April 2025 - Page 8 of 16 - Mobile Monitoring Solutions

Uncategorized

MongoDB, Inc. (NASDAQ:MDB) Shares Acquired by Amitell Capital Pte Ltd – MarketBeat

MMS • RSS

Posted on mongodb google news. Visit mongodb google news

Amitell Capital Pte Ltd increased its position in MongoDB, Inc. (NASDAQ:MDB – Free Report) by 36.7% during the 4th quarter, according to its most recent filing with the Securities and Exchange Commission. The firm owned 18,625 shares of the company’s stock after buying an additional 5,000 shares during the quarter. MongoDB comprises about 3.5% of Amitell Capital Pte Ltd’s investment portfolio, making the stock its 11th biggest position. Amitell Capital Pte Ltd’s holdings in MongoDB were worth $4,336,000 at the end of the most recent reporting period.

Other hedge funds and other institutional investors have also recently added to or reduced their stakes in the company. Vanguard Group Inc. grew its stake in MongoDB by 0.3% during the fourth quarter. Vanguard Group Inc. now owns 7,328,745 shares of the company’s stock worth $1,706,205,000 after buying an additional 23,942 shares during the period. Franklin Resources Inc. boosted its position in MongoDB by 9.7% during the 4th quarter. Franklin Resources Inc. now owns 2,054,888 shares of the company’s stock worth $478,398,000 after purchasing an additional 181,962 shares during the period. Geode Capital Management LLC increased its holdings in MongoDB by 1.8% in the 4th quarter. Geode Capital Management LLC now owns 1,252,142 shares of the company’s stock valued at $290,987,000 after purchasing an additional 22,106 shares in the last quarter. Norges Bank acquired a new stake in MongoDB in the 4th quarter valued at $189,584,000. Finally, Amundi lifted its stake in shares of MongoDB by 86.2% during the fourth quarter. Amundi now owns 693,740 shares of the company’s stock worth $172,519,000 after purchasing an additional 321,186 shares in the last quarter. Institutional investors and hedge funds own 89.29% of the company’s stock.

Insider Transactions at MongoDB

In other news, insider Cedric Pech sold 1,690 shares of MongoDB stock in a transaction on Wednesday, April 2nd. The stock was sold at an average price of $173.26, for a total transaction of $292,809.40. Following the transaction, the insider now directly owns 57,634 shares in the company, valued at approximately $9,985,666.84. This trade represents a 2.85 % decrease in their position. The sale was disclosed in a document filed with the Securities & Exchange Commission, which can be accessed through this link. Also, CEO Dev Ittycheria sold 18,512 shares of the company’s stock in a transaction on Wednesday, April 2nd. The shares were sold at an average price of $173.26, for a total value of $3,207,389.12. Following the completion of the sale, the chief executive officer now owns 268,948 shares of the company’s stock, valued at approximately $46,597,930.48. This trade represents a 6.44 % decrease in their position. The disclosure for this sale can be found here. Over the last quarter, insiders sold 58,060 shares of company stock valued at $13,461,875. 3.60% of the stock is currently owned by corporate insiders.

MongoDB Price Performance

NASDAQ:MDB opened at $147.38 on Tuesday. The firm has a market capitalization of $11.97 billion, a P/E ratio of -53.79 and a beta of 1.49. The business has a 50 day simple moving average of $234.34 and a 200 day simple moving average of $260.82. MongoDB, Inc. has a 12-month low of $140.78 and a 12-month high of $387.19.

MongoDB (NASDAQ:MDB – Get Free Report) last posted its earnings results on Wednesday, March 5th. The company reported $0.19 earnings per share (EPS) for the quarter, missing analysts’ consensus estimates of $0.64 by ($0.45). The firm had revenue of $548.40 million for the quarter, compared to analyst estimates of $519.65 million. MongoDB had a negative net margin of 10.46% and a negative return on equity of 12.22%. During the same period in the previous year, the firm earned $0.86 earnings per share. Research analysts anticipate that MongoDB, Inc. will post -1.78 EPS for the current fiscal year.

Wall Street Analysts Forecast Growth

MDB has been the subject of a number of recent research reports. Royal Bank of Canada lowered their target price on MongoDB from $400.00 to $320.00 and set an “outperform” rating for the company in a research note on Thursday, March 6th. Citigroup lowered their price objective on shares of MongoDB from $430.00 to $330.00 and set a “buy” rating for the company in a research report on Tuesday, April 1st. Morgan Stanley reduced their target price on shares of MongoDB from $350.00 to $315.00 and set an “overweight” rating on the stock in a research report on Thursday, March 6th. Cantor Fitzgerald initiated coverage on shares of MongoDB in a report on Wednesday, March 5th. They set an “overweight” rating and a $344.00 price target for the company. Finally, Monness Crespi & Hardt upgraded shares of MongoDB from a “sell” rating to a “neutral” rating in a report on Monday, March 3rd. Seven analysts have rated the stock with a hold rating, twenty-four have assigned a buy rating and one has assigned a strong buy rating to the company’s stock. According to data from MarketBeat.com, the stock presently has a consensus rating of “Moderate Buy” and a consensus target price of $312.84.

Get Our Latest Research Report on MongoDB

About MongoDB

(Free Report)

MongoDB, Inc, together with its subsidiaries, provides general purpose database platform worldwide. The company provides MongoDB Atlas, a hosted multi-cloud database-as-a-service solution; MongoDB Enterprise Advanced, a commercial database server for enterprise customers to run in the cloud, on-premises, or in a hybrid environment; and Community Server, a free-to-download version of its database, which includes the functionality that developers need to get started with MongoDB.

Using Artificial Intelligence in Software Testing

MMS • Ben Linders

Article originally posted on InfoQ. Visit InfoQ

Quality Assurance Engineers can evolve into artificial intelligence (AI) strategists, guiding AI-driven test execution while focusing on strategic decisions. According to Victor Ionascu, rather than replacing testing roles, AI can enhance them by predicting defects, automating test maintenance, and refining risk-based testing. This human-AI collaboration is crucial for maintaining quality in increasingly complex software systems.

Victor Ionascu gave a talk about the role of artificial intelligence in quality assurance and software testing at QA Challenge Accepted.

QA professionals are increasingly turning to AI to address the growing complexities of software testing, Ionascu said. AI-driven automation can improve test coverage, reduce test cycle times, and enhance the accuracy of results, leading to faster software releases with higher quality, as he explained in the InfoQ article Exploring AI’s Role in Automating Software Testing.

Ionascu mentioned that he’s using AI tools like GitHub Copilot, Amazon CodeWhisperer, and ChatGPT. One of the key benefits, once you understand how to use AI effectively, is a noticeable improvement in efficiency, as he explained:

For example, with Copilot, instead of manually searching for whether a particular class or function exists, the AI automatically suggests relevant code snippets in real-time. This accelerates the development process and helps me focus more on refining and improving the logic behind the tests.

Tools like ChatGPT have proven to be invaluable for general research and guidance, Ionascu said. Instead of spending time searching through multiple sources, he uses it as a powerful assistant that provides quick insights and suggestions during the automation process. It helps reduce the time needed for researching complex testing scenarios or frameworks, which ultimately speeds up the development of robust test scripts, he mentioned.

While AI offers tremendous potential, Ionascu stressed that AI is not without limitations. It lacks the contextual understanding and human intuition required for tasks like exploratory testing and non-functional testing (e.g., performance and security), he mentioned.

The future of testing with AI will see QA professionals evolving into AI strategists, where AI tools will handle much of the execution and maintenance of automated tests, Ionascu said. AI will enable adaptive, self-healing tests that evolve with the application, reducing the overhead for QA teams, he added.

Ionascu expects AI to also improve in areas like predictive defect detection:

AI can analyze historical data to identify high-risk areas before they become critical issues.

In the long term, AI will not replace QA roles but will augment human capabilities, allowing teams to focus on strategic, high-value tasks like quality strategy, exploratory testing, and risk-based testing, Ionascu said. The key will be the partnership between AI and human oversight, where AI handles execution, and humans drive creativity and strategy, he concluded.

InfoQ interviewed Victor Ionascu about applying AI for software testing.

InfoQ: What are the limitations of AI in testing?

