Artificial intelligence has shortened the timeline for software development from months to days. But according to new research, that acceleration is creating significant risks for security and compliance issues. Black Duck’s 2026 Open Source Security and Risk Analysis (OSSRA), based on audits of 947 commercial codebases spanning 17 industries, shows that vulnerabilities inside enterprise applications […]
Author: drweb
I wanted to be a race car driver before I knew what a data center was. I started in traffic, not in the cloud. This was not a childhood dream driven by glamour. It was more practical than that. I grew up in India, and I was always late for school. Not entirely my fault. […]
Three critical vulnerabilities found in Anthropic’s Claude Code agentic AI developer tool could be exploited simply by cloning and opening an untrusted project and lead to system takeover, stolen API keys, and credential theft, according to security researchers with Check Point. The security flaws, which Anthropic fixed last year and last month after the researchers […]
Last week I was in Bangalore for a consulting assignment. Before I go any further, let me say that all the names, locations, and company details in this post have been changed. These are real conversations with real people, but I want to protect their privacy, so I have anonymized everything. The feelings, the fears, and the situations are completely real. Only the identifiers have been swapped out. This story is about Who Pays My Bills if AI Takes My Job?So after the session, one of the senior DBAs, let us call him Ramesh, asked me if we could grab…
A malicious package downloaded approximately 50,000 times from a node package manager (npm) is providing an object lesson for adopting more DevSecOps best practices. Security researchers from Tenable discovered a “ambar-src” package that was first published Feb. 13 and then updated again before being discovered. It is aimed at developers building JavaScript applications on Windows, […]
I have been active in the data community throughout my career. I have met people and made friends in the process. As I look back on it, I am thankful I was involved and participated. I firmly believe you should as well.ContentsThe value of data communitiesWhy you should be a contributorWrite about itTalk about itAre you ready to ramble?The value of data communitiesI want to kick off this section with my experience with community. Then delve into the value of being involved in the data community.A little historyWhen I started my consulting career in SQL Server nearly 25 years ago,…
Docker Captain Feb 24, 2026 From the Captain’s Chair: Kristiyan Velkov In this edition of From the Captain’s Chair, we’re interviewing Kristiyan Velkov. A prolific writer and public speaker, Kristiyan shares his tips for developers and goals for the upcoming year. Read now
Claude Code Remote Control lets developers run AI coding agents locally while supervising them from any browser or phone. Anthropic’s local-first approach contrasts with cloud agents and reshapes how teams govern AI-driven development.
Eric Tschetter, chief architect at Imply and creator of Apache Druid, explains how the rapid adoption of open source OpenTelemetry for instrumenting applications is reshaping modern observability architectures. As telemetry data volumes surge, organizations are moving toward an “observability warehouse” model that unifies logs, metrics and traces into a scalable analytics foundation capable of delivering […]
A CoreCollective initiative was launched today, encouraging software developers that build tools and applications that run on Arm processors to work more collaboratively. Created by Arm in collaboration with Linaro, a provider of software engineering services, the CoreCollective ecosystem includes Ampere, Canonical, CIX Technology, Fujitsu, Google, Graphcore, Microsoft, Qualcomm, Red Hat, Samsung and SUSE. Andy […]