Article overview

Browse our latest articles exploring the tension between innovation and stability in software development

Trust Is Not a Control: ISO 27001 Compliance via GitHub

Trust Is Not a Control: ISO 27001 Compliance via GitHub

Process documents don’t impress auditors. “We trust our developers” isn’t a control mechanism. ISO 27001 demands technical enforcement, not organizational promises. This guide shows how GitHub branch protection, CODEOWNERS, and environment protection transform compliance from checkbox theater into system enforced reality with a six week implementation path.
Multi-AKS Cluster Networking & Hub-Spoke Topology

Multi-AKS Cluster Networking & Hub-Spoke Topology

Running more than one AKS cluster changes networking from a setup task into an operating model. This guide covers practical connectivity patterns, hub-spoke routing, cross-cluster DNS, ingress options, and decision criteria that help teams scale safely without adding complexity too early.
Cookie Banners Won't Save You From ISO 27701

Cookie Banners Won’t Save You From ISO 27701

That boolean column you call “consent”? Regulators will laugh at it.

ISO 27701 demands granular, auditable, expiring consent, not cookie theater. Here’s the complete .NET implementation with Entity Framework Core, middleware validation, and Azure Functions that survives an audit.

NuGet Packages: The Suppliers You Forgot to Audit

NuGet Packages: The Suppliers You Forgot to Audit

Every NuGet package is a supplier relationship under ISO 27001. Learn how to implement Central Package Management, automated vulnerability scanning, and package signature verification to transform your .NET dependency management from security liability into auditable compliance control.
Observability in AKS CNI Overlay: When Pod IPs Hide Behind Nodes

Observability in AKS CNI Overlay: When Pod IPs Hide Behind Nodes

CNI Overlay masks pod IPs behind node IPs through SNAT, breaking traditional observability. Network logs show nodes, application logs show pods. Without Container Insights, correlation IDs, and distributed tracing, you’re debugging blind. SNAT port exhaustion mimics network failures, and timestamp-based correlation is fragile. The cost of proper monitoring is trivial compared to debugging outbound connectivity at 3 AM without visibility.