Daniela Nastase's blog

Supply chain security has become a critical topic in the security world in recent years, and while SBOMs are a foundational piece, they are still infrequently generated and even less frequently used in a way that meaningfully improves software supply chain security. To address this gap, the OCX session “...

As long as an organisation participates in a single data space, ecosystem-specific trust frameworks work reasonably well: rules are defined, compliance is checked, and trust decisions stay inside a bounded context. The challenge begins when organisations need to operate across multiple data spaces at the same time, a scenario that...

AI-assisted development is no longer judged by how impressive it looks in a demo. For teams working on real systems, the question is whether AI still holds up once it meets real workflows, real constraints, and real delivery pressure. That question will be answered at OCX by Jonas Helming. As...

For a long time, enterprise Java persistence has been approached as a largely stable area of the stack. Entities, an ORM, and a relational database were sufficient for many systems, and JPA became a widely adopted and reliable way to manage data access. That stability, however, has also shaped how...

Many Java teams already generate Software Bills of Materials (SBOMs). In isolation, that is not particularly difficult. What is more challenging, and increasingly important under the EU Cyber Resilience Act (CRA), is demonstrating that an SBOM accurately reflects what is actually running in production. Ixchel Ruiz is a senior software...

IoT systems rarely fail because of hardware constraints. They fail because we continue to design them as collections of isolated devices rather than as distributed systems. As edge infrastructure, cloud platforms, and AI workloads become integral to modern deployments, device-centric approaches to IoT architecture at scale begin to collapse under...

Testing alone no longer guarantees software trust. This article explores why modern software assurance must move from point-in-time testing to continuous, evidence-based trust, and how this shift is being discussed at OCX 2026.

As the Cyber Resilience Act approaches enforcement, software teams are focusing on compliance. This article explores what the Cyber Resilience Act means for software trust in practice, and why continuous, evidence-based assurance is essential for modern software supply chains.