Mendix, a Siemens business, announced the general availability of Mendix 10.18.
Implementing Data-Driven DevSecOps
November 14, 2022
Mobile DevSecOps as it's currently implemented has a big problem: it's too slow and inefficient to keep up with the constantly evolving threat landscape. In the typical way of doing things, common tools like pen testing and code scanning identify known vulnerabilities, and the mobile app is then booted back to the development team where they manually add whatever protection they can within the time they have.
But the threats don't stay static. They evolve as cybercriminals find new vulnerabilities and techniques to exploit. The development process don't stop either — as old vulnerabilities are fixed, new features are added, some of which may introduce new weaknesses. Developers lack a real-time understanding of what the threat landscape really looks like in the field. As a result, publishers are constantly releasing apps that are under-protected against current threats.
A Data-Driven Process
Companies are rapidly moving towards data-driven decision-making, using real-time data and analysis to understand how they can optimize operations, strengthen the supply chain and enter new markets that will provide a return on investment. Mobile DevSecOps is not an exception — data-driven decisions about security will not only provide stronger protection against threats, but will also be far more efficient, with much less wasted effort.
But data, alone, is not enough to solve the problem. Good information is useless if the DevSecOps team cannot act on it quickly, and manual methods of implementing security are slow and expensive. Like the rest of the DevOps process, security must be automated, so that new protections can be rapidly included in the next build as they are needed.
Together, automation and real-time threat data make up the two pillars of data-driven DevSecOps. The team has a system that provides it with real-time information about the threats and attacks their mobile apps are encountering in the field right now. With this information, the DevSecOps team can make informed decisions about which are the highest priority security protections to build into the next release.
Beyond Gut Feelings
Mobile apps and the devices on which they run are capable of collecting a wealth of information: threat type, the network, geographic location, OS version and much, much more. All this data provide DevSecOps teams with an extremely granular view of both current and emerging threats that can be sliced according to device, OS, geography — the possibilities are near limitless.
With this wealth of real-time data, the DevSecOps team can make the best use of their time to provide protection against the threats that truly matter.
Once implemented, data-driven DevSecOps teams can not only identify the most urgent threats against which to protect, but they can also prove after release how well the protections are working. In this way, the DevSecOps team can easily justify its value to senior management, partners and other stakeholders, and demonstrate compliance with both internal and external regulations.
It's time for organizations to move beyond manual methods for incorporating mobile app security and gut-feel decisions or analyst recommendations about security models. With data-driven DevSecOps, development teams won't just be shooting in the dark. They'll be using real-time information to identify and protect against new threats and attacks before they can be launched at scale.
Industry News
January 16, 2025
Red Hat announced the general availability of Red Hat OpenShift Virtualization Engine, a new edition of Red Hat OpenShift that provides a dedicated way for organizations to access the proven virtualization functionality already available within Red Hat OpenShift.
January 16, 2025
Contrast Security announced the release of Application Vulnerability Monitoring (AVM), a new capability of Application Detection and Response (ADR).
January 15, 2025
Red Hat announced the general availability of Red Hat Connectivity Link, a hybrid multicloud application connectivity solution that provides a modern approach to connecting disparate applications and infrastructure.
January 15, 2025
Appfire announced 7pace Timetracker for Jira is live in the Atlassian Marketplace.
January 14, 2025
SmartBear announced the availability of SmartBear API Hub featuring HaloAI, an advanced AI-driven capability being introduced across SmartBear's product portfolio, and SmartBear Insight Hub.
January 14, 2025
Azul announced that the integrated risk management practices for its OpenJDK solutions fully support the stability, resilience and integrity requirements in meeting the European Union’s Digital Operational Resilience Act (DORA) provisions.
January 14, 2025
OpsVerse announced a significantly enhanced DevOps copilot, Aiden 2.0.
January 13, 2025
Progress received multiple awards from prestigious organizations for its inclusive workplace, culture and focus on corporate social responsibility (CSR).
January 13, 2025
Red Hat has completed its acquisition of Neural Magic, a provider of software and algorithms that accelerate generative AI (gen AI) inference workloads.
January 13, 2025
Code Intelligence announced the launch of Spark, an AI test agent that autonomously identifies bugs in unknown code without human interaction.
January 09, 2025
Checkmarx announced a new generation in software supply chain security with its Secrets Detection and Repository Health solutions to minimize application risk.
January 08, 2025
SmartBear has appointed Dan Faulkner, the company’s Chief Product Officer, as Chief Executive Officer.
January 07, 2025
Horizon3.ai announced the release of NodeZero™ Kubernetes Pentesting, a new capability available to all NodeZero users.
