Latest news with #AzureDevOps

DevOps platforms see surge in outages & downtime in 2024 report

Techday NZ

16-07-2025

Business
Techday NZ

DevOps platforms see surge in outages & downtime in 2024 report

has released a report detailing a significant increase in outages and security incidents across key DevOps platforms, including GitHub, GitLab, Jira, Bitbucket, and Azure DevOps. Report findings The CISO's Guide to DevOps Threats, the latest publication from highlights that 2024 has been marked by notable growth in service disruptions and vulnerabilities affecting development teams worldwide. The report analyses incident data and the resulting impacts for some of the most widely used development environments, with a combined user base of approximately 1.2 billion. Among the platforms surveyed, Jira exhibited a 44% year-on-year increase in reported incidents, rising from 75 in 2023 to 132 in 2024. These incidents caused an accumulated 2,131 hours of downtime, equivalent to 266 standard working days or nearly 13 full weeks of lost productivity. The study notes that the trend is persistent, recording a 63% increase in incident numbers compared to 2022. In the third quarter of 2024 alone, Jira users experienced over 7 hours of critical disruptions. Bitbucket, another popular tool in the Atlassian suite, recorded 38 incidents in 2024, leading to more than 110 hours of downtime. With additional maintenance windows included, the total impact rose close to 200 hours, with more than 70 hours classified as critical or major disruptions. GitHub and GitLab incidents GitHub's service saw a reduction in the number of incidents, falling 25% to 124 events in 2024, down from 165 in the previous year. However, despite this improvement, users still contended with approximately 800 hours of degraded performance, translating to over 100 working days lost across 26 major and 97 minor incidents. The third quarter was particularly unstable, with 42 incidents noted. GitLab faced a 21% increase in reported incidents, growing from 76 in 2023 to 97 in 2024. The platform also had to address 153 vulnerabilities and experienced 798 hours of service disruption. Just 44 incidents collectively contributed to over 585 hours of partial outage, and September stood out as a challenging month with 21 critical vulnerabilities resolved. Azure DevOps impact Azure DevOps, operated by Microsoft, was also affected by service interruptions. The platform suffered 826 hours of downtime across 111 incidents, disrupting services for a period equal to roughly 103 standard working days - approximately 28% of a typical working year. The report suggests these extended outages had a significant operational impact, noting that the lost time could amount to 8 to 10 completed hackathon cycles under normal circumstances. Underlying causes "The source of these numbers across all platforms is rarely limited to isolated technical failures. In most cases, they result from the growing complexity of DevOps environments and the lack of comprehensive, end-to-end visibility across the entire software delivery pipeline. The widespread adoption of distributed architectures, CI/CD practices, and multi-cloud infrastructures significantly increases the challenge of detecting vulnerabilities, enforcing consistent security policies, and responding to incidents in real time," explains Greg Bak, Chief of R&D at "Without a robust backup and disaster recovery strategy, even minor incidents can escalate into critical outages, data loss, or delays in software delivery. Resilience must be embedded into every phase of DevOps - from code repositories to production runtime," Bak added. Industry context The compiled data underlines the growing operational risks in a landscape increasingly reliant on complex integration, distributed systems, and continuous delivery methods. The report's analysis suggests that as organisations continue to adopt advanced development practices and multi-cloud environments, there is a corresponding rise in both the frequency and duration of service disruptions and security incidents. The CISO's Guide to DevOps Threats also includes discussion of emerging cyber threats targeting DevOps environments - covering malware such as Lumma Stealer, NJRat trojans, fraudulent repositories, and various platform vulnerabilities. These findings indicate that security and continuity planning remain critical challenges for DevOps teams operating within today's interconnected software infrastructure.

Should You Hold on to GitLab Despite the Stock's 17% YTD Decline?

Yahoo

11-07-2025

Business
Yahoo

Should You Hold on to GitLab Despite the Stock's 17% YTD Decline?

