“Often times fewer lines of code is way better than more lines of code,” he [the CEO of AWS] observed. “So I'm never really sure why that's the exciting metric that people like to brag about.” 
https://www.theregister.com/2025/08/21/aws_ceo_entry_level_jobs_opinion/
"Using multiple AI agents in tandem opens up impressive possibilities. “AI agents encode the wisdom of senior engineers and apply it universally,” Yahav says.
Looking to the future, Digital.ai’s To anticipates productivity gains with fewer errors and reduced cognitive load, as developers tap various agents for lower-level details. “As this space matures, multi-agent workflows will increase velocity by significantly reducing toil,” he says.
But doing this well will require clear boundaries around product requirements, coding standards, security policies, and more.
In short, AI tools require intention. “An agentic software development life cycle needs the same pillars that a high-performing human team does: a clear mission, a code of conduct, and shared knowledge,” adds Wang.
So, although we’re heading toward a future where developers manage a fleet of agents, early testers should prepare for a lot of trial and error. As Roeck puts it, “Get ready to fail. This isn’t baked yet.”"
OSS Rebuild is a new tool by Google that will fetch and recompile every referenced component in your build chain. How bout dem apples, supply chain criminals?
Introducing Qodo Gen CLI: Build and Run Coding Agents Anywhere in the SDLC
Jira doesn't natively support test cases?! Then why does everyone use it?
I'm a Rally guy. *ALL* project artifacts live there. How is Rally not the leader?
And why in the hell are we stepping WAY back in time with test cases in excel in order to use Jira instead of Rally?
New Story Just Dropped on Medium!
“From Idea to Deployment: How SDLC Powers DevOps Success” 
Ever wondered how a solid Software Development Life Cycle (SDLC) forms the backbone of modern DevOps?
This story breaks it down in a simple, practical way — no fluff, just real insights.
Let’s build better software, faster.
Boost if you find it helpful!
I have just picked up my copy of Alice & Bob Learn Secure Coding by Tanya Janca (@SheHacksPurple). Having skimmed through it, I would definitely recommend it to every software developer. The book essentially goes through the entire SDLC and highlights what issues can happen and how to address them. If you are a seasoned AppSec person, then it will likely not have any big revelations for you, but it may be a good refresher on some topics or even introduce you to some areas you have not previously worked on, such as particular security pitfalls in popular web frameworks or DevSecOps related topics. It certainly serves as neat reference material that summarizes what security best practices you should apply to your projects. In my opinion it looks like it could be a very useful book for company internal training. #appsec #dev #devsecops #sdlc #security
Speaker Spotlight: Meet @aruneeshsalhotra at the OWASP Security Summit, where he'll be sharing critical insights on #DevSecOps #PromptEngineering and #AppSec
Whether you're a developer, CISO, or tech leader, this is your chance to learn actionable strategies from the best in the game.
Save the date! Your app security IQ is about to level up. https://www.developerweek.com/conference/owasp-security-summit/
I need a little breather. I’ve been working hard on these prototypes for my class project. I think I’ll grab a bite and relax for a while.
"One-Person Framework"
Speaker Spotlight: Meet @aruneeshsalhotra at the OWASP Security Summit, where he'll be sharing critical insights on #DevSecOps #PromptEngineering and #AppSec
Whether you're a developer, CISO, or tech leader, this is your chance to learn actionable strategies from the best in the game.
Save the date! Your app security IQ is about to level up. https://www.developerweek.com/conference/owasp-security-summit/
My company can't decide on if we want to use Rally, or Jira. So, obviously we're using both. Because, why not?
I have more experience with Rally, but the industry standard feels like Jira. Honestly I wish we'd just pick one already.
Anyone ever made the #agile to #waterfall transition? There are plenty of articles for the reverse (as one would expect) but I've yet to find anything for the former.
I don't think I can go back after operating in an agile-like environment
Added a bunch of new queries to my Debian code-search repo:
https://github.com/timb-machine/code-search/compare/main@%7B7day%7D...main
Helping security and DevOps teams build secure applications without the productivity tax associated with traditional security and compliance obligations, Endor Labs is hiring. Find positions in engineering, sales, marketing, and more on #OSJH
https://opensourcejobhub.com/company/1093/
#OpenSource #security #DevOps #AppSec #compliane #SoftwareSupplyChain #SDLC #EndorLabs
It’s Time To Start Shifting Left
https://thenewstack.io/its-time-to-start-shifting-left/
"Companies need to incorporate quality into their product development process from the start." -- #JuanRodriguez
It's a losing proposition to generate SBOMs just to land a federal contract or meet an industry requirement, without analyzing and acting on its data to improve software security. #SBOM #SoftwareSupplyChainSecurity #SecurityTools #SCA #SDLC #SSCS
https://tinyurl.com/yncw4688
#GenerativeAI has taken the world by storm, including #SoftwareEngineering. There's a rush to incorporate AI tools, from code generation to test analysis.
This #InfoQ video explores the impact of #AI in #SoftwareDevelopment. It starts with a comprehensive overview of AI in the Software Development Life Cycle (SDLC), then dives into the sometimes-tricky world of using Generative AI in software engineering.
Watch the video now: https://bit.ly/4cPtIAf
#transcript included
In my day job I work in the team responsible for the #InformationSecurity of a mid-sized international company. Unsurprisingly this involves a lot of IT infrastructure and #ITSecurity. While the company is best known for their solar inverter, we develop (m)anything related to the conversion between Alternating Current (AC) and Direct Current (DC) and related measurement and management services and devices. Products are e.g. solar inverters, battery storage controllers, EV charging, hydrogen production, grid forming and related online services.
All this requires software and in turn #SoftwareSecurity, a Secure Development Life Cycle (#SDLC), as well as a #SecureByDesign approach to enable secure use and provide necessary security features.
We also produce (or assemble) the hardware, meaning we have assembly lines and a lot of (physical) automation technology, therefor the need for #OTSecurity.
The products range from home products to devices used in power plants (attached image). Through this the devices are part of the #CriticalInfrastructure. While we a generally not the operator a whole set of requirements and regulations apply also to suppliers and service providers.
To make it even more interesting, these rules and regulations differ nationally.
So IT Security, OT Security, Secure Development and Critical Infrastructure are all topics I would love to talk, share experience and learn new things about at #osco24
Read now: 
Mike Amundsen 
