Security is often associated with tools: vulnerability scanners, firewalls, monitoring systems, and automated security gates in delivery pipelines. While these technologies are essential, they cannot secure software on their own. The strongest defence against security threats is not a tool; it is the mindset of the engineers who design, build, and operate the systems. Organizations and teams that consistently deliver secure software understand this well. They invest not only

Modern software development rarely starts from a blank page. Instead, applications are assembled from a vast ecosystem of frameworks, libraries, and open-source components that accelerate development and enable teams to build complex systems quickly. In many cases, the majority of an application’s functionality comes not from code written internally, but from external dependencies - and lately, AI. This shift has dramatically improved developer productivity, but it has also i

Modern software delivery has transformed how quickly organizations can build and release software. Continuous integration and continuous delivery pipelines enable teams to deploy updates frequently, respond rapidly to customer needs, and iterate faster than ever before. However, this speed can expose a major weakness in traditional security models. Historically, security checks were performed as a final gate before release. Security specialists would review code, run vulnerab

With the rapid rise of AI agents and the emergence of increasingly powerful models, some of which may introduce new security risks, it feels timely to revisit the topic of software security. More importantly, it raises the question of how we can write code, often with the assistance of AI, that remains robust and secure in the face of these evolving threats. Code is written, features are delivered, and only near the end of the development cycle does a security team step in to