GitLab GTLB shares have lost 16.8% in the year-to-date, underperforming the broader Zacks Computer & Technology sector's rise of 7% and the Zacks Internet - Software industry's increase of 16.2%.The underperformance can be attributed to challenging macroeconomic uncertainties and increased competition in AI-enabled DevSecOps, particularly from larger players like Microsoft MSFT. Microsoft has strengthened its position in the DevSecOps space by seamlessly integrating GitHub and Azure DevOps. GTLB shares have also underperformed Microsoft shares, which have gained 19.4% in the year-to-date period. Image Source: Zacks Investment Research However, the company is benefiting from strong demand for its DevSecOps platform. Its solutions, such as GitLab Ultimate, Dedicated, and GitLab Duo, play a significant role in driving customer adoption and expanding existing customer relationships. GitLab's expanding clientele and market leadership in the DevSecOps platform category are contributing to its growth prospects. In the first quarter of fiscal 2026, customers with more than $5K of Annual Recurring Revenue (ARR) increased to 10,104, up 13% year over year. Customers with more than $100K of ARR increased to 1,288, up 26% year over year, demonstrating GTLB's ability to attract and retain large enterprise customers. GitLab's expanding portfolio has been noteworthy. In May 2025, GitLab launched GitLab 18, introducing powerful AI-native features across its DevSecOps platform. This release introduces integrated AI tools, including Code Suggestions and Chat, directly into Integrated Development Environments, now available to Premium and Ultimate customers at no additional cost. GitLab Premium users can also purchase Duo Enterprise without upgrading to Ultimate, gaining access to advanced AI across the development lifecycle. GitLab 18 also enhances CI/CD performance, artifact management, and security compliance with new tools like custom Static Application Security Testing logic, Fast Identity Online passkey support, and organization-level vulnerability expanding its portfolio, in May 2025, GitLab announced that it had achieved FedRAMP Moderate Authority to Operate status for GitLab Dedicated for Government, thereby enhancing secure DevSecOps for federal agencies. GitLab is benefiting from a rich partner network, which includes cloud platforms like Alphabet's GOOGL Google Cloud and Amazon AMZN. These platforms are helping it expand its footprint among large enterprise April 2025, GitLab announced the general availability of GitLab Duo with Amazon Q, integrating Amazon Q's AI agents into its DevSecOps platform to accelerate development, modernize legacy code, and streamline security and code reviews. The integration of GitLab's DevSecOps platform with Alphabet's Google Cloud services is enhancing developer productivity by streamlining authentication, boosting application deployment and improving the developer experience. This collaboration between GitLab and Alphabet ensures a more seamless and efficient development workflow. GitLab's expanded clientele and market leadership in the DevSecOps platform category are contributing to its growth the second quarter of fiscal 2026, GitLab expects revenues between $226 million and $227 million, indicating an approximate growth of 24% year over year. Non-GAAP fiscal second-quarter earnings are expected to be between 16 cents and 17 cents per share. For fiscal 2026, GitLab expects revenues between $936 million and $942 million, indicating growth of approximately 24% year over year. Non-GAAP earnings are expected to be between 74 cents and 75 cents per share. The Zacks Consensus Estimate for GTLB's second-quarter fiscal 2026 earnings is currently pegged at 16 cents per share, which has increased by a penny over the past 30 days, indicating a year-over-year increase of 6.67%.The consensus mark for second-quarter fiscal 2026 revenues is pegged at $226.55 million, indicating year-over-year growth of 24.08%. The Zacks Consensus Estimate for GTLB's fiscal 2026 earnings is currently pegged at 75 cents per share, which has increased 7.14% over the past 30 days, indicating a year-over-year increase of 1.35%.The consensus mark for fiscal 2026 revenues is pegged at $939.60 million, indicating year-over-year growth of 23.75%. GitLab Inc. price-consensus-chart | GitLab Inc. Quote We point out that GTLB stock is not so cheap, as the Value Score of F suggests a stretched valuation at this terms of the forward 12-month price/sales (P/S), GTLB is trading at 7.57X, higher than the Zacks Computer and Technology sector's 6.57X. Image Source: Zacks Investment Research GitLab's strong growth, AI-powered DevSecOps platform and solid partnerships position it as a leader in the DevOps GitLab faces challenges from one-time expenses, such as the global Summit event and ongoing costs related to its China joint venture, Jihu, which add pressure to its margins. Macroeconomic uncertainties and increased competition in AI-enabled DevSecOps continue to pose a headwind. Stretched valuation also remains a currently has a Zacks Rank #3 (Hold), suggesting that it may be wise to wait for a more favorable entry point to accumulate the stock. You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Inc. (AMZN) : Free Stock Analysis Report Microsoft Corporation (MSFT) : Free Stock Analysis Report Alphabet Inc. (GOOGL) : Free Stock Analysis Report GitLab Inc. (GTLB) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research Sign in to access your portfolio

