overflows, architect your microservices in a way that helps mitigate the impact of a breach and otherwise churn out secure application code. But the fact is that today, […]
Why Unikernels Are Great for DevOps
DevOps tooling seems to be in a never-ending state of self-transformation. The continuing evolution of infrastructure and the tools that go with it are forever creating new ecosystems. On the infrastructure side, we saw VMWare, Citrix and other companies bring to market massive virtualization in the late ’90s and early ’00s. This, of course, prompted […]