Victor Ionascu: While it excels at automating repetitive tasks, AI still struggles with contextual understanding of complex, domain-specific workflows. AI-generated tests may require manual refinement to ensure completeness and accuracy, especially for non-functional requirements like performance and security testing. And AI lacks human intuition, which is crucial for exploratory testing and discovering edge cases that are difficult to automate.

InfoQ: Can you give an example of a test case where human intuition made the difference?

Ionascu: An example of an edge case would be testing invisible or zero-width characters in passwords.

Scenario: A user enters a password that appears valid but contains zero-width spaces or non-printable Unicode characters (e.g., U+200B Zero Width Space, U+200C Zero Width Non-Joiner).

The example password input (User Perspective): P@ssw0rd (Looks normal)

The actual password (Hidden Characters): P@ssw0rd (Contains a zero-width space between P and @)

Automation using AI will miss this, because:

Automated tests typically check for length, required characters, and structure but may not detect hidden characters.

Most test automation frameworks treat these as valid input since they don’t visually alter the string.

Traditional regex-based validation rules fail unless explicitly checking for invisible Unicode characters

Humans using AI can discover this in two ways:

Human Tester Insight: Manually pasting a password copied from an external document (e.g., Google Docs, emails) can reveal login failures due to hidden characters.

AI-Assisted Detection: AI-powered anomaly detection can compare expected login behavior with failed attempts where passwords “look correct” but fail

Testing this has a significant impact. Users may struggle with login failures without understanding why. It can also be exploited for phishing attacks (e.g., registering Password123 and tricking users into thinking it’s Password123).

About the Author

Ben Linders

Show moreShow less

Uncategorized

Have Insiders Sold MongoDB Shares Recently? – Simply Wall St News

MMS • RSS

Posted on mongodb google news. Visit mongodb google news

We wouldn’t blame MongoDB, Inc. (NASDAQ:MDB) shareholders if they were a little worried about the fact that Dev Ittycheria, the President recently netted about US$3.2m selling shares at an average price of US$173. However, that sale only accounted for 8.8% of their holding, so arguably it doesn’t say much about their conviction.

This technology could replace computers: discover the 20 stocks are working to make quantum computing a reality.

MongoDB Insider Transactions Over The Last Year

Notably, that recent sale by Dev Ittycheria is the biggest insider sale of MongoDB shares that we’ve seen in the last year. So what is clear is that an insider saw fit to sell at around the current price of US$171. While we don’t usually like to see insider selling, it’s more concerning if the sales take place at a lower price. In this case, the big sale took place at around the current price, so it’s not too bad (but it’s still not a positive).

In the last year MongoDB insiders didn’t buy any company stock. You can see a visual depiction of insider transactions (by companies and individuals) over the last 12 months, below. If you want to know exactly who sold, for how much, and when, simply click on the graph below!

Check out our latest analysis for MongoDB

insider-trading-volume — NasdaqGM:MDB Insider Trading Volume April 10th 2025

I will like MongoDB better if I see some big insider buys. While we wait, check out this free list of undervalued and small cap stocks with considerable, recent, insider buying.

Insider Ownership

For a common shareholder, it is worth checking how many shares are held by company insiders. I reckon it’s a good sign if insiders own a significant number of shares in the company. MongoDB insiders own 2.9% of the company, currently worth about US$344m based on the recent share price. Most shareholders would be happy to see this sort of insider ownership, since it suggests that management incentives are well aligned with other shareholders.

So What Does This Data Suggest About MongoDB Insiders?

Insiders sold MongoDB shares recently, but they didn’t buy any. And even if we look at the last year, we didn’t see any purchases. The company boasts high insider ownership, but we’re a little hesitant, given the history of share sales. While it’s good to be aware of what’s going on with the insider’s ownership and transactions, we make sure to also consider what risks are facing a stock before making any investment decision. For example – MongoDB has 3 warning signs we think you should be aware of.

If you would prefer to check out another company — one with potentially superior financials — then do not miss this free list of interesting companies, that have HIGH return on equity and low debt.

For the purposes of this article, insiders are those individuals who report their transactions to the relevant regulatory body. We currently account for open market transactions and private dispositions of direct interests only, but not derivative transactions or indirect interests.

New: Manage All Your Stock Portfolios in One Place

We’ve created the ultimate portfolio companion for stock investors, and it’s free.

• Connect an unlimited number of Portfolios and see your total in one currency
• Be alerted to new Warning Signs or Risks via email or mobile
• Track the Fair Value of your stocks

Try a Demo Portfolio for Free

Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team (at) simplywallst.com.

This article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned.

Article originally posted on mongodb google news. Visit mongodb google news

Uncategorized

Fmr LLC Decreases Stake in MongoDB, Inc. (NASDAQ:MDB) – MarketBeat

MMS • RSS

Posted on mongodb google news. Visit mongodb google news

Fmr LLC lessened its stake in shares of MongoDB, Inc. (NASDAQ:MDB – Free Report) by 84.3% during the 4th quarter, according to the company in its most recent filing with the Securities and Exchange Commission. The fund owned 3,480,245 shares of the company’s stock after selling 18,690,392 shares during the period. Fmr LLC owned approximately 4.67% of MongoDB worth $810,236,000 at the end of the most recent reporting period.

A number of other hedge funds have also bought and sold shares of MDB. Norges Bank purchased a new position in shares of MongoDB in the fourth quarter worth about $189,584,000. Raymond James Financial Inc. purchased a new position in MongoDB during the 4th quarter worth approximately $90,478,000. Amundi raised its position in MongoDB by 86.2% during the 4th quarter. Amundi now owns 693,740 shares of the company’s stock worth $172,519,000 after buying an additional 321,186 shares during the last quarter. Assenagon Asset Management S.A. lifted its stake in MongoDB by 11,057.0% during the 4th quarter. Assenagon Asset Management S.A. now owns 296,889 shares of the company’s stock valued at $69,119,000 after acquiring an additional 294,228 shares during the period. Finally, Franklin Resources Inc. boosted its holdings in shares of MongoDB by 9.7% in the 4th quarter. Franklin Resources Inc. now owns 2,054,888 shares of the company’s stock valued at $478,398,000 after acquiring an additional 181,962 shares during the last quarter. Institutional investors and hedge funds own 89.29% of the company’s stock.

Insider Buying and Selling at MongoDB

In other news, Director Dwight A. Merriman sold 885 shares of MongoDB stock in a transaction on Tuesday, February 18th. The stock was sold at an average price of $292.05, for a total value of $258,464.25. Following the completion of the sale, the director now directly owns 83,845 shares of the company’s stock, valued at approximately $24,486,932.25. The trade was a 1.04 % decrease in their ownership of the stock. The sale was disclosed in a filing with the SEC, which can be accessed through this hyperlink. Also, CFO Srdjan Tanjga sold 525 shares of the business’s stock in a transaction dated Wednesday, April 2nd. The stock was sold at an average price of $173.26, for a total transaction of $90,961.50. Following the sale, the chief financial officer now owns 6,406 shares in the company, valued at $1,109,903.56. This trade represents a 7.57 % decrease in their ownership of the stock. The disclosure for this sale can be found here. Insiders have sold 58,060 shares of company stock worth $13,461,875 over the last quarter. 3.60% of the stock is currently owned by company insiders.

Analyst Upgrades and Downgrades

MDB has been the subject of several recent research reports. Barclays reduced their target price on shares of MongoDB from $330.00 to $280.00 and set an “overweight” rating for the company in a report on Thursday, March 6th. Robert W. Baird decreased their price target on MongoDB from $390.00 to $300.00 and set an “outperform” rating for the company in a report on Thursday, March 6th. DA Davidson boosted their target price on shares of MongoDB from $340.00 to $405.00 and gave the company a “buy” rating in a research note on Tuesday, December 10th. Loop Capital dropped their price target on shares of MongoDB from $400.00 to $350.00 and set a “buy” rating on the stock in a research report on Monday, March 3rd. Finally, Monness Crespi & Hardt upgraded shares of MongoDB from a “sell” rating to a “neutral” rating in a research report on Monday, March 3rd. Seven analysts have rated the stock with a hold rating, twenty-four have given a buy rating and one has given a strong buy rating to the company’s stock. According to MarketBeat, MongoDB has an average rating of “Moderate Buy” and an average target price of $312.84.

