
Hosted by RedMonk · EN
Join the developer-focused industry analysts at RedMonk as they discuss news and trends in the software space with leaders and practicioners in cloud, AI, IaC, security, DevOps, developer relations, observability, data, and more.
Can't get enough of the Monks? Visit the RedMonk YouTube channel or check out our research at RedMonk.com.
You can also follow RedMonk on Bluesky, Twitter (X), and LinkedIn.
James Governor, Principal Analyst & Co-founder
Stephen O'Grady, Principal Analyst & Co-founder
Rachel Stephens, Research Director
Kate Holterhoff, Senior Industry Analyst

RedMonk's Kate Holterhoff sits down with Chris DeMars, Senior Developer Advocate at TuxCare, for a conversation about patching in the AI era. Chris started writing code in Q Basic in the mid-90s and now spends his time at conferences explaining the JavaScript supply chain to people who'd rather not think about it: typosquatting, the Shai-Hulud worm, and getting locked out of his own VS Code editor at Vueconf. They get into why a Dockerfile that Claude wrote him pulled in an insecure version of Node, why most enterprise customers are nowhere near migrating off end-of-life software regardless of the modernization story being sold to them, and what rebootless live patching actually looks like once a CVE drops.Show notes: https://redmonk.com/videos/chris-demars/Chapters00:00 Introduction and Background of Chris DeMars02:59 The Role of Developer Advocacy in Security05:52 JavaScript Ecosystem and Security Challenges08:54 AI's Impact on Security Practices11:42 Developers' Awareness of Security Issues14:50 The Importance of Patching and CVEs17:37 The Future of Security in Development21:09 The Process of Fixing Vulnerabilities24:01 Modernization vs. Legacy Systems24:50 Engagement with the Open Source Community26:45 Challenges for Open Source Maintainers27:36 Enterprise vs. Smaller Companies29:39 The Role of AI in Upgrading Systems33:37 Compliance and Regulation Concerns38:24 Understanding Live Patching41:32 Closing Thoughts and Future Directions

At Microsoft Build 2026, RedMonk's James Governor sits down with Kyle Daigle, COO at GitHub and CMO of Developer at Microsoft, to unpack the event. The conversation looks at Microsoft's first homegrown frontier models, the growing importance of "token economics", new NVIDIA Spark-powered hardware, the push toward containerization and isolation for agents both on-device and in the cloud, and Windows improvements aimed at a calmer developer experience. Daigle also previews the agent-first GitHub Copilot app with its shareable canvases, and addresses developer anxiety amid industry layoffs, insisting Microsoft's principle remains keeping developers in the loop.This RedMonk conversation is sponsored by Microsoft.Show notes: https://redmonk.com/videos/kyle-daigle/Chapters00:00 Introduction to Developer Marketing at Microsoft02:08 Microsoft's Frontier Models and AI Innovations05:06 Local Model Execution and Security Concerns07:58 The Role of AI in Developer Productivity11:08 GitHub Copilot and the Future of Software Development14:20 Windows for Developers: Enhancements and Configurations17:05 Hardware Partnerships and Performance Expectations20:10 Supporting Developers in a Changing Landscape23:12 Addressing Reliability and Scalability Challenges

Kate Holterhoff sits down with Jack Herrington, Principal Software Engineer at Netlify and maintainer of TanStack AI, to walk the May 2026 TanStack npm supply-chain compromise. They discuss the incident in depth, including the risk of chained attacks, the role of GitHub Actions, what we know about the hackers and mini shai-hulud. Jack also weighs in on why developers are becoming more security aware and why the supply chain and CI/CD is more important than ever in the AI era.Show notes: https://redmonk.com/videos/jack-herrington/Chapters:00:00 Introduction and Background09:08 The TanStack Hack Incident19:26 Security Insights and Lessons Learned26:45 Evolving Cybersecurity Threats34:22 Understanding Vulnerabilities in Open Source40:47 AI in Development and Security Concerns49:50 Advice for Open Source Maintainers

