Daniela Nastase's blog

    When an SBOM becomes operationally useful: lessons from Eclipse Kura

    Thursday, February 19, 2026 - 04:33 by Daniela Nastase
    Supply chain security has become a critical topic in the security world in recent years, and while SBOMs are a foundational piece, they are still infrequently generated and even less frequently used in a way that meaningfully improves software supply chain security. To address this gap, the OCX session “...

    Why ecosystem-specific trust frameworks don’t scale across data spaces

    Wednesday, February 18, 2026 - 03:53 by Daniela Nastase
    As long as an organisation participates in a single data space, ecosystem-specific trust frameworks work reasonably well: rules are defined, compliance is checked, and trust decisions stay inside a bounded context. The challenge begins when organisations need to operate across multiple data spaces at the same time, a scenario that...

    Generating an SBOM is not enough for Java teams

    Monday, February 9, 2026 - 06:00 by Daniela Nastase
    Many Java teams already generate Software Bills of Materials (SBOMs). In isolation, that is not particularly difficult. What is more challenging, and increasingly important under the EU Cyber Resilience Act (CRA), is demonstrating that an SBOM accurately reflects what is actually running in production. Ixchel Ruiz is a senior software...

    IoT architecture at scale: why device-centric design no longer works

    Thursday, February 5, 2026 - 02:57 by Daniela Nastase
    IoT systems rarely fail because of hardware constraints. They fail because we continue to design them as collections of isolated devices rather than as distributed systems. As edge infrastructure, cloud platforms, and AI workloads become integral to modern deployments, device-centric approaches to IoT architecture at scale begin to collapse under...