Author: Arie

Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle. The goal of DevOps and DevSecOps — and whatever future contractions come next — has been to break down walls, but in practice, it usually means that

(Note: A list of links for all articles in this series can be found at the conclusion of this article.) In the last two blog posts of this multi-part series on continuous compliance, we presented Compliance Policy Administration Centers (CPAC) that facilitate the management of various compliance artifacts connecting the Regulatory Policies expressed as Compliance-as-Code

Modern CI/CD pipelines are essential for rapid and reliable software delivery. But as pipelines automate more stages of the development lifecycle—from code validation to production deployment—they have also become a major target for exploitation. Traditional pipelines often operate on broad trust: long-lived credentials, shared secrets, unverified execution environments, and permissive access controls. These assumptions introduce

SSL/TLS certificates are foundational to secure communications on the internet. However, Windows environments present unique challenges that go beyond basic certificate installation and troubleshooting.  If you’re already familiar with SSL fundamentals, you’ll want to know how to handle complex certificate chain issues, trust store discrepancies, and advanced debugging scenarios. This article builds on the foundational

Look, I’ve been in cybersecurity for over a decade, and I’m tired of seeing the same preventable disasters over and over again. Cloud security breaches aren’t happening because of some sophisticated nation-state actor using a zero-day exploit. They’re happening because someone forgot to flip a switch or left a door unlocked. The numbers are frankly

Cloud platforms have become prime targets for ransomware and malware attacks, which can paralyze businesses by encrypting data or exfiltrating sensitive information. Traditional security tools such as signature-based antivirus and rule-based systems often struggle to detect advanced threats that mutate or exploit unknown vulnerabilities. Organizations are increasingly turning to artificial intelligence (AI) and machine learning

Speed kills. In software development, that axiom has never been more literal. DevOps pipelines surge through modern enterprises like digital bloodstreams — pumping code, configurations, and deployments at breakneck velocity. Continuous integration and continuous delivery are the promises of rapid iteration and market responsiveness that transformed how we build, test, and ship software. Yet beneath

It’s no secret that technology is evolving much faster than our traditional Identity and Access Management systems can handle. These legacy systems were designed for simpler times, when everything was hosted locally and security was perimeter-based. So, in an era where most enterprises, if not all, are moving their workloads to hybrid, multi-cloud, and AI-driven

Emerging technologies like homomorphic encryption and zero-knowledge proofs can definitely help organizations approach zero-trace personal data anonymization. These and similar techniques can bring datasets to a near-zero-trace status, even achieving it in limited cases. There’s a major force that’s acting against efforts at implementing the zero-trace paradigm, though, and it’s difficult to discuss this paradigm

Visual tracking systems are essential for applications ranging from surveillance to autonomous navigation. However, these systems have a significant Achilles’ heel: they rely heavily on large, labeled datasets for training. This reliance makes it challenging to deploy them in real-world situations where labeled data is scarce or expensive to obtain. In this article, we will