software supply chain Archives - Efficiently Connected

Broadcom Bets Big on Spring Ecosystem Security | ECI Research

Application Development, Application Security, DevOps, Enterprise Software / June 11, 2026

Broadcom has released the largest Spring security update in the framework’s history, introducing commercial-first CVE-only patches and a SLSA Level 3-validated Java supply chain. AI-accelerated threat discovery has broken traditional patching cycles, and Broadcom’s response sets a new benchmark for open source stewardship under commercial cover. ECI Research examines what this means for enterprise risk posture, developer workflows, and the competitive landscape.

Broadcom Bets Big on Spring Ecosystem Security | ECI Research Read More »

AI Is Stressing Open Source Infrastructure | ECI Research

Application Development, DevOps, Enterprise IT Strategy, Events, Open Source, Open Source Summit 2026 / May 26, 2026

AI-assisted contributions are surging into open source projects like Valkey, creating review burdens that are burning out maintainers faster than tooling can compensate. Meanwhile, package registries built for human-scale consumption are now serving machine-scale AI and CI workloads, straining the economics of critical software infrastructure. ECI Research examines what this means for enterprise risk, developer strategy, and the future of open source sustainability.

AI Is Stressing Open Source Infrastructure | ECI Research Read More »

Mythos and Open Source Security: What the Panic Gets Wrong

Application Development, Compliance, DevOps, Events, Open Source, Open Source Summit 2026, Security / May 21, 2026

AI-powered vulnerability tool Mythos has sparked alarm across the open source community, but the fear-mongering misses the point. ECI Research breaks down the real risk, the rational response, and why upstream contribution matters more than reactive security spending.

Mythos and Open Source Security: What the Panic Gets Wrong Read More »

Red Hat Summit 2026: Agentic AI Governance and Supply Chain Security

AI, Application Development, Cloud, DevOps, Infrastructure, Machine Learning, Red Hat Summit 2026 / May 12, 2026

Red Hat’s 2026 Summit delivered a coordinated platform push spanning hardened container images, sovereign cloud, and governed agentic AI infrastructure. ECI Research examines the governance gap these announcements address and what enterprise IT and development teams should do next. The AgentOps capabilities in Red Hat AI 3.4 and the NVIDIA partnership deepen a platform position that few competitors can match end to end.

Red Hat Summit 2026: Agentic AI Governance and Supply Chain Security Read More »

OCX 2026 Wrap-Up: Open Source Finds Its Moment in the Heart of Europe

AI, Application Development, Compliance, Digital Sovereignty, Events, Open Community Experience 2026, Open Source / April 27, 2026

OCX 2026 in Brussels showed how open source is becoming strategic infrastructure for sovereignty, AI, compliance, and trust.

OCX 2026 Wrap-Up: Open Source Finds Its Moment in the Heart of Europe Read More »

CRA Compliance and Trustable Software: What OCX 2026 Revealed

AI, Application Development, Compliance, DevOps, Events, Open Community Experience 2026, Open Source / April 27, 2026

The Eclipse Foundation’s OCX 2026 made clear that CRA compliance is a product development problem, not a legal checkbox. Manufacturers face a hard deadline, open source maintainers face an inbound wave of questionnaires, and AI-generated code is adding new layers of compliance debt. Here’s what ITDMs and developers need to act on now.

CRA Compliance and Trustable Software: What OCX 2026 Revealed Read More »

Open VSX Security Program Signals Shift to Proactive Open Source Defense

Application Development, Cyber Security, Open Source / April 15, 2026

Eclipse Foundation enhances Open VSX security with a new program to improve vulnerability disclosure and protect the software supply chain.

Open VSX Security Program Signals Shift to Proactive Open Source Defense Read More »

Open VSX Signals Open Source Infrastructure Becomes AI Critical Layer

AI, Application Development, Open Source / April 2, 2026

Open VSX growth highlights open source as critical infrastructure for AI-native development platforms and ecosystems.

Open VSX Signals Open Source Infrastructure Becomes AI Critical Layer Read More »

SUSE Connects Open Infrastructure Operations With Sovereignty Strategy at KubeCon EU 2026

AI, Application Development, Cloud, Cloud-Native, Containerization, KubeCon + CloudNativeCon EU 2026, Kubernetes, Open Source, Platform Engineering, Software Development / March 29, 2026

At KubeCon EU 2026, SUSE brought together two related messages: AI is increasing platform complexity, and sovereignty is becoming an architecture decision. The result is a broader open infrastructure story built around portability, traceability, deployability, and operational simplicity.

SUSE Connects Open Infrastructure Operations With Sovereignty Strategy at KubeCon EU 2026 Read More »

Advancing DevSecOps for Cloud-Native Readiness and Security at Scale

Application Development, Application Security, DevSecOps, Platform Engineering / January 29, 2026

2025 research benchmarks DevSecOps maturity, automation adoption, cultural barriers, and enterprise security investment priorities.

Advancing DevSecOps for Cloud-Native Readiness and Security at Scale Read More »