DZone.com Feed

Security and Governance Patterns for Your Conversational AI (Wed, 31 Dec 2025)
How many times have we heard people talk about the "dream of a SOC copilot?" A copilot woåuld allow an analyst to type something like, "Show me all the SSH login attempts for 10.0.0.5 over the last hour and compare those to the CrowdStrike alerts," and get the results instantly. This concept suggests the possibility of reducing mean time to resolution (MTTR) and providing Tier 3 knowledge to junior analysts. However, in a secure environment, this dream may become a nightmare. In order to connect a probabilistic, hallucinating conversational AI (LLM) to your SIEM (Splunk, Sentinel) or EDR, you will require a fundamentally different security architecture than what you use for a typical chatbot. If the LLM can write to your systems, it could wipe out logs. 
>> Read More

Avoid BigQuery SQL Injection in Go With saferbq (Wed, 31 Dec 2025)
You can build dynamic queries in BigQuery using the Go SDK. When building applications that allow users to select tables or datasets dynamically, you need to include those identifiers in your SQL queries. I was surprised to find that the BigQuery manual and code examples do not warn about SQL injection vulnerabilities when doing this.  Even more surprising: BigQuery does not provide a built-in mechanism to safely handle user input in table or dataset names. The official SDK supports parameterized queries for data values using @ and ? syntax, but these cannot be used for identifiers that need backtick escaping. You’re forced to use string concatenation, which opens the door to SQL injection. This post explains the problem and introduces a package I wrote to tackle this shortcoming.
>> Read More

DevSecOps as a Strategic Imperative for Modern DevOps (Wed, 31 Dec 2025)
If you do not take security seriously, you are just begging for trouble. Security should be an integral part of your development process, not something that you add at the end. Patches and updates do not suffice to deter severe attacks, and if you entrust security to another team, then you are simply relying on luck. Only an unwavering, company-wide security commitment can guard the moat that keeps competitors at bay and satisfy the blizzard of new regulatory expectations. Operate this way and your software will stay resilient, compliant, and ultimately, market-winning. DevOps security and DevSecOps both champion security embedded within the modern development workflow, but they place differing emphases throughout the pipeline. DevOps security typically zeroes in on the hardening of pipeline components and the enforcement of security policy across infrastructure and runtime. In contrast, DevSecOps broadens the mandate, making security everyone’s job from the earliest design phase, marrying threat modeling, secure coding, and security testing with development and release cadence. Collectively, they unite elite defensive posture with the speed and fluidity of continuous integration and continuous delivery, driving home the principle that security velocity must equal delivery velocity. 
>> Read More

Rethinking Cloud Compliance With an AI-Driven Approach (Tue, 30 Dec 2025)
The regulatory environment across the world is becoming increasingly stringent day by day. It is expanding across several business sectors, and the technology sector is not far behind. Cloud computing and artificial intelligence (AI) have been at the center stage without a doubt. While both technologies have brought about immense abundance, the industry is grappling with increasing pressure to comply with complex laws and regulatory frameworks such as GDPR, HIPAA, SOC 2, and industry-specific standards. Work on traditional compliance approaches focuses mainly on manual audits, static policies, and periodic reviews. This needs to be rethought, as these approaches need to keep pace with the speed and scale of modern cloud environments.  In this context, AI becomes a powerful tool to manage cloud compliance. AI can assist across a broad scope of use cases — from machine learning and predictive analytics to intelligent automation — the range is endless. Beyond routine automation of day-to-day tasks, AI can enable teams to not only anticipate risks and optimize governance strategies but also maintain proactive compliance across hybrid and multi-cloud infrastructures. In this article, let’s understand the different ways in which AI is redefining cloud compliance, which helps organizations achieve proactive and intelligent governance.
>> Read More

DevOps Cafe Podcast

DevOps Cafe Ep 79 - Guests: Joseph Jacks and Ben Kehoe (Mon, 13 Aug 2018)
Triggered by Google Next 2018, John and Damon chat with Joseph Jacks (stealth startup) and Ben Kehoe (iRobot) about their public disagreements — and agreements — about Kubernetes and Serverless. 
>> Read More

DevOps Cafe Ep 78 - Guest: J. Paul Reed (Mon, 23 Jul 2018)
John and Damon chat with J.Paul Reed (Release Engineering Approaches) about the field of Systems Safety and Human Factors that studies why accidents happen and how to minimize the occurrence and impact. Show notes at http://devopscafe.org
>> Read More

DevOps Cafe Ep. 77 - Damon interviews John (Wed, 20 Jun 2018)
A new season of DevOps Cafe is here. The topic of this episode is "DevSecOps." Damon interviews John about what this term means, why it matters now, and the overall state of security.  Show notes at http://devopscafe.org
>> Read More