How a compromise in trusted security tooling rippled through Checkmarx KICS and LiteLLM, exposing the real risk of transitive dependencies. The past several days has been a serious reminder that supply chain attacks do not stop with the first compromised project. What started with a malicious Trivy release appears to have widened into a separate but similar attack involving Checkmarx

The Challenges of Maintaining Legacy Software A quick, easy-to-understand overview is what many people want in life. Especially with historically grown software systems. Even the developers themselves need a comprehensive overview of the system from time to time, even if the focus during the development phase and afterwards in the maintenance phase is quite different. Where have monster classes formed?