SmartBear announced AI enhancements for API testing, UI test automation, and test management across its product suite, the SmartBear Application Integrity Core™.
Implementing Data-Driven DevSecOps
November 14, 2022
Mobile DevSecOps as it's currently implemented has a big problem: it's too slow and inefficient to keep up with the constantly evolving threat landscape. In the typical way of doing things, common tools like pen testing and code scanning identify known vulnerabilities, and the mobile app is then booted back to the development team where they manually add whatever protection they can within the time they have.
But the threats don't stay static. They evolve as cybercriminals find new vulnerabilities and techniques to exploit. The development process don't stop either — as old vulnerabilities are fixed, new features are added, some of which may introduce new weaknesses. Developers lack a real-time understanding of what the threat landscape really looks like in the field. As a result, publishers are constantly releasing apps that are under-protected against current threats.
A Data-Driven Process
Companies are rapidly moving towards data-driven decision-making, using real-time data and analysis to understand how they can optimize operations, strengthen the supply chain and enter new markets that will provide a return on investment. Mobile DevSecOps is not an exception — data-driven decisions about security will not only provide stronger protection against threats, but will also be far more efficient, with much less wasted effort.
But data, alone, is not enough to solve the problem. Good information is useless if the DevSecOps team cannot act on it quickly, and manual methods of implementing security are slow and expensive. Like the rest of the DevOps process, security must be automated, so that new protections can be rapidly included in the next build as they are needed.
Together, automation and real-time threat data make up the two pillars of data-driven DevSecOps. The team has a system that provides it with real-time information about the threats and attacks their mobile apps are encountering in the field right now. With this information, the DevSecOps team can make informed decisions about which are the highest priority security protections to build into the next release.
Beyond Gut Feelings
Mobile apps and the devices on which they run are capable of collecting a wealth of information: threat type, the network, geographic location, OS version and much, much more. All this data provide DevSecOps teams with an extremely granular view of both current and emerging threats that can be sliced according to device, OS, geography — the possibilities are near limitless.
With this wealth of real-time data, the DevSecOps team can make the best use of their time to provide protection against the threats that truly matter.
Once implemented, data-driven DevSecOps teams can not only identify the most urgent threats against which to protect, but they can also prove after release how well the protections are working. In this way, the DevSecOps team can easily justify its value to senior management, partners and other stakeholders, and demonstrate compliance with both internal and external regulations.
It's time for organizations to move beyond manual methods for incorporating mobile app security and gut-feel decisions or analyst recommendations about security models. With data-driven DevSecOps, development teams won't just be shooting in the dark. They'll be using real-time information to identify and protect against new threats and attacks before they can be launched at scale.
Industry News
March 31, 2026
JFrog announced its partnership with iZeno Pte Ltd, a Singapore-headquartered enterprise technology solutions provider.
March 30, 2026
Red Hat announced an expanded collaboration with Google Cloud to help organizations accelerate application modernization and cloud migrations.
March 30, 2026
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the contribution of SQLMesh, an open source data transformation framework, to the Foundation by Fivetran.
March 26, 2026
Check Point® Software Technologies Ltd. released the AI Factory Security Architecture Blueprint — a comprehensive, vendor-tested reference architecture for securing private AI infrastructure from the hardware layer to the application layer.
March 26, 2026
CMD+CTRL Security won the following awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine: Most Innovative Cybersecurity Training and Pioneering Secure Coding: Developer Upskilling.
March 25, 2026
Check Point® Software Technologies Ltd. announced the Check Point AI Defense Plane, a unified AI security control plane designed to help enterprises govern how AI is connected, deployed, and operated across the business.
March 25, 2026
Oracle announced the latest updates to Oracle AI Agent Studio for Fusion Applications, a complete development platform for building, connecting, and running AI automation and agentic applications.
March 25, 2026
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced that Istio has launched a host of new features designed to meet the rising needs of modern, AI-driven infrastructure while reducing operational complexity.
March 25, 2026
Chainguard announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS packages, virtual machine images, CI/CD workflows, and agent skills that have built-in, intelligent policies to enforce enterprise security standards.
March 24, 2026
Backslash Security announced new cross-product support for agentic AI Skills within its platform, enabling organizations to discover, assess, and apply security guardrails to Skills used across AI-native software development environments.
March 24, 2026
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Kyverno, a Kubernetes-native policy engine that enables organizations to define, manage and enforce policy-as-code across cloud native environments.
March 24, 2026
Zero Networks announced the Kubernetes Access Matrix, a real time visual map that exposes every allowed and denied rule inside Kubernetes clusters.
March 24, 2026
Apiiro announced AI Threat Modeling, a new capability within Apiiro Guardian Agent that automatically generates architecture-aware threat models to identify security and compliance risks before code exists.
March 23, 2026
GitLab released GitLab 18.10, making it easier and more affordable to use agentic AI capabilities across the entire software development lifecycle.
