Article overview

Browse our latest articles exploring the tension between innovation and stability in software development

Audit Logging That Survives Your Next Security Incident

Published on 1/29/26 5:00 pm by Martin Stühmer

Your audit logs probably won’t survive a real security incident. Most implementations log too much, protect too little, and provide zero value when something breaks at 2 AM. Here’s how to fix that with structured logging that actually works.

AKS Cluster Upgrades: Zero-Downtime Operations That Actually Work

Published on 1/28/26 5:00 pm by Jendrik Brack

AKS cluster upgrades involve node replacement and pod eviction, which can cause service disruption without proper controls. This article explains cordon and drain mechanics, Pod Disruption Budget configuration, and multi-node-pool rollout strategies with validation-driven automation for reliable zero-downtime upgrades.

Your [Authorize] Attribute Is Compliance Theater

Published on 1/27/26 5:00 pm by Martin Stühmer

Your [Authorize] attributes give you a false sense of security. ISO 27001 auditors see right through it.

I’ve reviewed dozens of ASP.NET Core apps that authenticate flawlessly — then scatter role strings across business logic, skip audit logs, and wonder why they fail compliance. Here’s the pattern that kills audits, and how to actually fix it.

ISO/IEC 27001, 27017 & 27701 for .NET Developers — The Complete Series

Published on 1/22/26 5:00 pm by Martin Stühmer

ISO/IEC 27001, 27017, and 27701 compliance used to be something you handed off to a compliance team. Now you write the infrastructure, configure the secrets store, and decide what the API returns — and those decisions are the compliance. This series translates nearly 30 controls across three standards into working .NET code and Azure configuration, because the gap between certified and actually compliant lives in your codebase.

Why ISO Standards Actually Matter for .NET Developers

Published on 1/22/26 5:00 pm by Martin Stühmer

Cloud-native .NET development has transformed ISO/IEC 27001, 27017, and 27701 from abstract compliance requirements into concrete daily coding decisions. This guide shows .NET developers how security standards directly map to Azure Key Vault integration, Azure AD authentication, and proper logging—with real code examples demonstrating compliant vs. non-compliant implementations.