InfoWorld

Over the past decade and a half, cloud computing has become a foundational technology. It started as a way to rent servers but has evolved into a complex ecosystem that supports everything from basic infrastructure shifts to transformative AI initiatives. Having advised enterprises on thousands of cloud projects over the years, I have seen that most projects fall into a handful of categories. I c…

Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be an endless battle for security teams. IBM and Red Hat are betting that a new initiative, Project Lightwell , can help accelerate this proc…

A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues in using self-hosted code platforms from small maintainers. The hole is a critical argument injection vulnerability, discovered by a researcher at Rapid7, that allows any authenti…

According to Sonar’s State of Code Developer Survey report for 2026 , based on a survey of over 1,100 developers, 42% of committed code is now AI-assisted, and roughly 29% of it gets merged without manual review. Not “light review.” No review at all. The industry’s response has been predictable: more guardrails. Static analysis. Token linting. Visual regression testing. Accessibility audits. Secu…

Taking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The GlassWorm campaign disruption comes at a moment when attackers can quickly reconstitute, and defenders are increasingly grappling with a new challenge: distinguishing real threats from automated noise. “I think coordinated actions, like GlassWorm, can sever control…

For years, software developers on H-1B visas benefited from steady demand among US technology employers. That market is becoming more selective as companies redirect spending toward AI and rely more heavily on coding assistants. Recent layoffs at companies including Meta and Amazon have added to the uncertainty, with engineering and software roles affected even as major technology companies conti…

Snowflake said it plans to acquire US-based startup Natoma to boost governance, security, and connectivity for AI agents operating across heterogeneous enterprise environments, amid growing efforts by organizations to move agentic AI workflows from pilots into production. The cloud data platform provider is betting that enterprises will increasingly require centralized governance, identity contro…

The rapid uptake of agentic AI has exposed a range of issues with our non-deterministic helpers. That’s mainly because AI agents are not people and don’t behave like people, even though they generally use the same APIs as humans. For one thing, they make many more queries than a human would, as they build the necessary context to deliver a response. Anecdotal data from companies that have worked …

A single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, the open-source Python framework that powers FastAPI, researchers said. The flaw, tracked as CVE-2026-48710 could allow attackers to bypass host-validation protections using malformed Host headers, according to an advisory from cybersecurity f…

I don’t even know what a software engineer is supposed to be doing anymore. Do we code? Do we architect systems? AI agents have changed everything, and I don’t even know what to think. I don’t write much code anymore. In my day job, I ask Claude to do most of the analysis, planning, and coding. My side projects are 100% written by Claude Code , and in some of these, I literally haven’t even revie…

With the rise of agentic AI , developers need secure but also lightweight solutions for running their agents. The agent should be able to do all the things a human developer could do with containers — build them, install software into them, and modify files they have access to — but in a way that protects the host system from the agent doing something destructive . Docker offers several different…

The backlash was inevitable. For the past year, Silicon Valley has been telling us that software development is on the verge of becoming a prompt-and-ship exercise. You know, just describe what you want and let an AI coding agent build it. Sure, maybe you could keep a few token senior engineers around to bless the output…or maybe not. I mean, Google’s Sundar Pichai says 75% of its new code is now…

AI agents look brilliant in a demo because demos are friendly worlds. The data is curated, the tools behave, and nothing important changes while the agent is in mid-thought. Production is the opposite: data arrives late, facts conflict, permissions bite, APIs time out, and the underlying state changes constantly. That gap is why early “agents in production” often get scoped down to something safe…

The novel power of today’s AI is in its ability to deal with intent. This is a superpower, no doubt, but it creates a huge imperative for app developers: the need to map between the anything-is-possible large language model (LLM) and the strict capabilities of code. Unrestrained, LLM endpoints will let your user create unicorns and leprechauns while your back end can handle only purchase orders a…

Every year, we attend cloud conferences to hear about new features, services, ecosystem expansion, and announcements that promise to reshape enterprise IT. These innovations matter. However, if we step back and look at how most enterprises actually consume public cloud, for all practical purposes, the three big cloud providers are essentially the same where it counts most. This statement can make…