In Greek mythology, Odysseus had to navigate between Scylla and Charybdis — two perils threatening from both sides. Today’s IT leaders face a similar dilemma: technical debt and sprawl on one side; excessive bureaucracy and stifling controls on the other. Enter platform engineering, the emerging discipline that offers a way to steer between these hazards and deliver software faster, safer, and at scale. From freedom to sprawl to over-control The story starts with the mainframe era, where infrastructure decisions were simple and everything was standardized. Then came distributed computing, bringing freedom and flexibility but also chaos. Every project team made its own decisions: what database to use; how to handle authentication; where to store logs. The result? A fragmented, unmanageable landscape of bespoke solutions. Enterprise architecture (EA) teams starting in the 1990s attempted to rein in the chaos by imposing standardization. But their methods — lengthy checklists, rigid ap...
Sonatype, a company focused on software supply chain security, has announced the results of its quarterly Open Source Malware Index , which provides insights into malicious open source packages. The index found 17,954 malicious open source software packages, including several hijacked npm crypto packages, a malicious npm package disguised as the Truffle for VS Code extension, and fake Solana packages . Fifty-six percent of the packages were related to data exfiltration. These packages would be used by attackers to obtain sensitive data from the systems they are installed on. For comparison, the Q4 2024 report found that only 26% of packages were related to data exfiltration, signaling an increasing risk of sensitive information being compromised through open source components. Eighty percent of the packages Sonatype found were categorized as “sophisticated and threatening types of malware,” like droppers or code injection malware. “From hijacked ...