Time Business News

14-06-2025

Business
Time Business News

The Best Mobile App Development Company in 2025

The digital landscape is evolving faster than ever, and as we navigate mid-2025, mobile technology is no longer just about smartphones—it's about immersive experiences, intelligent systems, and interconnected digital ecosystems. For businesses and entrepreneurs, choosing the best mobile app development company or mobile game development company is a decision that defines not just their app, but their future. In this guide, we explore the defining traits of top-tier development companies and the emerging technologies shaping the future of mobile apps and games. Gone are the days when app development was just about coding. Today's best mobile app development companies are strategic tech partners, building scalable, secure, and engaging platforms that anticipate and lead digital transformation. Predictive analytics, intelligent chatbots, and voice recognition are now standard. AI aids in code generation, automated testing, and dynamic personalization. The best companies implement AI from design to deployment. Devices like Apple Vision Pro are driving demand for immersive experiences. AR and VR apps are being developed for remote work, education, e-commerce, and healthcare. Forward-thinking firms integrate real-world interaction into app design. 5G enables ultra-fast, low-latency app experiences. Edge computing processes data closer to users, enhancing speed and privacy. Apps now support real-time collaboration, HD streaming, and complex IoT features. Security, transparency, and decentralized control are key. Integration of NFTs and decentralized apps (dApps) is on the rise. Top developers explore tokenized models, secure identity systems, and smart contracts. Inspired by platforms like WeChat, super apps offer multi-service capabilities. Modular architectures allow for easy scaling, updates, and feature enhancements. GDPR and global privacy laws demand built-in compliance. Features like multi-factor authentication, encryption, and secure API layers are now standard. Environmentally conscious development optimizes performance and reduces energy usage. Leading firms prioritize sustainable cloud infrastructure and efficient codebases. It's not just about tech. The best mobile app development company is a strategic ally with: Visionary Thinking : Goes beyond your brief to future-proof your app. : Goes beyond your brief to future-proof your app. Emerging Tech Portfolio : Experience in AI, AR/VR, blockchain, and cloud-native development. : Experience in AI, AR/VR, blockchain, and cloud-native development. Agile Methodologies : Rapid, transparent development cycles using tools like Jira, Trello, or Azure DevOps. : Rapid, transparent development cycles using tools like Jira, Trello, or Azure DevOps. Post-Launch Support : Offers updates, analytics, bug fixes, and feature iterations. : Offers updates, analytics, bug fixes, and feature iterations. Industry Experience : Specialization in niches like healthcare, fintech, or education. : Specialization in niches like healthcare, fintech, or education. UX/UI Focus: Prioritizes usability testing, accessibility, and conversion-driven interfaces. Gaming is no longer just entertainment—it's social, educational, and economically significant. The best mobile game development companies in 2025 create immersive, high-performance games that work seamlessly across devices and platforms. Games are now gateways to persistent virtual worlds. Developers are using blockchain to power NFTs and cross-platform asset transfers. AI assists in level design, character development, and story creation. NPCs now have realistic dialogue and behaviors powered by LLMs. Players stream console-quality games on mobile devices. Companies must optimize for cloud environments to reduce latency and improve access. Simple gameplay remains key, but added depth boosts retention. Developers mix casual mechanics with strategic gameplay and monetization layers. AR games interact with the physical world intelligently. VR titles are optimized for mobile-first and standalone headset experiences. Ranked modes, anti-cheat systems, and LiveOps are vital. Top developers support tournament features, spectator tools, and live updates. Games need to sync across Android, iOS, web, and even console. PWAs offer lightweight alternatives to native apps with faster updates and web compatibility. IAPs, subscriptions, rewarded ads, and digital asset sales are all part of modern monetization. Developers must balance revenue with fair, enjoyable user experiences. When evaluating a mobile game development company, consider: Game Engine Expertise : Proficiency in Unity, Unreal Engine, or Godot is essential. : Proficiency in Unity, Unreal Engine, or Godot is essential. Creative Storytelling and Art : Review narrative quality, character design, and visual originality. : Review narrative quality, character design, and visual originality. Backend Infrastructure : Look for scalable multiplayer systems and server-side logic. : Look for scalable multiplayer systems and server-side logic. LiveOps and Player Retention : Ask about regular updates, events, and community support. : Ask about regular updates, events, and community support. Market Fit and Monetization Strategy: Ensure they understand freemium models, ad networks, and revenue optimization. In 2025, traditional apps and mobile games are converging. Apps increasingly use gamification, animations, and real-time features, while games are adding social commerce, learning elements, and personal profiles—just like apps. A truly innovative mobile app development company or mobile game development company embraces this synergy. They prioritize user engagement, technical innovation, and strategic value beyond launch. Choosing the right development partner in 2025 is about far more than cost or timelines. It's about aligning with a company that understands tomorrow's technologies, users, and digital ecosystems. Whether you're launching a startup, scaling a SaaS product, or building the next big game, invest in a future-focused team—one that builds not just apps or games, but meaningful, sustainable digital experiences. The best mobile app and game developers in 2025 will not just code for today—they'll help you lead tomorrow. The best mobile app development company in 2025 excels in AI integration, AR/VR capabilities, blockchain implementation, and secure, scalable architecture. They focus on user-centric design, offer agile development practices, and provide robust post-launch support. Look for a mobile game development company with experience in your preferred genre, expertise in engines like Unity or Unreal, strong creative and storytelling teams, and a proven track record in monetization, cross-platform development, and LiveOps. A mobile app development company focuses on utility-based apps (e.g., healthcare, fintech, e-commerce), while a mobile game development company specializes in creating interactive entertainment experiences, often involving advanced graphics, real-time multiplayer, and monetization strategies. Some mobile app development companies do offer game development, especially if they have a specialized game development team or work with AR/VR and gamified apps. However, for complex gaming projects, partnering with a dedicated mobile game development company is often more effective. AI enhances personalization, automates testing, and improves user interactions through chatbots and smart features. In games, AI enables dynamic NPC behavior, procedural content generation, and more immersive gameplay. Super apps offer multiple services—such as messaging, shopping, and payments—within a single platform. They're popular in emerging markets. If your business aims to provide a multi-service ecosystem, working with a mobile app development company experienced in modular design is crucial. Blockchain brings enhanced security, digital ownership (e.g., NFTs), transparent data handling, and decentralized monetization. It's especially impactful in mobile game development, where players can own, trade, or sell in-game assets. LiveOps (Live Operations) refers to the continuous update and management of a mobile game after launch. It includes events, content updates, player engagement strategies, and bug fixes. A top mobile game development company always includes LiveOps in its service offering. Yes, most mobile game development companies use cross-platform engines like Unity or Unreal Engine, allowing seamless deployment on Android, iOS, and even web or desktop platforms. Post-launch services should include performance monitoring, analytics, bug fixes, security updates, feature enhancements, and user support. The best mobile app and game development companies provide long-term maintenance and optimization. TIME BUSINESS NEWS