Get Our Latest Report on MDB

MongoDB Trading Down 4.5 %

Shares of MDB stock opened at $147.38 on Tuesday. MongoDB, Inc. has a twelve month low of $140.78 and a twelve month high of $387.19. The company’s 50-day moving average price is $234.34 and its 200-day moving average price is $260.82. The stock has a market cap of $11.97 billion, a price-to-earnings ratio of -53.79 and a beta of 1.49.

MongoDB (NASDAQ:MDB – Get Free Report) last posted its earnings results on Wednesday, March 5th. The company reported $0.19 earnings per share for the quarter, missing the consensus estimate of $0.64 by ($0.45). The firm had revenue of $548.40 million during the quarter, compared to analyst estimates of $519.65 million. MongoDB had a negative net margin of 10.46% and a negative return on equity of 12.22%. During the same quarter in the previous year, the firm earned $0.86 earnings per share. As a group, equities research analysts predict that MongoDB, Inc. will post -1.78 EPS for the current year.

MongoDB Profile

(Free Report)

Want to see what other hedge funds are holding MDB? Visit HoldingsChannel.com to get the latest 13F filings and insider trades for MongoDB, Inc. (NASDAQ:MDB – Free Report).

Institutional Ownership by Quarter for MongoDB (NASDAQ:MDB)

Before you consider MongoDB, you’ll want to hear this.

While MongoDB currently has a Moderate Buy rating among analysts, top-rated analysts believe these five stocks are better buys.

View The Five Stocks Here

The Best High-Yield Dividend Stocks for 2025 Cover

Discover the 10 Best High-Yield Dividend Stocks for 2025 and secure reliable income in uncertain markets. Download the report now to identify top dividend payers and avoid common yield traps.

Get This Free Report

Like this article? Share it with a colleague.

Link copied to clipboard.

Article originally posted on mongodb google news. Visit mongodb google news

Uncategorized

Prudential Financial Inc. Cuts Stock Holdings in MongoDB, Inc. (NASDAQ:MDB)

MMS • RSS

Posted on mongodb google news. Visit mongodb google news

Prudential Financial Inc. reduced its position in MongoDB, Inc. (NASDAQ:MDB – Free Report) by 4.7% in the 4th quarter, according to the company in its most recent 13F filing with the Securities and Exchange Commission (SEC). The firm owned 2,152 shares of the company’s stock after selling 105 shares during the period. Prudential Financial Inc.’s holdings in MongoDB were worth $501,000 as of its most recent filing with the Securities and Exchange Commission (SEC).

Several other hedge funds and other institutional investors also recently added to or reduced their stakes in the company. Raymond James Financial Inc. acquired a new stake in shares of MongoDB during the 4th quarter valued at about $90,478,000. Amundi grew its holdings in MongoDB by 86.2% in the fourth quarter. Amundi now owns 693,740 shares of the company’s stock valued at $172,519,000 after purchasing an additional 321,186 shares during the period. Assenagon Asset Management S.A. increased its position in shares of MongoDB by 11,057.0% in the fourth quarter. Assenagon Asset Management S.A. now owns 296,889 shares of the company’s stock valued at $69,119,000 after buying an additional 294,228 shares in the last quarter. LBP AM SA raised its stake in shares of MongoDB by 81.9% during the 4th quarter. LBP AM SA now owns 246,091 shares of the company’s stock worth $57,292,000 after buying an additional 110,768 shares during the period. Finally, Nicholas Company Inc. grew its stake in MongoDB by 94.5% in the 4th quarter. Nicholas Company Inc. now owns 202,509 shares of the company’s stock valued at $47,146,000 after acquiring an additional 98,394 shares during the period. Institutional investors and hedge funds own 89.29% of the company’s stock.

Insider Buying and Selling at MongoDB

In other news, CAO Thomas Bull sold 301 shares of MongoDB stock in a transaction dated Wednesday, April 2nd. The stock was sold at an average price of $173.25, for a total value of $52,148.25. Following the completion of the transaction, the chief accounting officer now owns 14,598 shares in the company, valued at approximately $2,529,103.50. This trade represents a 2.02 % decrease in their position. The sale was disclosed in a filing with the SEC, which can be accessed through the SEC website. Also, Director Dwight A. Merriman sold 1,045 shares of the company’s stock in a transaction that occurred on Monday, January 13th. The stock was sold at an average price of $242.67, for a total transaction of $253,590.15. Following the sale, the director now owns 85,652 shares in the company, valued at $20,785,170.84. The trade was a 1.21 % decrease in their ownership of the stock. The disclosure for this sale can be found here. Insiders sold 58,060 shares of company stock valued at $13,461,875 in the last 90 days. Company insiders own 3.60% of the company’s stock.

Wall Street Analysts Forecast Growth

<!—->

MDB has been the subject of a number of research analyst reports. Robert W. Baird reduced their price objective on shares of MongoDB from $390.00 to $300.00 and set an “outperform” rating for the company in a research report on Thursday, March 6th. Monness Crespi & Hardt raised shares of MongoDB from a “sell” rating to a “neutral” rating in a research note on Monday, March 3rd. KeyCorp lowered MongoDB from a “strong-buy” rating to a “hold” rating in a research note on Wednesday, March 5th. Stifel Nicolaus decreased their target price on MongoDB from $425.00 to $340.00 and set a “buy” rating on the stock in a research report on Thursday, March 6th. Finally, Daiwa Capital Markets began coverage on MongoDB in a research report on Tuesday, April 1st. They set an “outperform” rating and a $202.00 price target for the company. Seven analysts have rated the stock with a hold rating, twenty-four have assigned a buy rating and one has issued a strong buy rating to the stock. Based on data from MarketBeat, MongoDB presently has an average rating of “Moderate Buy” and a consensus target price of $312.84.

Get Our Latest Research Report on MDB

MongoDB Stock Up 17.5 %

MDB opened at $171.34 on Thursday. The firm has a market cap of $13.91 billion, a P/E ratio of -62.53 and a beta of 1.49. MongoDB, Inc. has a 52 week low of $140.78 and a 52 week high of $387.19. The business has a fifty day simple moving average of $224.89 and a 200-day simple moving average of $257.73.

MongoDB (NASDAQ:MDB – Get Free Report) last issued its quarterly earnings results on Wednesday, March 5th. The company reported $0.19 earnings per share (EPS) for the quarter, missing analysts’ consensus estimates of $0.64 by ($0.45). MongoDB had a negative return on equity of 12.22% and a negative net margin of 10.46%. The business had revenue of $548.40 million for the quarter, compared to analysts’ expectations of $519.65 million. During the same quarter last year, the company earned $0.86 earnings per share. Sell-side analysts expect that MongoDB, Inc. will post -1.78 earnings per share for the current year.

About MongoDB

(Free Report)

Featured Articles

Institutional Ownership by Quarter for MongoDB (NASDAQ:MDB)

Receive News & Ratings for MongoDB Daily – Enter your email address below to receive a concise daily summary of the latest news and analysts’ ratings for MongoDB and related companies with MarketBeat.com’s FREE daily email newsletter.

Article originally posted on mongodb google news. Visit mongodb google news

Uncategorized

MongoDB (NASDAQ:MDB) Hits New 1-Year Low Following Insider Selling – MarketBeat

MMS • RSS

Posted on mongodb google news. Visit mongodb google news

MongoDB, Inc. (NASDAQ:MDB – Get Free Report) shares hit a new 52-week low during mid-day trading on Monday after an insider sold shares in the company. The stock traded as low as $140.78 and last traded at $141.13, with a volume of 442325 shares. The stock had previously closed at $154.39.

