Daniela Nastase's blog

Many of the most influential open source projects begin in academic environments. Universities and higher education institutions are well suited to experimentation and have been central to open source for decades. Yet, as open source increasingly behaves like infrastructure, a recurring challenge appears once projects move beyond their original research...

Many discussions about open source AI agents start with the same image: a single assistant responding to prompts. That model works well for demonstrations, but it breaks down quickly in production. One of our speakers for the AI track at OCX 26, Luca Bianchi, explained in an interview, “a production...

For decades, Java has drawn a clear distinction between primitive types and reference types, with each category following its own rules in the language. One of those rules was simple: instanceof applies to reference types, not primitives.

Supply chain security has become a critical topic in the security world in recent years, and while SBOMs are a foundational piece, they are still infrequently generated and even less frequently used in a way that meaningfully improves software supply chain security. To address this gap, the OCX session “...

As long as an organisation participates in a single data space, ecosystem-specific trust frameworks work reasonably well: rules are defined, compliance is checked, and trust decisions stay inside a bounded context. The challenge begins when organisations need to operate across multiple data spaces at the same time, a scenario that...

Domain-specific languages (DSLs) often divide engineering teams. When they work, they make complex systems easier to reason about. When they fail, they become costly internal tools that no one maintains. The real challenge is not how to build a DSL, but when building one is justified. That question will sit...

For a long time, enterprise Java persistence has been approached as a largely stable area of the stack. Entities, an ORM, and a relational database were sufficient for many systems, and JPA became a widely adopted and reliable way to manage data access. That stability, however, has also shaped how...

Many Java teams already generate Software Bills of Materials (SBOMs). In isolation, that is not particularly difficult. What is more challenging, and increasingly important under the EU Cyber Resilience Act (CRA), is demonstrating that an SBOM accurately reflects what is actually running in production. Ixchel Ruiz is a senior software...

IoT systems rarely fail because of hardware constraints. They fail because we continue to design them as collections of isolated devices rather than as distributed systems. As edge infrastructure, cloud platforms, and AI workloads become integral to modern deployments, device-centric approaches to IoT architecture at scale begin to collapse under...

Testing alone no longer guarantees software trust. This article explores why modern software assurance must move from point-in-time testing to continuous, evidence-based trust, and how this shift is being discussed at OCX 2026.