In this MonkCast Conversation, RedMonk analyst Kate Holterhoff talks with Evan You, the creator of Vue.js and Vite and founder of VoidZero, just days after VoidZero announced joining Cloudflare. Evan clarifies what the deal does and does not include, as well as the history of how it came about. He's also candid about the motives that inspired VoidZero to look for partnership with a cloud provider. They also discuss the state of open source and frontend tooling in 2026. Can independent open source infrastructure survive today without getting bought by a bigger platform? Why Evan is still unconvinced that Vue needs a foundation. What is AI doing to the economics, and the craft, of building in the open?Cloudflare is a RedMonk client, but this RedMonk conversation is unsponsored.Show notes: https://redmonk.com/videos/evan-you/Chapters:00:00 Introduction to Evan You and VoidZero02:37 The Acquisition and Its Implications05:26 Vue and Vite: Independence and Future Directions08:15 Monetization Challenges and Business Models11:23 Collaboration with Cloudflare and Development Experience14:34 Community Concerns and Competition in the Market17:08 Funding and Support for Open Source Contributors29:34 Building a Community and Team Dynamics31:02 Lessons Learned from Open Source Monetization38:26 Navigating AI's Impact on Open Source44:24 The Foundation Debate for Open Source Projects49:31 The Bundler Wars: Performance and Artifact Size

Google Cloud Run is a few years old now, and in this RedMonk Conversation, James Governor sits down with one of its founders, Steren Giannini, to talk through where it came from and where it's going. Back in 2017, most people assumed serverless meant functions. Steren's team disagreed. They figured the real value of serverless was simplicity, scale, and paying only for what you actually use, and that the thing you deploy should be a container, not a function. That call ended up shaping the whole product. James and Steren get into the decisions that gave Cloud Run its longevity: staying opinionated about simplicity without boxing developers in, a Kubernetes-compatible API designed so you can walk away whenever you want, and an open debt to Heroku's git-push experience. Steren is also honest about the messier parts, from fighting feature creep, to building the enterprise networking and security that big customers needed, to handling the traffic that AI agents are now generating. Looking ahead, Steren argues that the next generation of developers might be anyone who can describe an app in a prompt and hit publish.Google is a RedMonk client, but this is an independent piece of content.Show Notes: https://redmonk.com/videos/steren-giannini-google-cloud-run/Chapters:00:00 Introduction to Google Cloud Run01:08 The Origins of Cloud Run02:12 Design Principles and Longevity05:35 Openness and Portability in Cloud Run07:23 Open Source Strategy and Knative10:42 Simplicity and User Experience12:22 Progressive Complexity in Design14:23 Embracing Developer Standards16:21 Learning from Heroku18:02 Focus on Quality and User Feedback19:44 Cloud Run's Satisfaction and Popularity22:01 The Rise of AI Agents24:56 Adapting to Evolving Workloads27:44 Collaboration with Other Google Cloud Products30:23 Innovations for AI and Long-Running Workloads31:19 Notable AI Companies Using Cloud Run34:28 Cloud Run's Growth and Success37:19 Infrastructure Preparedness for Scale40:02 Scaling and Resource Management in Cloud Services44:09 Enterprise Features and Customer Needs46:53 Refocusing on Developer Experience51:16 Simplifying Complex Systems56:50 Security Challenges and Solutions01:05:03 Real-World Applications and Use Cases01:10:30 The Future of Cloud Run and AI Integration

JSON Schema might be the most important technology you've never thought about. In this MonkCast, Rachel Stephens sits down with Juan Cruz Viotti, founder of SourceMeta and member of the JSON Schema Technical Steering Committee. They discuss how JSON Schema is the backbone of OpenAPI specs and just might be the language of AI.Show notes: https://redmonk.com/videos/juan-cruz-viotti-json-schema/Chapters00:40 - What is JSON Schema?03:00 - JSON Schema in OpenAPI and AI05:30 - Challenges in API Ecosystem Management07:00 - Siloed API Specs and Governance Issues08:00 - Benefits of Schema Layer Governance09:30 - JSON Schema as a Data Dictionary11:00 - JSON Schema in AI and Code Generation13:30 - SourceMeta's Ecosystem and Tools16:00 - Small Teams and Infrastructure Innovation16:50 - AI, Documentation, and Data Semantics17:30 - Vision of the Future

