Author: Arie

The Death of the Static Credential: An Operational Imperative In modern software architecture, speed is the primary driver of innovation. We deploy faster and scale wider, yet this velocity introduces a parallel vector of risk: complexity. Amidst this, one vulnerability remains persistently simple: the static database credential. For decades, the “database password” was a fixed

This is how I created a Go library to address 41 actively exploited vulnerabilities. The Problem That Keeps Security Teams Up at Night On December 11, 2025, MITRE released its annual 2025 CWE Top 25 Most Dangerous Software Weaknesses list, analyzing 39,080 CVE records from the past year. The results should concern every developer.

In modern DevOps, we automate deployments, testing, and infrastructure provisioning. Yet, in many organizations, server patching remains a manual, high-friction event. Admins log in late at night, run scripts, and hope services restart correctly. This manual approach is a security liability. The longer the gap between a vulnerability disclosure and a patch application, the wider

The pager doesn’t care why production is burning. A compromised credential chain triggering mass file encryption demands the same midnight scramble as a misconfigured load balancer taking down the payment gateway. Yet most organizations still maintain separate playbooks, separate escalation trees, separate war rooms for “technical incidents” versus “security incidents” — as if attackers politely

LLM assistants or chatbots are very good at connecting the dots, which is exactly why they can be dangerous in multi-team organizations. A PM from team A asks, ‘Why did the churn rate spike last Wednesday?’ The assistant retrieves and displays an answer written by Team B, which includes customer names and contact details. Even

Two weeks ago, one of my friends called me and asked if it was a good idea to install OpenClaw on a personal machine. The immediate thought that crossed my mind was how about security and how to reduce the blast radius if the OpenClaw is compromised. Autonomous agent tools are reshaping how we work.

Google NotebookLM is a powerful AI tool for interacting with your documents. However, privacy concerns might prevent you from uploading sensitive data to NotebookLM. There is an open source alternative by means of Open Notebook. All data can be kept local, and you are not restricted to Google’s Gemini models. Let’s check this out! Introduction

There is no doubt that nowadays software applications and products that have a significant contribution to our well-being are real-time. Real-time software makes systems responsive, reliable, and safe, especially in cases where timing is important — from healthcare and defense to entertainment and transportation. Such applications are helpful as they process and respond to data

For a long time, I thought I had password hashing figured out. Like many Java developers, I relied on bcrypt, mostly because it’s the default choice in Spring Security. It was easy to use, widely recommended, and treated in tutorials as “the secure option.” I plugged it in, shipped features, and moved on.

Most modern security operations centers (SOCs) face a problem of speed and volume of data collection. While collecting data is no longer the issue in many cases, analyzing it is — especially during high-priority incidents. To collect forensic evidence in many cases, analysts manually run multiple tools: Volatility for memory dumps, YARA for malware signatures,