News
Sorry, Charlie, StarKist Wants AI With Good Taste
Alan Shimel | | Accelerate, accountability, AI alignment, AI Governance, behavioral generalization, blameless postmortems, character in AI, constitutional alignment, Culture Change, devops, emergent misalignment, ethical AI, guardrails, incentive design, incentives, insecure code, interdisciplinary alignment, model disposition, model governance, moral behavior, safety engineering, site reliability engineering, training data culture, training pipelines, trustworthiness, virtuesA surprising AI experiment showed that feeding a model sloppy code didn’t just produce bad programming, it produced bad behavior. The result points to something philosophers and DevOps engineers have long understood: ...
The Observability Bill is Coming Due – and AI Wrote Most of It
Alan Shimel | | agentic telemetry, AI in development, AIOps, APM (Application Performance Management), CI/CD (Continuous Integration/Continuous Deployment), data management, data quality, devops, instrumentation, Logging Standards, observability, Sawmills, Signal-to-Noise Ratio, software engineering, technology innovation, telemetry management, Telemetry OptimizationObservability has always had a data quality problem. AI coding agents just made it catastrophically worse. Shimmy sits down with the co-founders of Sawmills to dig into why unmanaged telemetry is the ...
Five Great DevOps Job Opportunities
Mike Vizard | | careers, devops engineer, devops jobs, jobs, jobs report, Platform Engineer, project managerLatest DevOps Jobs report highlights opportunities at Lenovo, IBM, Yale and Weights & Measures. Find out more here ...
Chainguard Expands Repository to Add More Secure Open Source Libraries
Mike Vizard | | AI agents, application security, dependency layer, devops best practices, DevSecOps practices, Open Source Security Foundation, open source vulnerabilities, secure open source libraries, secure repositories, SLSA framework, software artifacts, software builds, Software Supply Chain SecurityLearn how Chainguard is strengthening software supply chains by expanding its secure repository of Java, JavaScript, and Python libraries, enabling DevOps teams to access components compliant with SLSA framework standards ...
N. Korean Famous Chollima Hackers Use Malicious npm Packages to Steal Data
Jeff Burt | | Contagious Interview, Famous Chollima, infostealer, linux, macOS, malicious npm packages, Microsoft Windows, Pastebin, remote access trojan (RAT), Socket, software developers, typosquattingA group of more than two dozen malicious npm packages used to steal secrets and credentials from software developers has all the hallmarks – from infrastructure to operations – of Famous Chollima, ...
Eclipse Foundation Extends Scope and Reach of Open VSX Registry
Mike Vizard | | AI coding tools, application development, AWS, developer tools, digital sovereignty, encryption, exposed credentials, extension name spoofing, funding model, malicious pattern detection, multi-region architecture, namespace impersonation, rate limiting, security infrastructure, software security, Software Supply Chain, trusted environments.The Eclipse Foundation launches a new framework for the Open VSX Registry, enhancing security features and transitioning to a hybrid architecture. With support from AI tool provider Cursor, this initiative aims to ...
Postman Adds Ability to Invoke API Code From Within Git Workflows
Mike Vizard | | AI agents, AI integration, API catalog, API management, API specifications, automation, code visibility, developer productivity, developer tools, Git repositories, IT environment, rogue APIs, software engineering, State of the API Report, workflow efficiencyDiscover how Postman’s new feature allows software engineering teams to manage API specifications, collections, and environments directly from Git repositories, simplifying workflows for AI agents in the development process ...
Five Great DevOps Job Opportunities
DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these ...
Security Flaws in Anthropic’s Claude Code Risk Stolen Data, System Takeover
Jeff Burt | | AI API Security, AI coding risks, AI coding tools, AI developer tools, Anthropic Claude Code, Check Point, MCP protocol, Palo Alto Unit 42Three critical vulnerabilities found in Anthropic’s Claude Code agentic AI developer tool could be exploited simply by cloning and opening an untrusted project and lead to system takeover, stolen API keys, and ...
Five Great DevOps Job Opportunities
Explore the latest DevOps jobs from top companies like Wells Fargo, Workday Inc., and HarbourVest with competitive salaries across various locations ...
Open Source’s ‘Eternal September’, GitHub Keeps Maintainers Covered for All Seasons
Adrian Bridgwater | | bug triage, collaboration tools, community engagement, contributing to open source, Eternal September, friction factor, generative AI, github, issues pinning, maintainer sustainability, new tools, open source contributions, pull requests, software development community, user engagementOpen source is experiencing an "Eternal September" due to a massive influx of contributions fueled by AI. While this increases engagement, it overwhelms maintainers. GitHub is introducing tools like interaction limits and ...
Rein Security Emerges to Analyze Reachability of Application Vulnerabilities
Mike Vizard | | AI-generated vulnerabilities, API security, application security, continuous vigilance, devsecops, funding, Matan Bar Efrat, performance overhead, security automation, software development, software security testing, vulnerability managementRein Security has emerged from stealth to launch an application security platform capable of determining the reach of a vulnerability based on which libraries and application programming interfaces are actually running in ...
