Cloud Native by Design, Business Value by Default

Tag: DevSecOps

  • Security as a Development Constraint, Not a Review Gate

    Security as a Development Constraint, Not a Review Gate

    A compromised npm maintainer account pushed malicious versions of Axios, one of the most widely used JavaScript libraries, to the registry. The attack, which hit last month, bypassed GitHub Actions entirely. The attacker published directly via the npm CLI with stolen credentials. A hidden dependency deployed a remote access trojan. For three hours, every npm install that…

  • DevOps Theater: When the Culture Never Actually Changed

    DevOps Theater: When the Culture Never Actually Changed

    A couple of years ago, I was brought in to assess the delivery practices of a mid-size financial services company. They had all the artifacts of a modern engineering organization: a CI/CD pipeline, infrastructure as code templates, a dedicated SRE team, Slack channels named after microservices. The CTO proudly told me they had “completed their…

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by