Specifically, CFO Srdjan Tanjga sold 525 shares of MongoDB stock in a transaction that occurred on Wednesday, April 2nd. The shares were sold at an average price of $173.26, for a total transaction of $90,961.50. Following the completion of the sale, the chief financial officer now directly owns 6,406 shares in the company, valued at $1,109,903.56. The trade was a 7.57 % decrease in their ownership of the stock. The sale was disclosed in a document filed with the SEC, which is available through this hyperlink. Also, insider Cedric Pech sold 1,690 shares of the company’s stock in a transaction on Wednesday, April 2nd. The stock was sold at an average price of $173.26, for a total transaction of $292,809.40. Following the completion of the transaction, the insider now owns 57,634 shares of the company’s stock, valued at $9,985,666.84. This trade represents a 2.85 % decrease in their ownership of the stock. The disclosure for this sale can be found here. In other MongoDB news, CAO Thomas Bull sold 301 shares of the company’s stock in a transaction that occurred on Wednesday, April 2nd. The stock was sold at an average price of $173.25, for a total value of $52,148.25. Following the completion of the sale, the chief accounting officer now owns 14,598 shares of the company’s stock, valued at $2,529,103.50. This represents a 2.02 % decrease in their ownership of the stock. The sale was disclosed in a filing with the Securities & Exchange Commission, which is available through the SEC website.

Wall Street Analysts Forecast Growth

MDB has been the topic of several recent analyst reports. Monness Crespi & Hardt upgraded shares of MongoDB from a “sell” rating to a “neutral” rating in a report on Monday, March 3rd. Oppenheimer reduced their price target on shares of MongoDB from $400.00 to $330.00 and set an “outperform” rating on the stock in a research report on Thursday, March 6th. KeyCorp lowered shares of MongoDB from a “strong-buy” rating to a “hold” rating in a report on Wednesday, March 5th. Piper Sandler reduced their target price on MongoDB from $425.00 to $280.00 and set an “overweight” rating on the stock in a report on Thursday, March 6th. Finally, Bank of America lowered their target price on MongoDB from $420.00 to $286.00 and set a “buy” rating for the company in a research note on Thursday, March 6th. Seven investment analysts have rated the stock with a hold rating, twenty-four have given a buy rating and one has assigned a strong buy rating to the company. According to data from MarketBeat, the company currently has an average rating of “Moderate Buy” and a consensus target price of $312.84.

Get Our Latest Stock Analysis on MongoDB

MongoDB Trading Down 2.0 %

The company has a market capitalization of $12.28 billion, a price-to-earnings ratio of -56.01 and a beta of 1.49. The company has a 50-day moving average of $236.68 and a 200-day moving average of $261.78.

MongoDB (NASDAQ:MDB – Get Free Report) last issued its earnings results on Wednesday, March 5th. The company reported $0.19 EPS for the quarter, missing analysts’ consensus estimates of $0.64 by ($0.45). The firm had revenue of $548.40 million during the quarter, compared to analysts’ expectations of $519.65 million. MongoDB had a negative net margin of 10.46% and a negative return on equity of 12.22%. During the same quarter in the prior year, the company earned $0.86 EPS. On average, research analysts expect that MongoDB, Inc. will post -1.78 EPS for the current year.

Institutional Investors Weigh In On MongoDB

A number of institutional investors have recently added to or reduced their stakes in the stock. Vanguard Group Inc. lifted its holdings in MongoDB by 0.3% during the fourth quarter. Vanguard Group Inc. now owns 7,328,745 shares of the company’s stock valued at $1,706,205,000 after purchasing an additional 23,942 shares in the last quarter. Franklin Resources Inc. lifted its stake in MongoDB by 9.7% in the 4th quarter. Franklin Resources Inc. now owns 2,054,888 shares of the company’s stock valued at $478,398,000 after buying an additional 181,962 shares in the last quarter. Geode Capital Management LLC boosted its holdings in MongoDB by 1.8% in the 4th quarter. Geode Capital Management LLC now owns 1,252,142 shares of the company’s stock worth $290,987,000 after buying an additional 22,106 shares during the last quarter. First Trust Advisors LP raised its holdings in shares of MongoDB by 12.6% during the fourth quarter. First Trust Advisors LP now owns 854,906 shares of the company’s stock valued at $199,031,000 after acquiring an additional 95,893 shares during the last quarter. Finally, Norges Bank purchased a new stake in shares of MongoDB during the fourth quarter worth approximately $189,584,000. Institutional investors and hedge funds own 89.29% of the company’s stock.

MongoDB Company Profile

(Get Free Report)

What is MCP and why does it matter for AI? – Fierce Network

MMS • RSS

Posted on mongodb google news. Visit mongodb google news

MCP was introduced to open source in November 2024
The protocol helps AI agents access the right data and speak to each other
Adoption is starting to ramp up among major AI players like OpenAI, Anthropic and Google

GOOGLE CLOUD NEXT, LAS VEGAS – You may have heard it talked about at Google Cloud Next. Perhaps you saw it in recent AI-related news reports. But in a sea of acronyms, it’s just another you glossed over without figuring out what the heck MCP (model context protocol) really is. That’s was a mistake. MCP matters a LOT for the future of AI.

“MCP in 2025 is kind of like HTTP in the early 1990s — it has the potential to change how people interact with businesses and services, and create new types of businesses altogether,” Cloudflare VP of Product Rita Kozlov told Fierce.

Introduced to open source by AI trailblazer Anthropic in November 2024, MCP is a standard that allows enterprises and developers to sidestep issues that previously prevented them from accessing data scattered across different repositories. Basically, it removes the headache of having to design and deploy multiple integrations by offering a single way in which to do so across data sources.

“Think of MCP like a USB-C port for AI applications,” the MCP website explains. “Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools.”

Nifty, right?

MCP as an AI enabler

But more than just being cool, it turns out MCP will actually a key tool in enabling the agentic AI future. Why? As Kozlov put it, MCP will effectively enable “agents to operate more autonomously and complete tasks on behalf of users.”

MCP has the potential to change how people interact with businesses and services, and create new types of businesses altogether.

Rita Kozlov, VP of Product, Cloudflare

Agentic AI is all about training and deploying specialized AI that can work through more complex problems. To do that, the AI agents need to be able to access “the right data at the right time” across a variety of back-ends, Amin Vahdat, Google Cloud’s VP and GM for ML, Systems and Cloud, said in response to questions from Fierce.

Back-ends, of course, means databases and data storage systems like AlloyDB, Cloud SQL and Google Cloud Spanner. Beyond that, MCP can also expose data from REST APIs, or “really any service that can expose a programmatic interface,” Ben Flast, Director of Product Management at MongoDB and the company’s resident AI guru, told Fierce.

Flast said the company sees two primary ways in which MCP will play a role in AI’s advancement. First is agent development, where MCP will be used to help access the necessary data to boost code generation and automation. Second, he said MCP can also aid agents and LLMs as they function, providing necessary context for the AI to interact with various systems.

The trick now, Flast added, is figuring out what exactly agents are going to need from application databases – i.e. what kinds of storage or memory functionality they’ll need to meet performance needs.

Connecting AI to AI with MCP

But AI agents won’t just need to be fed a constant diet of data. They’ll also need to socialize.

Flast said MCP can be used to allow agents to talk to one another. And indeed, Kozlov said “we’re actually already starting to see developers build Agents that ‘speak’ MCP to other Agents.”

But Google Cloud just came up with its own standard to make that happen: the Agent2Agent protocol.

“MCP and A2A are complimentary in that MCP allows you to access data in an open standard way, where A2A allows for interoperability between different agents,” Vahdat explained. “So, think of MCP as model-to-data and A2A as agent-to-agent.” Put the two together and you have a very “easy and productive” way to build more powerful agents, he added.

MCP adoption curve

While the protocol is still very new, Kozlov and Flast said MCP has – like everything else AI-related – been rapidly gaining steam.

“Even Anthropic’s largest competitor, Open AI, has decided to add support for it,” Flast said. “Thousands of MCP Servers have already been built and the protocol was only announced in November 2024.”

Just this week, in fact, Cloudflare joined the MCP server game, adding a remote MCP server capability to its Developer Platform.

“We’re doing this to give developers and organizations a head start building for where MCP is headed because we anticipate that this will be a major new mode of interaction, just like how mobile was,” Kozlov concluded.

Keep your eyes peeled. It sounds like much more MCP news is on the horizon.

Article originally posted on mongodb google news. Visit mongodb google news

Uncategorized

Lessons Learned from Growing an Engineering Organization

MMS • Ben Linders

Article originally posted on InfoQ. Visit InfoQ

As their organization grew, Thiago Ghisi’s work as director of engineering shifted from being hands-on in emergencies to designing frameworks and delegating decisions. He suggested treating changes as experiments, documenting reorganizations, and using a wave-based communication approach to gather feedback, ensuring people feel heard and invested. This iterative process helps create sustainable growth and fosters buy-in from the team.

