SBOM

Broadcom Bets Big on Spring Ecosystem Security | ECI Research

Broadcom Bets Big on Spring Ecosystem Security | ECI Research

Application Development, Application Security, DevOps, Enterprise Software /

Broadcom has released the largest Spring security update in the framework’s history, introducing commercial-first CVE-only patches and a SLSA Level 3-validated Java supply chain. AI-accelerated threat discovery has broken traditional patching cycles, and Broadcom’s response sets a new benchmark for open source stewardship under commercial cover. ECI Research examines what this means for enterprise risk posture, developer workflows, and the competitive landscape.

Broadcom Bets Big on Spring Ecosystem Security | ECI Research Read More »

SolidRun + Peridio: Closing the Physical AI Deployment Gap

SolidRun + Peridio: Closing the Physical AI Deployment Gap

AI, Application Development, DevSecOps, Infrastructure /

SolidRun and Peridio have combined purpose-built vision AI hardware with a production-grade OS to address the infrastructure gap between prototype and deployed fleet. The integration delivers atomic OTA updates, SBOM support, and EU Cyber Resilience Act alignment as day-one capabilities. For enterprise buyers, this shifts physical AI deployment from a months-long infrastructure project to a weeks-long integration effort.

SolidRun + Peridio: Closing the Physical AI Deployment Gap Read More »

IBM & Red Hat Project Lightwell: Open Source Supply Chain Security at Scale

IBM & Red Hat Project Lightwell: Open Source Supply Chain Security at Scale

Application Development, Compliance, Cyber Security, DevSecOps, Open Source /

IBM and Red Hat have announced Project Lightwell, a $5 billion initiative pairing 20,000 engineers with AI to secure enterprise open source software at scale. The clearinghouse model targets supply chain vulnerabilities across independent libraries, AI frameworks, and data streaming platforms. ECI Research examines what this means for ITDMs and developers navigating an increasingly fragmented open source security landscape.

IBM & Red Hat Project Lightwell: Open Source Supply Chain Security at Scale Read More »

AI Is Stressing Open Source Infrastructure | ECI Research

AI Is Stressing Open Source Infrastructure | ECI Research

Application Development, DevOps, Enterprise IT Strategy, Events, Open Source, Open Source Summit 2026 /

AI-assisted contributions are surging into open source projects like Valkey, creating review burdens that are burning out maintainers faster than tooling can compensate. Meanwhile, package registries built for human-scale consumption are now serving machine-scale AI and CI workloads, straining the economics of critical software infrastructure. ECI Research examines what this means for enterprise risk, developer strategy, and the future of open source sustainability.

AI Is Stressing Open Source Infrastructure | ECI Research Read More »

GitLab 19.0: Agentic DevSecOps and the AI Paradox

GitLab 19.0: Agentic DevSecOps and the AI Paradox

AI, Application Development, DevSecOps, Platform Engineering, Software Development /

GitLab 19.0 addresses the AI Paradox: code generation has accelerated, but credential governance, merge workflows, and pipeline security have not kept pace. The release embeds agentic capabilities and unified secrets management directly into the platform where teams already work. ECI Research breaks down what this means for ITDMs and developers evaluating DevSecOps platform consolidation.

GitLab 19.0: Agentic DevSecOps and the AI Paradox Read More »

Mythos and Open Source Security: What the Panic Gets Wrong

Mythos and Open Source Security: What the Panic Gets Wrong

Application Development, Compliance, DevOps, Events, Open Source, Open Source Summit 2026, Security /

AI-powered vulnerability tool Mythos has sparked alarm across the open source community, but the fear-mongering misses the point. ECI Research breaks down the real risk, the rational response, and why upstream contribution matters more than reactive security spending.

Mythos and Open Source Security: What the Panic Gets Wrong Read More »

Edera and Minimus Unite for End-to-End Container Security

Edera and Minimus Unite for End-to-End Container Security

Application Development, DevSecOps, Open Source, Programming, Software Development /

Edera and Minimus have announced a strategic partnership combining hardened container images with hypervisor-layer runtime isolation. The joint solution targets enterprises in financial services, federal government, and critical infrastructure facing AI-accelerated vulnerability discovery. ECI Research examines what this means for ITDMs and security engineers navigating a fundamentally changed threat landscape.

Edera and Minimus Unite for End-to-End Container Security Read More »

Red Hat Summit 2026: Agentic AI Governance and Supply Chain Security

Red Hat Summit 2026: Agentic AI Governance and Supply Chain Security

AI, Application Development, Cloud, DevOps, Infrastructure, Machine Learning, Red Hat Summit 2026 /

Red Hat’s 2026 Summit delivered a coordinated platform push spanning hardened container images, sovereign cloud, and governed agentic AI infrastructure. ECI Research examines the governance gap these announcements address and what enterprise IT and development teams should do next. The AgentOps capabilities in Red Hat AI 3.4 and the NVIDIA partnership deepen a platform position that few competitors can match end to end.

Red Hat Summit 2026: Agentic AI Governance and Supply Chain Security Read More »

Eclipse ThreadX and RISC-V Advance the Open Embedded Stack

Eclipse ThreadX and RISC-V Advance the Open Embedded Stack

Application Development, Embedded Systems, IoT, Open Community Experience 2026, Open Source /

OCX 2026 surfaced two converging stories: Eclipse ThreadX’s unique position as the only safety-certified open source RTOS, and new academic research applying machine learning to classify open source project health across five structural archetypes. Together, they reframe open source sustainability from a philosophical concern to a quantifiable operational risk. ECI Research breaks down what this means for ITDMs and developers managing embedded stacks and software supply chains.

Eclipse ThreadX and RISC-V Advance the Open Embedded Stack Read More »

CRA Compliance and Trustable Software: What OCX 2026 Revealed

CRA Compliance and Trustable Software: What OCX 2026 Revealed

AI, Application Development, Compliance, DevOps, Events, Open Community Experience 2026, Open Source /

The Eclipse Foundation’s OCX 2026 made clear that CRA compliance is a product development problem, not a legal checkbox. Manufacturers face a hard deadline, open source maintainers face an inbound wave of questionnaires, and AI-generated code is adding new layers of compliance debt. Here’s what ITDMs and developers need to act on now.

CRA Compliance and Trustable Software: What OCX 2026 Revealed Read More »