Business Wire

22-05-2025

Business
Business Wire

Pixee Raises $15M to Automate Code Security to Meet the Velocity of GenAI-Enabled Developers

BALTIMORE--(BUSINESS WIRE)-- Pixee, the creator of innovative solutions that empower security teams to match the productivity of AI-powered development, announced today that it has raised $15M in seed funding. The round was led by Decibel and Wing VC, with participation from TEDCO, PrimeSet and strategic investors, including early GitHub engineer Zach Holman, HackerOne Founder and CTO Alex Rice, Oracle SVP of Cloud Operations Brian Chess, and more. The new capital will accelerate Pixee's product development and expansion of the go-to-market team, enabling the company to scale adoption among enterprises and capture the growing demand for its AI-powered solution. Early enterprise customers have seen substantial benefits from adopting Pixee, including recapturing 91% of developer remediation time and cutting security triage time by 74%. Automated code fixes achieve an impressive 76% merge rate. Pixee is the first enterprise-grade tool that uses agentic AI for context and logic alongside deterministic techniques, delivering both intelligent vulnerability triage and accurate, trusted fixes. It integrates directly into developer workflows, including GitHub, GitLab, Bitbucket, and Azure DevOps, creating pull requests with ready-to-accept code. Purpose-built for security-conscious enterprises, the on-premises deployment option keeps customers' sensitive data, intellectual property, and source code fully under the customer's control. This eliminates the risk of data leaks or exposure to unregulated AI tools, ensuring strong trust, security, and protection. 'Developers are more prolific today than ever before, especially those leveraging the latest genAI tools like Cursor, Claude Code & GitHub Co-pilot,' said Surag Patel, co-founder and CEO of Pixee. 'It's time application security teams are empowered with a platform that enables them to 10X their team and keep pace with their counterparts. By focusing on capabilities like automated, production-ready code fixes directly into developer workflows and automating expert automated triage for security, enterprises can now ship secure code at unprecedented velocity. Teams can trust that any vulnerabilities within code are being resolved faster than new ones can be introduced.' IDC projects that by 2027, 70% of corrective code fixes for application security issues will be generated by AI-assisted automated remediation tools, reducing the time to patch vulnerabilities to just days. The report also found that developers estimate spending 19% of their weekly hours on security-related tasks, often outside normal working hours. The average organization spends a whopping $28,100 per developer each year in security-related tasks. 'It's time Application Security teams have their 'Cursor' equivalent platform. Pixee is the first platform we've seen that truly changes the equation in security programs and enables them to keep up with the pace of developers. By natively weaving into the developer workflow and automating work that previously was a tax on developers and security teams, security gets done automatically. Instead of the same story of understaffed product security teams, we finally have a path to the enterprise dream,' said Dan Nguyen-Huu, Partner at Decibel. 'At the heart of Pixee is a powerful insight: genAI-fueled developer productivity and security can coexist without friction. By automating the complex tasks of resolving issues from product security scanners, Pixee allows developers and security teams to reclaim valuable time, driving innovation and delivering higher quality software, faster,' added Jake Flomenberg, Partner at Wing. Pixee was founded by industry veterans with decades of experience in security and developer enablement. Co-founder and CEO Surag Patel was the Chief Strategy Officer at Contrast Security, and held leadership roles at 41st Parameter (acquired by Experian), comScore, and InMobi. Co-founder and CTO Arshan Dabirsiaghi co-founded cybersecurity unicorn Contrast Security and is recognized as one of the world's most prominent application security experts. Together, they are building Pixee to redefine how security is managed in the development process. About Pixee, Inc. Pixee is the first enterprise-grade platform that automates the last mile of application security, from alerts to resolution. The company's technology integrates directly into developer workflows, using a combination of agentic AI and deterministic techniques to deliver trusted, automatic code fixes with an 87% merge rate. Founded by security industry veterans Surag Patel and Arshan Dabirsiaghi, Pixee is backed by Decibel, Wing VC, and strategic investors including early GitHub engineer Zach Holman and HackerOne Founder Alex Rice. For more information, visit