Thiago Ghisi presented lessons learned from growing an engineering organization at QCon London.

Ghisi explained how the growth of his organization impacted his work as director of engineering:

When we were around 30 engineers, I could still be in all the crucial standups, help new managers fill gaps, and solve emergencies directly in Slack. But once we passed 50, that just didn’t scale. My role switched from “heroic firefighting” to shaping frameworks and delegating crucial decisions to develop the leadership team.

Ghisi mentioned that he had to stop being the go-to “person” for everything and start being the designer of their broader system, so teams could operate autonomously without waiting for him to approve every move. That shift was challenging but ultimately unlocked more sustainable growth, he added.

Approaching 100 engineers, success is all about designing an environment where others can operate effectively without his constant involvement, Ghisi stated. It is all about building organizational resilience.

Ghisi mentioned that organizations evolve like living organisms. Even if nothing’s “on fire,” a small structural adjustment can be the difference between merely functioning (treading water) and truly flourishing (innovating), he said.

A big part of getting changes to stick is treating them as experiments first in a subtle way, not final mandates, as Ghisi explained:

For instance, I’ll often spin up a “temporary” or “interim” task force before making it official, exactly like when a leader appoints someone as interim manager to see how it goes.

In parallel, once the most senior leaders in our organization agree on a rough plan, we bring in waves of staff engineers and engineering managers to stress-test it, Ghisi said. They surface hidden corner cases or improvements that the core leadership group might have missed, and they get to feel like true co-creators of the new setup rather than mere recipients of a top-down organization chart.

This wave-based approach helps everyone feel heard, which makes them more invested, Ghisi said. He suggested to let people know reorganizations aren’t set in stone:

If something sparks more trouble than it solves, we iterate again. Linking every change back to our short- and long-term priorities helps them see the “why,” not just the “what.”

When leaders demonstrate they’re actively listening and adjusting, people are far more willing to adopt the new structure or process and give feedback, Ghisi concluded.

InfoQ interviewed Thiago Ghisi about what he learned from scaling up.

InfoQ: What is your approach for reorganizing and scaling up?

Thiago Ghisi: I always start with a simple one-pager that spells out motivations and goals: maybe we’re addressing overlapping ownership, or maybe a historically underfunded team is now mission-critical, or maybe staffing a new team for a new scope.

From there, I use an iterative approach:

Create a Draft (in writing): Outline reasons, high-level roadmap, and potential outcomes.

Whiteboard new Organization Structure: Share the draft with a small leadership circle (ideally your senior leadership team) for initial feedback.

People Managers’ Feedback: They’re closest to day-to-day pain points—factor in their corner cases.

Staff-Plus Review: Let senior ICs stress-test the plan. They’ll spot hidden risks. Iterate and incorporate their suggestions.

Leadership Sync: Bring senior leadership team + managers + staff engineers together for one final pass, refining and locking the structure.

Comms Plan: Announce changes in waves—people directly impacted first, next indirectly impacted, then the broader org, finally a town hall for Q&A and reiterate the same message that was shared in writing.

Roll Out & Monitor: If the new structure truly reduces friction or speeds up a key OKR, we keep it. If issues arise, we iterate fast instead of waiting for a “next-year meltdown.”

By treating reorganizations as iterative design—rather than a once-a-year monolith—we keep them from becoming dreaded events. It’s less “big bang” and more continuous improvement, validated by how smoothly teams deliver or how much friction we eliminate along the way.

InfoQ: What have you learned?

Ghisi: Some of the things that I have learned are:

Managerial cost is real: You can’t just form a new squad on paper; you need a dedicated manager or lead who can truly own it.

Structured communication plan: Rolling changes out in at least two or three waves is critical to avoid chaos.

Your own leadership must evolve: Doing everything yourself at 30 engineers might work, but by 60 or 100, it will collapse. You need to empower a leadership bench, focus on system design, and let go of old “hero” behaviors.

In short, scaling to 100+ has less to do with adding headcount and more to do with systematically building leadership, designing topologies, and iterating on my own role. Every doubling of team size demands a doubling of leadership maturity.

About the Author

Ben Linders

Show moreShow less

Uncategorized

3,937 Shares in MongoDB, Inc. (NASDAQ:MDB) Purchased by Polymer Capital …

MMS • RSS

Posted on mongodb google news. Visit mongodb google news

Polymer Capital Management HK LTD acquired a new position in shares of MongoDB, Inc. (NASDAQ:MDB – Free Report) in the fourth quarter, according to its most recent Form 13F filing with the SEC. The firm acquired 3,937 shares of the company’s stock, valued at approximately $917,000.

Several other large investors have also recently made changes to their positions in the stock. Hilltop National Bank lifted its stake in MongoDB by 47.2% in the fourth quarter. Hilltop National Bank now owns 131 shares of the company’s stock worth $30,000 after acquiring an additional 42 shares during the last quarter. Avestar Capital LLC increased its stake in MongoDB by 2.0% in the fourth quarter. Avestar Capital LLC now owns 2,165 shares of the company’s stock valued at $504,000 after purchasing an additional 42 shares during the period. Aigen Investment Management LP raised its holdings in shares of MongoDB by 1.4% in the fourth quarter. Aigen Investment Management LP now owns 3,921 shares of the company’s stock valued at $913,000 after buying an additional 55 shares during the last quarter. Perigon Wealth Management LLC boosted its stake in shares of MongoDB by 2.7% during the fourth quarter. Perigon Wealth Management LLC now owns 2,528 shares of the company’s stock worth $627,000 after buying an additional 66 shares during the period. Finally, O Shaughnessy Asset Management LLC increased its position in MongoDB by 4.8% in the 4th quarter. O Shaughnessy Asset Management LLC now owns 1,647 shares of the company’s stock valued at $383,000 after acquiring an additional 75 shares during the period. 89.29% of the stock is currently owned by institutional investors and hedge funds.

Insiders Place Their Bets

In other news, Director Dwight A. Merriman sold 885 shares of the firm’s stock in a transaction on Tuesday, February 18th. The shares were sold at an average price of $292.05, for a total value of $258,464.25. Following the sale, the director now owns 83,845 shares in the company, valued at approximately $24,486,932.25. This trade represents a 1.04 % decrease in their ownership of the stock. The sale was disclosed in a legal filing with the SEC, which is accessible through this hyperlink. Also, insider Cedric Pech sold 1,690 shares of the company’s stock in a transaction on Wednesday, April 2nd. The shares were sold at an average price of $173.26, for a total transaction of $292,809.40. Following the transaction, the insider now owns 57,634 shares of the company’s stock, valued at approximately $9,985,666.84. The trade was a 2.85 % decrease in their ownership of the stock. The disclosure for this sale can be found here. Insiders sold a total of 58,060 shares of company stock valued at $13,461,875 in the last quarter. Insiders own 3.60% of the company’s stock.

MongoDB Trading Down 5.5 %

MongoDB stock opened at $154.39 on Monday. The company has a market capitalization of $12.53 billion, a P/E ratio of -56.35 and a beta of 1.49. MongoDB, Inc. has a 1-year low of $146.50 and a 1-year high of $387.19. The firm’s fifty day simple moving average is $236.68 and its 200-day simple moving average is $261.78.

MongoDB (NASDAQ:MDB – Get Free Report) last announced its quarterly earnings results on Wednesday, March 5th. The company reported $0.19 earnings per share for the quarter, missing analysts’ consensus estimates of $0.64 by ($0.45). The company had revenue of $548.40 million during the quarter, compared to analyst estimates of $519.65 million. MongoDB had a negative return on equity of 12.22% and a negative net margin of 10.46%. During the same period in the prior year, the firm earned $0.86 EPS. On average, equities research analysts predict that MongoDB, Inc. will post -1.78 earnings per share for the current year.

