Skip to main content

Posts

NetDevOps Isn’t Stalled, it’s Stuck on the Wrong Problem 

While it is true that network engineers are taking on NetDevOps roles to advance stalled automation efforts,  the barrier to NetDevOps isn’t technical; it’s people.   The 44% Problem   The  2025 State of Network Automation Survey  from the Network Automation Forum, which gathered responses from 681 network professionals across 58 countries, paints a clearer picture. When asked about barriers to automation, only 10% cited technical challenges. Meanwhile, 44% pointed to  people  problems: Skills gaps, organizational dysfunction, cultural resistance and yes, sometimes, just personalities that don’t mesh.   Let that sink in: The tools work. Python is mature. Ansible is everywhere. Source-of-truth platforms are production-ready. The tech isn’t the bottleneck — people are — and this aligns with something else the recent NetDevOps article touched on: Nearly half the organizations have no formal measurement of automation success. You can’t fund what you can’t prove, and you can’t prove...
Recent posts

AI-Generated Apps Without DevOps: A Security Disaster Waiting to Happen

A small internal tool was built over a weekend. An engineer used an AI coding assistant to generate most of the backend. A simple interface was added, a few API calls were wired together and within hours the app was live. The app worked. The app felt fast. The app looked like progress. No one thought much about how the tool was deployed. There was no pipeline, no review process and no structured testing. The code was generated, copied, slightly adjusted and pushed into an environment that was already running. For a while everything seemed fine. Then something subtle happened. An API key was exposed in a configuration file. A dependency pulled in by the generated code had a known vulnerability. A route that should have been protected was left open. None of these issues were visible from the outside. The system still worked. Users kept using the tool. This is the part that makes AI-generated apps risky. They do not fail loudly. They fail quietly and often too late. The Illusi...

Vercel’s deepsec Brings AI-Powered Security Scanning Into the Development Workflow

Security has long been the last item on the checklist. Code gets written, reviewed, merged—and then, somewhere down the line, a security team takes a look. That model worked when development moved at a human pace. It doesn’t work as well when AI writes and refactors code faster than any team can keep up with. Vercel is taking a direct shot at that problem with the open-source release of deepsec, an agent-powered security harness that runs on your own infrastructure and surfaces hard-to-find vulnerabilities in large codebases. How It Works Deepsec uses Claude and Codex to conduct a tailored investigation of a codebase, starting with static analysis to identify security-sensitive files. From there, coding agents investigate each candidate, tracing data flows, checking for mitigations, and producing actionable findings with severity ratings. The process runs in five stages: scan, investigate, revalidate, enrich, and export. The scan stage runs roughly 110 regex matchers across t...

Survey Surfaces Significant Levels of IDP Investment to Reduce SDLC Friction

A survey of 954 IT decision-makers suggests more resources are now being allocated to reducing friction across the software development lifecycle (SDLC). Conducted by CDW, the survey finds more than two-thirds of respondents (68%) report their organization has adopted an internal developer platform (IDP). The primary goal is to improve operational efficiency (57%), provide better user experiences (48%), and improve observability and security (47%), the survey finds. However, a significant percentage of respondents also noted that their development teams are still encountering friction, with systems integration (25%) and security and compliance restrictions (23%) identified as the two primary sources. Additionally, the survey identifies testing and quality assurance (22%) and integration, deployment and implementation (18%) as the two biggest bottlenecks in their organization’s software engineering workflows. IT leaders, as a result, are investing more in automation in areas s...

Beyond the Build: Integrating Security into CI/CD Pipelines

In today’s fast-paced software development landscape, Continuous Integration and Continuous Deployment (CI/CD) pipelines are essential for delivering applications efficiently. However, the speed and automation they offer can inadvertently introduce security vulnerabilities if not properly managed. Integrating security into CI/CD pipelines, often referred to as DevSecOps, is no longer optional; it’s a necessity.​ The Importance of Security in CI/CD Traditional security practices often occur late in the development cycle, leading to delays and increased costs when vulnerabilities are discovered. By embedding security checks into the CI/CD pipeline, teams can identify and address issues early, reducing risk and maintaining development velocity.​ Key Strategies for Integrating Security Automated Security Testing Incorporate tools that automatically scan code for vulnerabilities during the build process. Static Application Security Testing (SAST) and Dynamic Application ...

The Messy Reality of Vibe Coding

The default reaction to vibe coding has been alarm — a default assumption that letting AI write large chunks of an application is going to flood production with vulnerabilities and undocumented behavior. That fear is doing as much damage as the bad code people are afraid of. Teams that freeze, ban the tools or push the work into the shadows end up with less visibility into how AI is actually showing up in their codebase, not more. Tyler Merritt, CTO at UneeQ, joins Mike Vizard to push back on the panic and reframe the problem. Merritt’s argument is that AI-assisted development is a construction site, not a finished building — and construction sites are inherently messy. The job for engineering leaders isn’t to keep the site spotless, it’s to make sure the right safety systems, inspections and review steps are wrapped around the work that’s happening anyway. They get into the practical mechanics of doing that. Instead of trusting any single model, Merritt makes the case for using mu...

Survey Sees AI Driving DevOps Productivity Gains Despite Challenges

A global survey of 636 software development professionals published today finds nearly two-thirds (64%) believe they are achieving at least a 25% increase in developer velocity and productivity using artificial intelligence (AI). Conducted by Jellyfish, a provider of a software engineering intelligence platform, just under a quarter (24%) report there has been a 50% to 100% increase in developer velocity and productivity, while another 6% have seen an increase of 100% or more. The top use cases for AI are code writing (53%), code review (49%) and code explanation (43%), with Claude Code (39%), Gemini Code Assist (35%) and GitHub Copilot (31%) being the top three tools adopted. However, only slightly more than half (53%) said AI is improving the quality of the code being developed. Other challenges include increasing cost of AI tools (42%), reluctance in adoption from senior engineers (36%) and a proliferation of tools making it difficult to select the best one (31%). Despite these ...