The Ultimate Guide to DevSecOps
A curated Kiwi edition of TechDay news, analysis, interviews, reviews, job moves, and related resources for DevSecOps.
What to know about DevSecOps
DevSecOps represents the integration of security practices within the DevOps process, aiming to build security into every phase of software development and delivery. This approach helps organisations accelerate development cycles while maintaining strong security and compliance standards.
Exploring recent stories tagged with DevSecOps reveals a dynamic field where AI-driven tools, cloud-native security, and collaboration between development, security, and operations teams are shaping the future of secure software delivery. Topics such as risk management, container and API security, supply chain protection, and the rising importance of observability and automation are frequently discussed.
For readers interested in how organisations are addressing evolving cybersecurity threats while enhancing agility and innovation, the DevSecOps tag offers insights into technology advancements, cultural shifts, and best practices that help teams deliver resilient, secure software faster. Whether you are a developer, security professional, or IT leader, following DevSecOps stories provides valuable perspectives on securing modern software development in an increasingly complex digital landscape.
Kiwi DevSecOps News
Regional stories with direct local relevance
Collapsing grace period: When your adversaries never tire
Attackers are now moving fast enough that patching delays, standing privilege and inherited trust leave organisations exposed within minutes.
Capture The Bug adds US tech leaders for North American push
Hamilton-born Capture The Bug taps top US tech leaders to drive North American growth as demand rises for continuous security testing.
Top cybersecurity achievements celebrated at 2023 iSANZ Awards
New Zealand's cybersecurity heroes, including KPMG's Philip Whitmore and BNZ teams, were honoured at the 2023 iSANZ Awards for advancing digital resilience nationwide.
Auldhouse significantly expands cybersecurity training offerings
Auldhouse set to become one of New Zealand's leading cybersecurity training providers, gaining official rights to the world's top cybersecurity certifications.
NZ financial firms bolster secure software development with Checkmarx
Two major financial institutions in New Zealand have refreshed their application security measures with the help of security specialist Checkmarx.
Analyst Insights
Research and market analysis connected to DevSecOps
Jamf launches AI governance for Mac fleets in enterprises
Codenotary flags 210,000 risky AI agent actions daily
The path to autonomous operations: Why observability is the reliability layer for AI
Rubrik launches cloud recovery tool for cyber attacks
Averlon launches Precog to block exploitable risks
Featured News
Upwind Expands to Sydney: Real Time Cloud Security for APJ
The Sydney move follows a USD $250 million funding round as the cloud security firm bets on real-time protection for fast-growing AI workloads.
AI agents multiply risk, says DigiCert chief product officer
Many firms cannot see where their AI agents are, leaving identity, policy and supply-chain risks to grow as deployments scale.
Google Cloud CEO sets out enterprise AI agent plan
Enterprises will get one place to build, govern and run AI agents, as Google Cloud expands Gemini Enterprise across models, data and security.
UiPath Accelerates AI in Software Development and Testing
UiPath is pushing AI deeper into software testing, promising autonomous agents that transform quality assurance and developers' roles.
Expert Columns
As agentic development accelerates, workflow auditability becomes a bottleneck
Why organisations in Asia Pacific are rethinking their AI deployment strategies
Collapsing grace period: When your adversaries never tire
From 398 to 200 Days: Understanding the TLS Certificate Lifespan Reduction
Secure by default: Moving beyond secure by design
Why the next endpoint and SASE disruption will not come from a security vendor
The security challenges in AI-assisted software development
How AI-powered log management unlocks observability
Agentic AI double agents expose dangerous security gaps
Automation vital as TLS certificate lifespans shrink
Interviews
Interviews and video coverage from the network
Recent DevSecOps News
Qualys study calls for unified attack surface management
Security teams want daily scanning and clearer risk rankings as cloud sprawl and third-party reliance widen attack surfaces, a survey found.
Spur adds no-code Cloudflare integration for Monocle
Security teams can now block or review suspicious anonymised traffic in minutes, with no engineering work, through Spur's new Cloudflare link.
GitGuardian launches endpoint protection for laptops
A single compromised laptop can expose thousands of live keys, according to GitGuardian's early field tests, as attacks shift to developer machines.
Checkmarx launches hybrid AI engine for code scanning
False alerts and missed flaws are the target as the new engine aims to help security teams scan AI-written code more reliably.
Mini Shai-Hulud worm turns public, NCC Group warns
Public release of the Mini Shai-Hulud code means copycat attacks can now hit developers, CI/CD systems and open-source supply chains.
CrowdStrike expands QuiltWorks with AWS on AI security
AWS customers will gain broader visibility into AI and cloud risks as CrowdStrike adds new monitoring, trials and private connectivity.
Patchstack & GoDaddy add WordPress vulnerability detection
Eligible Managed WordPress customers gain visibility into flaws as they are disclosed, as WordPress attacks are being exploited within hours.
Cloud202 launches Qubitz AI for cheaper business apps
Enterprises could cut AI app development costs by up to 80% as Cloud202 targets the gap between prototypes and secure production systems.
Keeper launches secrets sync for multi-cloud credentials
The feature aims to prevent credential drift, a common multi-cloud risk that can leave AWS, Azure and Google Cloud secrets out of sync.
Cohesity launches Maestro to bring backup into AI apps
Backup and recovery tasks can now be triggered inside popular AI assistants, as Cohesity opens its tools to external workflows through MCP.
AI coding tools raise debt & security risks, SIG warns
Enterprise teams using AI coding tools may face higher technical debt, security gaps and costs, according to new SIG research.
Broadcom expands Spring security for AI threat surge
Enterprises using Spring will get faster access to validated fixes as Broadcom responds to a 1700% surge in monthly security advisories.
CrowdStrike extends Falcon AI Detection across key gateways
The integrations aim to close security gaps as more firms run AI in production across gateways, APIs and models.
Thoughtworks launches Agent/works for AI governance
Enterprise teams are getting a single control plane to track agent sprawl, tighten permissions and curb AI spending as autonomous systems spread.
AISLE launches Snapshot for secure private cloud use
Regulated firms can now scan code for flaws without sending sensitive data to external AI services, as AISLE targets private deployments.
Organisations shift to continuous testing in security
With AI speeding up attacks, 53% of security leaders say point-in-time tests are already outdated by the time reports land.
Checkmarx partners Carahsoft to expand public sector sales
Government buyers will gain wider access to Checkmarx tools as Carahsoft opens procurement routes through reseller networks and federal contracts.
KPMG India, Tricentis strike quality engineering pact
Enterprises modernising software delivery could cut testing risk and speed releases as the firms pair consulting with AI-enabled quality tools.
Atsign adds AI architecture tools for enterprise teams
Enterprise teams can now define AI agent permissions and security controls earlier, as Atsign's update links live architecture design with model prompting.
GitLab unveils tools for governed agentic software delivery
Enterprises could cut agent coding costs and compliance risks as the new releases add server-side repository access, audit tools and spend controls.