top of page


A personal blog addressing software quality across all aspects of software development, testing, design, and people.
Search


The Modern Software Engineer: Why Coding Alone Is No Longer Enough
For decades, software engineering has largely been synonymous with writing code. Job descriptions focused on programming languages, algorithms, frameworks, and technical expertise. The best engineers were often measured by the quality, efficiency, and quantity of the code they produced. While these technical foundations remain critically important, the role of the software engineer has evolved dramatically. Modern software is no longer built in isolation by individuals workin
Craig Risi
3 days ago7 min read


Engineering Code Confidence: Why I Wrote a Book About Quality Gates in CI/CD Pipelines
This is not a normal blog post today - but rather an announcement about another new book of mine. For the past few years, I've been giving talks and workshops around CI/CD Quality Gates in many different countries. I decided to expand on that further and turn some of my thoughts, ideas, and work into a book. After more than two decades in the software industry, I have seen countless technology trends come and go. New programming languages emerge, frameworks rise and fall, clo
Craig Risi
Jun 264 min read


Building a Security Culture in Engineering Teams
Security is often associated with tools: vulnerability scanners, firewalls, monitoring systems, and automated security gates in delivery pipelines. While these technologies are essential, they cannot secure software on their own. The strongest defence against security threats is not a tool; it is the mindset of the engineers who design, build, and operate the systems. Organizations and teams that consistently deliver secure software understand this well. They invest not only
Craig Risi
Jun 55 min read


Managing Open Source and Dependency Risk
Modern software development rarely starts from a blank page. Instead, applications are assembled from a vast ecosystem of frameworks, libraries, and open-source components that accelerate development and enable teams to build complex systems quickly. In many cases, the majority of an application’s functionality comes not from code written internally, but from external dependencies - and lately, AI. This shift has dramatically improved developer productivity, but it has also i
Craig Risi
May 224 min read
bottom of page