Google is rolling out an updated Gemini 2.5 Pro model with significantly enhanced coding capabilities.
The prevalence of team silos and point solutions throughout the DevSecOps lifecycle make it increasingly difficult for development, security, and operational teams to have comprehensive visibility into the threats affecting their cloud environments. In fact, according to a recent Dynatrace study, 77% of chief information security officers (CISOs) say it's a significant challenge to prioritize vulnerabilities because of a lack of information about the risks they pose. This issue underscores the critical role that risk assessment plays in effective vulnerability management.
As organizations modernize their application stacks around cloud-native technologies such as microservices and containers, a best practice is to adopt both shift-left and shift-right strategies. Shifting security left means identifying security vulnerabilities in development through testing, while shifting right means identifying vulnerabilities in production through runtime vulnerability analysis and other methods.
Combining these strategies helps to reduce the time it takes to find vulnerabilities from days or weeks to minutes and enables teams to be more effective in their resolution strategies. By using shift-left and -right strategies, organizations can enhance their overall cybersecurity posture and effectively address vulnerabilities throughout the software development lifecycle.
While the advantages of these practices and DevSecOps are widely recognized, many organizations are still in the initial phases of implementation.
Overcoming the Challenges of Siloed Tools
Siloed vulnerability management tools make it difficult for companies to identify and mitigate risks. Switching between and reconciling the insights from siloed tools also proves to be extremely time-consuming, as it hinders IT teams from gaining a holistic view. According to the Dynatrace study, more than 40% of CISOs say analysis is time-consuming, and managing alerts from different tools is labor-intensive.
Time spent on manual analysis detracts from time spent on innovation and problem resolution. According to the study, each member of development and application security teams spends nearly a third (28%) of their time — or 11 hours each week — on vulnerability management tasks that could be automated. Further, only 33% of CISOs have automated handoffs across functions.
The integration and automation of workflows streamline cross-functional collaboration, enabling faster response times and smoother coordination across teams. Organizations must look to adopt a platform approach to eliminate manual processes and error. In fact, 88% of CISOs say DevSecOps would be more effective if all teams worked from one platform integrated into their process.
Implementing an Approach That Converges Observability and Security
By leveraging observability and security across DevSecOps and integrating application security principles and practices into software development and operations, organizations can deliver software and services at speed without compromising application security. IT leaders need to adopt platform solutions that converge observability and security data and are powered by trusted AI and intelligent automation. Solutions that converge observability and security improve an organization's overall security posture and reduce the risk of cyberattacks, helping companies protect their reputation, minimize manual intervention, and deliver precise answers through explainable, intelligent automation.
Looking Ahead with DevSecOps: The Importance of AI and Automation
According to the study, 86% of CISOs say AI and automation are critical to the success of DevSecOps and overcoming resource challenges. By adopting AI and automation and using tools that converge observability and security, customers have reduced the time they spend identifying and prioritizing vulnerabilities by up to 95%, helping them deliver faster, more secure innovation that keeps them at the forefront of their industries.
Industry News
BrowserStack announced the acquisition of Requestly, the open-source HTTP interception and API mocking tool that eliminates critical bottlenecks in modern web development.
Jitterbit announced the evolution of its unified AI-infused low-code Harmony platform to deliver accountable, layered AI technology — including enterprise-ready AI agents — across its entire product portfolio.
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, and Synadia announced that the NATS project will continue to thrive in the cloud native open source ecosystem of the CNCF with Synadia’s continued support and involvement.
RapDev announced the launch of Arlo, an AI Agent for ServiceNow designed to transform how enterprises manage operational workflows, risk, and service delivery.
Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.
Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.
Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.
Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.
Check Point® Software Technologies Ltd.(link is external) launched its inaugural AI Security Report(link is external) at RSA Conference 2025.
Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.
Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.
vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.
Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.
Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.