GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.
For years, mainframe systems have served as the bedrock of enterprise networks, standing unmatched in terms of reliability, scalability, and data protection. But with emerging practices like DevOps, the rise of open-source, and the move to hybrid cloud models, security risks have become a pressing concern. With constantly changing rules and shifts in how software is developed and used, it's more important than ever to focus on mainframe security. With over 70% of Fortune 500 companies still relying on mainframe infrastructure(link is external) — mainframe security has never been more critical.
According to Rocket Software's latest research report, only 28% of IT leaders are extremely confident in their ability to proactively respond to mainframe security vulnerabilities — despite agreeing that mainframe security is a top priority for their organization. This is thanks in large part to the complexity of solutions like DevOps. While DevOps tools increase an organization's ability to deliver applications and services at a faster pace than ever before, security must remain a priority.
Risks of Open-Source Tools
While open-source DevOps tools pave the way for myriad benefits, they still come with a fair share of risks. These tools allow for community collaboration and transparency, but that also means that potential attackers can examine the code for vulnerabilities. A predominant concern centers around the security and integrity of open-source components embedded within mainframe applications.
The good news is that organizations are taking open source and mainframe security seriously. The report found proactive measures dominate the landscape, with 62% of organizations routinely conducting vulnerability assessments and security audits.
Additionally, 58% of respondents noted they engage in continuous monitoring and updating of open source to address security patches promptly, and 54% noted they are training developers on best practices for secure coding and proper usage of open-source components.
Incorporating security best practices into the DevOps toolchain — also known as DevSecOps — helps ensure security remains a consistent, shared responsibility throughout the software development life cycles and that security updates are added quickly and smoothly. This reduces the chance of threats within the mainframe and ensures companies get the most out of their DevOps investments.
Compliance and Third-Party Security
While many organizations take mainframe security seriously, about 68% according to the report, unfortunately compliance can fall to the wayside. Only 27% of survey participants are highly confident in their organization's mainframe security compliance effectiveness. Compliance regulations provide guidelines for how businesses should be protecting critical customer data. Due to the sensitive nature of this data — and the potential harm to customers if it is not protected — the penalties for organizations that fail to comply with security regulations are quite considerable.
The large fines given to businesses that do not meet compliance can cause irrevocable damage to the business both financially and in terms of the organization's reputation. Following relevant security compliance regulations will help maintain the security and integrity of sensitive data stored on mainframe systems. Organizations that implement security-focused tools on the mainframe will be in a better position to comply with their compliance requirements.
Compliance isn't just an internal endeavor. Businesses must also keep an eye on their third-party suppliers. Making sure suppliers meet quality standards (QA) is as important as internal compliance, especially for heavily regulated industries like banking and healthcare. Yet only 31% of respondents are fully convinced of their organization's effectiveness in making certain that vendors stick to these rigorous QA benchmarks. Organizations should maintain ambitious standards for vetting third-party vendors, ensuring the rights of individuals and their data are at the forefront of each digital interaction within the vendor. These evolving regulations underscore the need for businesses to be transparent, accountable, and proactive in safeguarding user data in an increasingly interconnected world.
Taking an Integrated Approach
Resilient mainframe security programs do not rely on a singular strategy — instead, business leaders should modernize their infrastructure and take a holistic approach. Integrating security best practices into the DevOps toolchain and mainframe ensures that security remains an unwavering, collective responsibility throughout software development life cycles. This integration promotes swift and efficient security updates, diminishing potential threats.
Rocket Software found that many organizations already take an integrated approach — 44% of organizations implement DevSecOps, 56% implement encryption of data, and 57% implement user authentication access controls. This is the most effective way to buffer against both internal and external controls and make sure any threats are identified quickly and efficiently. Upgrading security measures to be more integrated empowers organizations to keep their mainframe secure while opening the door for the level of growth and innovation necessary for modern business success. By taking a holistic approach, organizations can take proactive steps to protect the mainframe and its assets.
In this age of rapid technological change, mainframe systems remain a cornerstone for businesses. With digital transformation projects well underway and the introduction of DevOps tools in every enterprise, modernizing mainframe systems and security approaches will enable businesses to better adapt to new risks and data management needs. Organizations must consider solutions that leverage the security and reliability of the mainframe. A resilient defense mechanism for mainframes is not a singular strategy, but instead, an integrated approach.
Industry News
Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.
Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.
CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.
Chainguard announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.
Sysdig announced the donation of Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
Pegasystems unveiled Pega Predictable AI™ Agents that give enterprises extraordinary control and visibility as they design and deploy AI-optimized processes.
Kong announced the introduction of the Kong Event Gateway as a part of their unified API platform.
Azul and Moderne announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives.
Parasoft has added Agentic AI capabilities to SOAtest, featuring API test planning and creation.
Zerve unveiled a multi-agent system engineered specifically for enterprise-grade data and AI development.
LambdaTest, a unified agentic AI and cloud engineering platform, has announced its partnership with MacStadium(link is external), the industry-leading private Mac cloud provider enabling enterprise macOS workloads, to accelerate its AI-native software testing by leveraging Apple Silicon.
Tricentis announced a new capability that injects Tricentis’ AI-driven testing intelligence into SAP’s integrated toolchain, part of RISE with SAP methodology.