Daniela Nastase's blog

AI-assisted development is no longer judged by how impressive it looks in a demo. For teams working on real systems, the question is whether AI still holds up once it meets real workflows, real constraints, and real delivery pressure. That question will be answered at OCX by Jonas Helming. As...

For a long time, enterprise Java persistence has been approached as a largely stable area of the stack. Entities, an ORM, and a relational database were sufficient for many systems, and JPA became a widely adopted and reliable way to manage data access. That stability, however, has also shaped how...

Many Java teams already generate Software Bills of Materials (SBOMs). In isolation, that is not particularly difficult. What is more challenging, and increasingly important under the EU Cyber Resilience Act (CRA), is demonstrating that an SBOM accurately reflects what is actually running in production. Ixchel Ruiz is a senior software...

IoT systems rarely fail because of hardware constraints. They fail because we continue to design them as collections of isolated devices rather than as distributed systems. As edge infrastructure, cloud platforms, and AI workloads become integral to modern deployments, device-centric approaches to IoT architecture at scale begin to collapse under...

Testing alone no longer guarantees software trust. This article explores why modern software assurance must move from point-in-time testing to continuous, evidence-based trust, and how this shift is being discussed at OCX 2026.

As the Cyber Resilience Act approaches enforcement, software teams are focusing on compliance. This article explores what the Cyber Resilience Act means for software trust in practice, and why continuous, evidence-based assurance is essential for modern software supply chains.