Category: DevOps
Software Supply Chain Security in 2026: SBOMs, SLSA, and What the Cyber Resilience Act Now Demands
July 7, 2026For most of the last decade, "application security" meant scanning the code your own team wrote. That framing is now the smaller half of the problem. The code you ship is overwhelmingly code you did not write - transitive open-source...
How the Software Delivery ROI Calculator Works: Who It Is For, Our Sources, and How to Read the Results
July 1, 2026Every ROI calculator on the internet has the same problem: it is built to produce a big number, not an honest one. We built ours the other way around. The Software Delivery ROI calculator exists to help an engineering leader...
Platform Engineering vs DevOps: What an Internal Developer Platform Actually Buys You
June 30, 2026"Platform engineering" is the term every vendor deck reached for over the last two years, which is exactly why senior engineers are right to be suspicious of it. The fair question - the one engineering directors keep asking in budget...
Infrastructure as Code in 2026: Drift, Policy, and the Terraform vs OpenTofu Decision
June 23, 2026Most organisations now say they "do Infrastructure as Code," and most of them are only partly telling the truth. Firefly's 2025 State of Infrastructure as Code found that while 72% of organisations use IaC, only about one-third have codified more...
Observability vs Monitoring: What Senior Engineers Need to Know in 2026
June 15, 2026Most teams say they "monitor production" and assume that means they will know what is wrong when something breaks. At low scale that assumption usually holds. Across dozens of services, ephemeral infrastructure and third-party dependencies it quietly stops being true...