Analyst Ratings Changes

Several equities research analysts recently weighed in on MDB shares. KeyCorp downgraded MongoDB from a “strong-buy” rating to a “hold” rating in a report on Wednesday, March 5th. Monness Crespi & Hardt upgraded MongoDB from a “sell” rating to a “neutral” rating in a research report on Monday, March 3rd. Morgan Stanley lowered their price target on MongoDB from $350.00 to $315.00 and set an “overweight” rating on the stock in a report on Thursday, March 6th. Daiwa Capital Markets began coverage on shares of MongoDB in a report on Tuesday, April 1st. They issued an “outperform” rating and a $202.00 price target on the stock. Finally, Wedbush dropped their price target on MongoDB from $360.00 to $300.00 and set an “outperform” rating for the company in a research report on Thursday, March 6th. Seven research analysts have rated the stock with a hold rating, twenty-four have assigned a buy rating and one has given a strong buy rating to the company’s stock. Based on data from MarketBeat.com, MongoDB currently has an average rating of “Moderate Buy” and a consensus price target of $312.84.

Get Our Latest Research Report on MDB

MongoDB Company Profile

(Free Report)

Presentation: Comprehensive Approaches to Software Supply Chain Security

MMS • Mykhailo Brodskyi

Article originally posted on InfoQ. Visit InfoQ

Transcript

Brodskyi: My name is Mykhailo Brodskyi. As Principal Software Architect, I focus on platform security and cloud migration. I’m going to walk you through top four security risk categories in software supply chain and show you how to mitigate them effectively. I will share real case studies from our projects, highlighting strategies that protect systems from vulnerabilities, and ensure security and resilience of your platform.

Here is how I’m going to do it. First, we’ll start with the challenges that we have in FinTech industries. Then, we will deep dive in the risk categories. I will show practical examples of how to mitigate them. I prepared some case studies from our real projects. Then, I will show a real hands-on demo.

Looking Into the Future and Reflecting on the Past

Do any of you know what significant event related to security takes place here in Munich every year? It’s not Oktoberfest. Any ideas, every year in winter? Munich Security Conference. It has been a global stage for discussing international security issues. Here, we are not talking about geopolitical issues. We are talking about something equally similar, software security. As Munich Security Conference, that shapes global security policies, our goal is how we shape our software security chain.

Uncover FinTech Landscape Challenges

Let’s dive into the FinTech landscape. The FinTech ecosystem is driven by key serious business domains, such as customer onboarding, payment processing. Each of these domains ensure smooth operations of financial services. Each domain houses numerous business applications inside. For example, for instance, customer onboarding. There is an application for know your customers. For payment processing, we have an application that is responsible for APMs processing, alternative payment processing, credit card transaction processing, and more. Each of these domains work under some framework that operates with standards, laws, and principles.

For example, payment processing is subject to PSD2, while fraud detection is mitigated and operated with AMLD. Why do we have all these principles, laws, and standards, all these regulations that we have in FinTech, and in other areas as well? The answer is simple, that’s risks. All these regulations are designed to mitigate some risk: financial risk, reputation risk. This law exists right now, that helps organizations to mitigate such risk. As you can see that the FinTech landscape is very complex due to these regulations that we have, and also integrations with other applications. It’s clear that we need to have a really robust approach, how we can secure all our applications inside our landscape.

Explore Software Supply Chain

Let’s dive into software supply chain. I would like to begin with something that we are all familiar with, that’s our physical goods supply chain. The journey begins with upstream supplier, that delivers raw materials to manufacturer, and then customer is going to receive the final product. Similar to software development, we rely on suppliers such as third-party libraries, dependencies, and tools. Everything goes into development flow. In case any of this component is compromised, our final product is at risk. Development organization in software supply chain security, it’s similar to manufacturer. Inside we have the different stages of the process.

The process starts with development, goes to integration, and then end with deployment. Each of this stage relies again on third-party libraries, tools, and dependencies. It’s clear that we need to have an approach to secure all these dependencies. That’s why compliance and security, it’s not the static flow, it’s a static layer in our software supply chain. It’s dynamic and it’s going to be integrated in each step of the process. Based on this overview and understanding of software supply chain, we can create different categories. The main category that’s related to our third-party libraries and tools. The second category that’s related to our internal development. Then we have process and all this risk that’s related to our delivery and deployment, and governance, and security testing.

Address Mitigation Strategies for Third-Party Risks

Now I’m going to talk in detail about all these categories that we have. Let’s start with the first one. Let’s start with our software development chain, when we have all these components. The first approach and first what we need to understand and ask when we work with third-party libraries, they need to be certified. In this case, we can make sure that our final product that is going to be developed based on these libraries is also going to be protected. Then we can integrate software composition analysis. This approach will help us to mitigate these issues and risk that’s related to third-party libraries and tools. Software composition analysis, there are multiple steps there.

First component, that’s dependency analysis, they analyze all our dependencies. Then vulnerability detection, because this tool already has integration with internal database, which is possible to monitor and understand if there are any issues in our pipeline. Then, also module that’s responsible for license compliance. In our organization, usually we have private artifact repository. Then we have version control system. Our journey starts with fetching these dependencies and trying to build our project. This tool, software composition analysis, will help us to analyze all these dependencies that we have there. The next step is going to be build our pipeline. We can integrate some job in this pipeline that is going to monitor all these dependencies. Then, also to provide some notification to us in case we have any issues.

Now we can go even further and try to mitigate and build even more layers of security while we are talking about third-party libraries. Let’s imagine that we would like to start working on some new feature, and we need to use some new third-party libraries that are not available in our repository. First, we have the development team, then we have cyber team, and we have our supplier. In this case, that supplier who is going to deliver third-party libraries and tools. A developer is going to select this component that is needed to be integrated in our private artifact repository, and select in public artifact repository. Then it’s going to be added first in intermediate repository, where we’re going to trigger this vulnerability scanning, what I mentioned earlier, and license scanning.

Only after we perform vulnerability scan, license compliance check, and we will be ready for the further check, we can include this library into the next repository to secure the repository. This repository is going to be integrated and continuously execute some monitoring tool. We will try to identify new vulnerabilities there. Try to also check licenses, what we have. Once we receive a good sign from this validation, we can include this library to our development repository. This zero-trust dependency management really will help us to minimize all these risks that’s related to dependencies and tool. Finally, at the end, we can execute verification. We can execute all security verification, SAST and DAST. Then perform penetration test.

Let’s try to summarize what we need to do for mitigating third-party dependencies. We need to ask about licenses. They need to be compliant with that. Then we need to integrate. Of course, use only private artifact repository. To build several layers of repository in case it’s needed, depends on your business domain. Then, to integrate continuous verification in your pipeline.

Secure Internal Development

Let’s go to the internal development. Here there is a best practice in case you would like to improve your security development. Try to integrate some existing principles and standards. For example, in our FinTech industry, there is a common set of rules and standards, PCI DSS. All payment processing domains should follow these standards. Let’s talk about these standards. The definition. First of all, it’s a set of standards that explain in which way we need to implement, and how we need to build our network. Also, there are other standards as well. This standard is super important for FinTech. There are six groups of requirements. One group is focused on network segmentation. Then it’s related to how you build access control to your system and your environment. Also related to how you’re going to monitor your environments and your applications. There are stages of process inside this flow, in case you would like to apply these standards for your organization.

First process that we need to discover, we need to scope and we need to analyze your infrastructure and your landscape, what you have. What does it mean for this? You identify all components in this chain. You also analyze which type of data you store there. Based on this information, then you can apply different segmentation strategies. That’s number one, scoping, organization analysis. Then, categorization. PCI DSS explains different categories for systems that you need to apply. It depends on which data you store there. First, that’s CD system, cardholder data environment. That’s the environment, where do you process transactional data or you store transactional data? Everything that’s related to simple transactions, everything that’s related to cardholder data.

Then, connected-to: you have a separated system that doesn’t store any cardholder related data or customer data. This system is just only connected to cardholder data environment that process or store related data. Then you have security impacts in your system. A good example, some configuration management, when you store configuration for a particular microservice or particular customer. Out-of-the scope system. Out-of-the scope means that the system is not going to be under PCI DSS. Its system doesn’t contain any credit cardholder data. It can be completely isolated from our main environment. The next step, we need to implement all these segmentation and controls. Then, we need to implement validation. We need to maintain this segmentation. It means, for example, in our industry, two times per year, we need to complete PCI DSS. Every time we need to update this documentation, we need to show that we have a monitoring system in place. That’s why it’s very important.

