Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).
Implementing Data-Driven DevSecOps
November 14, 2022
Mobile DevSecOps as it's currently implemented has a big problem: it's too slow and inefficient to keep up with the constantly evolving threat landscape. In the typical way of doing things, common tools like pen testing and code scanning identify known vulnerabilities, and the mobile app is then booted back to the development team where they manually add whatever protection they can within the time they have.
But the threats don't stay static. They evolve as cybercriminals find new vulnerabilities and techniques to exploit. The development process don't stop either — as old vulnerabilities are fixed, new features are added, some of which may introduce new weaknesses. Developers lack a real-time understanding of what the threat landscape really looks like in the field. As a result, publishers are constantly releasing apps that are under-protected against current threats.
A Data-Driven Process
Companies are rapidly moving towards data-driven decision-making, using real-time data and analysis to understand how they can optimize operations, strengthen the supply chain and enter new markets that will provide a return on investment. Mobile DevSecOps is not an exception — data-driven decisions about security will not only provide stronger protection against threats, but will also be far more efficient, with much less wasted effort.
But data, alone, is not enough to solve the problem. Good information is useless if the DevSecOps team cannot act on it quickly, and manual methods of implementing security are slow and expensive. Like the rest of the DevOps process, security must be automated, so that new protections can be rapidly included in the next build as they are needed.
Together, automation and real-time threat data make up the two pillars of data-driven DevSecOps. The team has a system that provides it with real-time information about the threats and attacks their mobile apps are encountering in the field right now. With this information, the DevSecOps team can make informed decisions about which are the highest priority security protections to build into the next release.
Beyond Gut Feelings
Mobile apps and the devices on which they run are capable of collecting a wealth of information: threat type, the network, geographic location, OS version and much, much more. All this data provide DevSecOps teams with an extremely granular view of both current and emerging threats that can be sliced according to device, OS, geography — the possibilities are near limitless.
With this wealth of real-time data, the DevSecOps team can make the best use of their time to provide protection against the threats that truly matter.
Once implemented, data-driven DevSecOps teams can not only identify the most urgent threats against which to protect, but they can also prove after release how well the protections are working. In this way, the DevSecOps team can easily justify its value to senior management, partners and other stakeholders, and demonstrate compliance with both internal and external regulations.
It's time for organizations to move beyond manual methods for incorporating mobile app security and gut-feel decisions or analyst recommendations about security models. With data-driven DevSecOps, development teams won't just be shooting in the dark. They'll be using real-time information to identify and protect against new threats and attacks before they can be launched at scale.
Industry News
September 20, 2023
September 20, 2023
Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.
September 20, 2023
DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.
September 19, 2023
Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.
September 19, 2023
Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.
September 19, 2023
CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).
September 18, 2023
Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.
September 18, 2023
CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.
September 18, 2023
Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.
September 14, 2023
Check Point® Software Technologies Ltd. announced that it has been recognized on Newsweek’s inaugural list of the World’s Most Trustworthy Companies 2023.
September 14, 2023
CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.
September 14, 2023
JFrog unveiled new capabilities that set the standard for quality, security, MLOps and integrity of software releases.
September 14, 2023
Enea launched the Enea Qosmos Threat Detection SDK.
September 13, 2023
Check Point® Software Technologies Ltd. announced the completion of its acquisition of Perimeter 81, a pioneering Security Service Edge (SSE) company, with a team of over 200 employees that serves more than 3,000 customers worldwide.