Microsoft Confirms Critical 10/10 Cloud Security Vulnerability

Forbes

09-05-2025

Forbes

Microsoft Confirms Critical 10/10 Cloud Security Vulnerability

Microsoft confirms 10/10 Azure vulnerability. SOPA Images/LightRocket via Getty Images It's not often that a truly critical security vulnerability emerges that hits the maximum Common Vulnerability Scoring System severity rating of 10. This is one of those times. Microsoft has confirmed multiple vulnerabilities rated as critical and impacting core cloud services, one of which has reached the unwelcome heights of that 10/10 criticality rating. The good news is that none are known to have been exploited in the wild, none have already been publicly disclosed, and as a user, there's nothing you need to do to protect your environment. A total of four cloud security vulnerabilities have been confirmed by Microsoft, one of which hit the 10/10 rating, but two aren't a million miles short, both being given 9.9 ratings. The final vulnerability remains critical, with a CVSS severity rating of 9.1. Let's look at them in order of their criticality. CVE-2025-29813 Critical Rating: 10.0 Azure DevOps Elevation of Privilege Vulnerability Microsoft confirmed that this Azure DevOps pipeline token hijacking vulnerability is caused by an issue whereby Visual Studio improperly handles the pipeline job tokens, enabling an attacker to potentially extend their access to a project. 'To exploit this vulnerability,' Microsoft said, 'an attacker would first have to have access to the project and swap the short-term token for a long-term one.' CVE-2025-29972 Critical Rating: 9.9 Azure Storage Resource Provider Spoofing Vulnerability Microsoft said that this Azure server-side request forgery vulnerability could allow an authorized attacker to perform 'spoofing' over a network. In other words, a successful threat actor could exploit this vulnerability to distribute malicious requests that impersonate legitimate services and users. CVE-2025-29827 Critical Rating: 9.9 Azure Automation Elevation of Privilege Vulnerability Yet another Azure security vulnerability with an unbelievably high official severity rating of 9.9, this time enabling a successful hacker to elevate privileges across the network thanks to an improper authorization issue in Azure Automation. CVE-2025-47733 Critical Rating: 9.1 Microsoft Power Apps Information Disclosure Vulnerability Hooray, not Azure this time, and dropping on the criticality rating scale to a 9.1 as well. This vulnerability, as the name suggests, would allow an attacker to disclose information over the network. It's another server-side request forgery vulnerability but this time impacting Microsoft Power Apps. Here's the really good news among the bad critical vulnerability disclosure stuff: there is no patch to install, no updates to deploy, and no action required by the user at all. 'This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take,' Microsoft said with regard to each of the cloud security issues mentioned. That's because it comes under the remit of what the Microsoft Security Response Center refers to as a commitment to provide comprehensive vulnerability information to customers, by detailing cloud service CVEs once they have been patched internally. 'In the past,' Microsoft said, 'cloud service providers refrained from disclosing information about vulnerabilities found and resolved in cloud services, unless customer action was required.' With the value of full transparency now properly understood, all that has changed. 'We will issue CVEs for critical cloud service vulnerabilities,' Microsoft confirmed, 'regardless of whether customers need to install a patch or to take other actions to protect themselves.'