Examine Real-World Case Study

I would like to show a real example. It’s a very interesting story of what we already started. Our company, the main goal is process transactions. All our systems that we have currently, they were hosted in a private data center. We initiated a really complex project to migrate all our 100-plus application modules from a physical data center to the cloud. During this migration journey, we had to review all our current segmentation approaches that we have, all our communication strategies. I’m trying to show some small set of architecture where we try to apply all these principles. Then, somehow, to bring architectural improvements during this cloud migration. Holistic architecture. In payment processing, there are different layers of architecture. Here we have, first, input channel, where we need to obtain this transaction. Then, to send to our payment processing gateway. There are different input channels. We can use mobile devices. We can integrate with external websites. Or it can be integration with external systems, with airlines, for example.

In this case, we have environment, when we need to consume these transactions. Right now, there is a component input channel. We are going to receive this transaction from physical terminal. Then, if you use different currency, and you would like, for example, to travel somewhere from Europe to U.S., or in other countries, you can ask which currency you would like to pay. For this currency conversion exchange, there is a separate component, or even a separate service is responsible and integrated to payment industry. That’s currency conversion service. This component is responsible to decide, which option is better and how we are going to exchange it. Then, we are going to process this transaction.

In this case, payment processing service is going to be connected to one of these card schemes that we have. Once we started to analyze the current architecture, what we had previously in our data center, the landscape is super complex. Sometimes there is shared database approach, and 10 applications connected to one database. Of course, in cloud, it’s difficult to somehow troubleshoot this issue, and try to implement some new features. That’s why we started thinking, let’s try to separate these components. Let’s remember which categories we have. That’s CD system that’s responsible for cardholder data environment, connected-to system, security-impacting systems, and out-of-the scope system.

Obviously, the transaction is going to be received, first of all, by input channel. Then, processed by payment service. Then, sent to card schemes. It means that these two services, it goes to CD bucket. Then we can separate and we can move currency conversion service independently to another zone. In this case, let’s assume that we can include the service in non-card data environment. What else do we need to follow in order to build this separation, and, first of all, to move this service to the out-of-the scope category? We need to implement access control. We need to have authentication and encryption. It means that it’s not just possible payment service is going to talk directly to currency conversion service, we need to authenticate this service. We need to implement some mechanism of authorization, how we are going to do it. Also, we need to put it in a separate zone.

I understand that there are so many people from different industries. I try to think, how can you use this information and apply this information and deploy already, let’s say, next week? Try to think from this categorization point of view, and these separate categories that we have in FinTech industry, in PCI DSS, and build the same categorization and segmentation level on your system. Let’s say that we are talking about healthcare. We can create and build a separate environment where we are going to put applications that are related to storing and processing some personal information. Then, you can store this information that’s related to health insurance, health state, for example, of this person, in this separate environment and even in separate application. Then, construction. I remember back in the past, in my experience, construction domain, we had microservice architecture. All these services were just deployed in one single zone.

Of course, from communication point of view and then security point of view, it’s a really bad approach. In case we are talking about construction domain, it’s better also, again, all related customer information put in one service, in one database, and then to separate in a completely different environment. Then, real estate. The same goes to this domain. Customer related information, we put in one database, even in another environment. All information about objects and real estate properties, you can put in separate environment, because also you need to protect this information. Somehow, for their competitors, it’s going to be super important. Energy sector, all information, for example, telemetry information, information about some plants manufacturers, you can also separate in completely different environment and zone. That’s cross-industry applications, and how we can build this inspiration and apply for other industries.

Approach number two, that also goes to secure development practices. This approach is successfully applied in the current company and also in the previous one that was related to network security protection, so threat modeling. What does it mean? There are three questions that we need to answer. First, we need to understand what we are going to build, which potential issues we can have, and how we are going to mitigate them. Idea that, in case you have any design process in your organization or you have architectural process, you can integrate threat modeling on an earlier stage of your development. That’s exactly what we did in the current company. It means that on this earlier stage, you can, together with your development team, think with all these vulnerabilities, potential vulnerabilities that we have right now, and try to mitigate already on the earlier stage of your design, architectural draft version.

It helped us multiple times, because it’s reputation risk, and it’s development risk, and even some additional costs then which we need to fix later on. Key components, so, first of all, we identify the same, there is some similarity that’s related to PCI DSS, that we have scoping, here we have asset identification. We are going to analyze all our components, what we have in our system. Then we are trying to also review current threats that we have, and try to build mitigation for this threat. There are some benefits. First of all, we can increase time to market. We are not going to spend some additional time for testing or verification, and then fixing these issues. We can improve our application security. Then, it’s also to use some best practices, some frameworks that we have already in this industry. There are so many approaches of what we have. We applied several times a straight approach for threat modeling.

I’m going to show you right now a DFD diagram. That’s a diagram that is going to be compiled and created during this threat modeling process. With this diagram, you can identify external boundaries of what you have, internal systems that we have right now, and then the processes and storage. Then we will try to map all these issues that we can have, and identify what is the communication flow from one service to another service, and then try to build some additional security layers. For example, what is going to be authentication and authorization? Do we have any encryption there? Which type of information do we store in this database? Then it’s going to be everything documented. It’s going to be reviewed together with our cyber experts, with our architects. Then, to make sure that we are not going to introduce any additional risk there. This approach is possible to automate with different tools.

Even from Microsoft, there is automation. It’s even possible to use some AI approach to analyze and build some list of the risks potentially that you can have. Once we applied this approach, we were able to identify some potential vulnerabilities which were not identified during penetration test, and that was really a red sign for us, and we spent immediately to resolve these issues that were related to service-to-service communication, and which data do we send there. These two big issues were identified, especially because of this process that we applied.

Let’s summarize how we can mitigate internal development. First of all, that’s one more time, apply existing security standards, what we have right now. In case you’re in healthcare, you can try to apply these industry standards, what I just explained recently. Also, security review, really good code review, and threat modeling.

Mitigate Software Delivery and Governance Risks

Let’s move to software delivery deployment, and governance and security testing categories. I would like to show you how we are going to mitigate these delivery risks, what we have during our deployment. Let’s, one more time, go back to our process that we have, our development organization, with different stages during this flow. First issue, what we can have, that’s version control system stage. We can, by accident, expose some credential secret. There were so many examples in GitLab, in GitHub, that were found in public repositories, all secrets. It can be a really big issue to all systems that we have.

This issue, we can mitigate with secret management. Let’s say that we are together right now, building some software, building a new feature. Of course, there are so many available secrets management tools for our platform. There are platform agnostic, that we don’t care which cloud provider we are going to use. There are some cloud providers that are container native. Then we have some tools that’s DevOps focused. Also, in a separate category, I added identity management system. That’s not related to all of them, but it’s somehow in the first layer, how we are going to protect our access. Let’s say, because during our cloud migration, we are going to deploy everything that we have in a data center to Azure.

In this case, let’s select Key Vault Secret Manager in Azure. Then we can go and we can move to the build stage. Here there is a risk that our build infrastructure can be compromised. In this case, we can use additional security controls. That’s what we have in all version control systems, in Git or GitLab. Then we can also include and implement SAST and DAST, static and dynamic security test and analysis. For static testing, we have SonarQube. For dynamic, we have Acunetix and Qualys. Let’s say that for security controls, we will select SonarQube and Acunetix. That’s what we use in our current company. Then, package stage, insecure artifact. Insecure artifact, I explained previously, that’s really zero-trust approach and CCI approach as well. It can also be integrated. Another approach is source code signing. There are different tools for this: Cosign, Notary, pipeline code signing in Azure. We are going to select Cosign.

Then, let’s move to the testing stage and deployment stage. Insufficient security testing. I have seen multiple times that we do not pay really big attention. There are no multiple security test cases available to mitigate and complete final verification of your software. That’s why it’s a really good approach first to integrate SAST, DAST. Depending on your domain industry, integrate also penetration test for your organization. This approach even was applied earlier in previous companies, related to construction or network and security verification testing. All these issues we can mitigate with security controls and secret management. Also, there is a point here. Have you already integrated a secret management tool in your pipeline? Also, there is verification. It’s very important that these keys that you have in this tool, that they have expiration date. Otherwise, it’s not going to be compliant, in case you use any tool that’s integrated with your environment, and then can monitor it.

