This article discusses the state of trust today. Why do we have trust stores? Who decides what goes in them? And, what are you trusting, right now, as you read this article? Join me on this journey through the current state of trusting trust!

In 2026, DevOps practitioners will realize the value of OCI registries for more than just container images. We're already seeing common IaC tools support OCI registries for providers and modules. GitOps tooling is starting to support OCI as a first-class source for configuration. As the benefits of this approach become more evident, we'll see more and more tools support or even fully migrate to OCI registries. This will consolidate package distribution for many platforms and

With the rise of Agentic AI, and the inevitable fatigue from chasing vulnerabilities, DevSecOps practitioners will start looking for a more robust mechanism for identifying and preventing malicious behavior. Imagine how Agentic AI could amplify a vulnerability like Log4Shell or a worm like Shai-Hulud? While anomaly detection tools abound, we can't strongly assert that our nominal baseline is "good." What if we could know, a priori, how software is supposed to behave? We'll st

The momentum is shifting from "shift left" to what's becoming known as "shift down": instead of placing specialized responsibilities on developers, organizations are building development platforms that present opinionated paths and implement best practices by default. That change in momentum is bound to accelerate in 2026. The effect is the same as "shift left" in terms of where things are addressed in the software lifecycle, but much of the cognitive load of implementing the