Kate Holterhoff sits down with Tanya Janca, Secure Coding and AI Trainer at SheHacksPurple, to talk about what AI is doing to application security. Tanya's take: we're driving a car at three times the speed limit after 25 beers. AI writes huge portions of production code, most developers were never taught to review code for security in the first place, and release velocity keeps climbing. The conversation gets into the difference between using AI to help you code and full-on vibe coding, why context collapse trips up LLMs on security decisions, and what's wrong with bolting AI onto legacy AppSec tools instead of building new ones. Tanya also weighs in on Anthropic's Mythos vulnerability-finding model, argues that the bug bounty economy is heading for collapse, discusses supply chain security and the future of the SDLC, and wraps by explaining Canada's Petition E-7115, which Janca helped draft to require secure coding standards across the Canadian federal government.Show notes: https://redmonk.com/videos/tanya-janca/Chapters00:00 Introduction to AI and Security02:58 The Current Security Landscape05:49 Understanding Context Collapse in AI09:51 The Role of Vibe Coding13:50 Teaching Security in the Age of AI16:45 The Need for New Security Tools25:02 The Evolving Role of Bug Bounties27:50 The Future of Pen Testing in an AI World30:01 The Evolving Role of Application Security31:46 Reimagining the Software Development Lifecycle40:54 Rethinking Supply Chain Security48:37 Advocating for Secure Coding Legislation

In this conversation, Seth Webster, executive director of the newly launched React Foundation and Chief Developer Evangelist at Expo, chats with RedMonk's Kate Holterhoff. Seth explains why React has outgrown its origins at Meta and needs an independent foundation to ensure its durability for the next decade. On the Expo side, Seth makes the case that Expo's end-to-end pipeline, from idea through cloud builds to App Store submission, is uniquely positioned for the agentic development era. The conversation concludes with Webster reflecting on the rapidly evolving role of the developer and offering guidance for navigating its shifting terrain.This RedMonk video is sponsored by Expo.Show notes: https://redmonk.com/videos/seth-webster-expo-react-foundation/Chapters00:00 Introduction to Seth Webster and His Roles05:54 History and Evolution of the React Foundation16:51 Exploring Expo and Its Relationship with React Native25:39 Creating a Space for Engineers34:41 Navigating Framework Wars42:27 Introducing Expo Agent48:22 Adapting to Change in the Developer Landscape

Rachel Stephens sits down with Audrey Bian, Principal Product Marketing Manager at Broadcom, to explore how vSphere Kubernetes Service (VKS) is helping enterprises modernize their applications without rebuilding their infrastructure from scratch.Audrey breaks down how VKS bridges the gap between traditional VM workloads and modern containerized applications on a single unified platform. For additional information please visit: - https://vmware.com/vksThis RedMonk conversation is sponsored by VMware by Broadcom.Show notes: https://redmonk.com/videos/vks-audrey-bian/Topics covered:- What is VKS and how does it the VMware stack?- Cloud admins vs. platform engineers- VKS and TCO- What's new in VKS 3.6?

In this episode of the MonkCast, RedMonk Senior Analyst Kate Holterhoff sits down with Chris Williams, Global Developer Relations Manager at HashiCorp, for a wide-ranging conversation that covers everything from tech certifications to corporate espionage (sort of). Chris traces his career from data center crawler and hands-on infrastructure engineer to podcaster, community builder, and accidental DevRel professional. They dig into the enduring value of certifications in the age of AI, the origin story of the vBrownBag podcast ("nerd show and tell"), and how wearing 18 hats across competing vendor communities is actually a feature, not a bug. Equal parts therapy, smoke jumping, and a game of Clue, Chris's career arc is a testament to curiosity, community, and the surprising power of asking dumb questions in a room full of experts.IBM is a RedMonk client, but this episode is independent and unsponsored.Show notes: https://redmonk.com/videos/from-data-center-crawler-to-devrel-with-chris-williamsChapters00:00 Introduction and Background04:12 The Value of Certifications in Tech10:23 The Evolution of Learning and Upskilling12:46 DevRel Journey and Community Engagement15:53 AWS Hero Program and Community Impact21:44 Navigating Multiple Roles in Tech23:38 Navigating Career Transitions28:20 The Role of a Cloud Therapist32:56 Consulting: The Thrill of New Challenges