Hands-On Demo

Now, I would like to go to the demo that I prepared. Specifically, I’m going to focus on the third-party libraries’ mitigation, and show you how this artifact, we can generate a software bill of material. We can use in our verification and analysis. Here, I have a simple project in GitHub. There is a microservice with some dependencies. It’s a really simple microservice. In the pipeline, we have two different stages. It’s build and generate software bill of material. Then there is stage when we build integration with Snyk. There are two stages. First, we generate this software bill of material. Then we use this artifact for further scanning and verification. That’s related to software composition analysis. Also, there is a dashboard of this tool. Right now, I don’t have any critical or high critical vulnerabilities. Also, I integrated this Nexus Repository. Right now, it’s running on my EC2 instance. Here, we have different types of repositories that I created. First is Maven Central Repository.

There is GitHub repository here, integrated pipeline there. There are multiple stages. First, we have Snyk scan integration. I’m going to trigger right now the tool of this build. Then, I have integration with this dashboard. Also, there are no high critical vulnerabilities. There are multiple repositories. This repository, it’s related to my dependencies, what I have in the current project. Then, I have a separate repository when I’m going to publish my artifact, which I’m going to build. Here, you can see the separation of these two repositories. That’s EC2 configuration of security groups. Then, I’m going to change this form configuration. Right now, everything is green. Here, I’m going to introduce non-dependency, Log4j dependency, and see what is going to be the behavior of this tool and how it’s going to be integrated in this dashboard. I’m going to comment out this dependency, and trigger a build. Build started. It was completed. Now, you can see that new issues were introduced.

Based on this artifact that was created, this tool is integrated, and continuously analyzing my software bill of material. Then, I’m going to remove this dependency, and generate this file one more time. At the end, it’s a big artifact. It’s a big XML or JSON file, with all these dependencies that you have in the application. Then, this file, now you can see that’s integrated already in the pipeline. Here, you can even build some business logic on the current pipeline on top. You can establish continuous monitoring. Then, you can use this file in order to share, and then trigger a compliance check. Then, you can use this outcome for your regulation and compliance process. I remember back in the past, in one of the projects, the compliance team asked the development team, can you please create an Excel file and put all the dependencies in this file? We were really surprised. It’s really manual work. It’s better to implement and integrate software bill of materials. Then, to have some stage in the pipeline that the security and risk team can analyze and can approve. At the end, this issue is mitigated, resolved, and dashboard is green.

Questions and Answers

Nikolai: You have a step, a Snyk scan, but what if a dependency was found after the build finished and it already was deployed? Do you continuously rescan all your dependencies, and then notify and rebuild all the services which depend on this dependency?

Brodskyi: A question about the integration, about how we automate, and how we’re going to notify and protect our next deployment step.

Nikolai: Not next, but if it’s already in production, and next day we found some zero-day vulnerability in the dependency which we already deployed.

Brodskyi: In this case, you need to establish patch management, and make sure that your organization is able to provide this process where you can mitigate and deliver this simple fix as soon as possible. That’s only related to, what is your patch process. In case it’s happened, then in our organization there is an SLA. We need to react in this period of time. In case it’s not happened, then it’s going to be a problem, a reputation risk for our company. That’s patch processing what we have. We have SLA, how fast we’re going to react, and what is going to be the mitigation.

Nikolai: To know that you have this vulnerability, how you go about it.

Brodskyi: To know it, because of the PCI DSS, we need to have a really strong monitoring system. We have a monitoring system that is going to notify each team immediately, all development teams. This monitoring tool is integrated with all other notification channels that we have: Teams, for example, emails, and so on. First of all, the operational support team is going to receive this alarm. Then, development team is going to receive all this notification.

Nikolai: More practical, like, for example, I have a container inside my private registry. I know that, for example, AWS Inspector continuously does this scanning of the containers if you keep it in their registry. As soon as they found that in your container you have some vulnerability, you can configure this notification pipeline that will send you a message. Then you can rebuild your artifact with a fresh dependency, and then deploy it again. How do you do that? What tools do you use?

Brodskyi: For container scanning, we use Azure tool. We integrated this tool there. Then, for this type of application that’s not in the cloud right now, we use Acunetix, Qualys, SonarQube, and, of course, penetration test in case we are going to release a very business critical update.

Shashi: These DORA regulations are coming from next year, which have to be adapted by, I think, all the European companies regardless of the industry. These pipelines which you showed us, will these have to be adapted and become more faster because the SLAs might be much smaller because of this regulation? If yes, then, is there already something going on on these architectures which you have just shown in this talk?

For example, in our company, we use Black Duck for software composition analysis. Because in our company we have C++ based libraries and some of them take really long to build, we build them locally on our infrastructure. Let’s say we have a CVE found, like the guy asked, zero-day CVE found, how would we use this thing which you showed us just now to be compliant with the DORA regulations that we have immediately a new batch created and delivered to the end customer?

Brodskyi: There is a new regulation coming to the FinTech industry, DORA. Also, regarding the pipeline, how is it going to be adapted?

Regarding DORA regulation, that’s particularly related to resilience and how your system platform is going to be resilient. How do you deploy? Also, it’s about platform security. Regarding the deployment, for sure, right now we are working to improve our deployment. Because of the cloud migration, we integrated all these DevOps principles in order to speed up. Latest example is that in order to complete some verification of our big APM processing, alternative payment method processing application, we spent several hours in this cloud migration, optimizing the processing strategy and optimizing the feedback loop in this pipeline. In GitLab plus Argo CD, we are able to speed up our deployment. This DORA regulation in our company is running in parallel, because we are doing these improvements not because of this regulation, because of our big cloud migration journey and to improve speed to market.

How do we react to some vulnerabilities that we have in production?

Regarding the vulnerabilities, in case we have them in production, we have a very complex monitoring tool. We have our support team that is looking every time on this monitoring tool. Also, we have notifications. Once they receive, we immediately react. All scrum teams, depending on the application or microservice, focus on this particular vulnerability. Then it’s going to be delivered. We will use all these tools in our pipeline in order to verify. Then it’s going to be deployment using this patch processing and hotfix deployment.

See more presentations with transcripts

MongoDB, Inc. (NASDAQ:MDB) Shares Acquired by Amitell Capital Pte Ltd – MarketBeat

MMS • RSS

Insider Transactions at MongoDB

MongoDB Price Performance

Wall Street Analysts Forecast Growth

About MongoDB

See Also

Subscribe for MMS Newsletter

Did you know...

Using Artificial Intelligence in Software Testing

MMS • Ben Linders

About the Author

Ben Linders

Subscribe for MMS Newsletter

Did you know...

Have Insiders Sold MongoDB Shares Recently? – Simply Wall St News

MMS • RSS

MongoDB Insider Transactions Over The Last Year

Insider Ownership

So What Does This Data Suggest About MongoDB Insiders?

New: Manage All Your Stock Portfolios in One Place

Subscribe for MMS Newsletter

Did you know...

Fmr LLC Decreases Stake in MongoDB, Inc. (NASDAQ:MDB) – MarketBeat

MMS • RSS

Insider Buying and Selling at MongoDB

Analyst Upgrades and Downgrades

MongoDB Trading Down 4.5 %

MongoDB Profile

Read More

Subscribe for MMS Newsletter

Did you know...

Prudential Financial Inc. Cuts Stock Holdings in MongoDB, Inc. (NASDAQ:MDB)

MMS • RSS

Insider Buying and Selling at MongoDB

Wall Street Analysts Forecast Growth

MongoDB Stock Up 17.5 %

About MongoDB

Featured Articles

Subscribe for MMS Newsletter

Did you know...

MongoDB (NASDAQ:MDB) Hits New 1-Year Low Following Insider Selling – MarketBeat

MMS • RSS

Wall Street Analysts Forecast Growth

MongoDB Trading Down 2.0 %

Institutional Investors Weigh In On MongoDB

MongoDB Company Profile

Featured Articles

Subscribe for MMS Newsletter

Did you know...

What is MCP and why does it matter for AI? – Fierce Network

MMS • RSS

MCP as an AI enabler

Connecting AI to AI with MCP

MCP adoption curve

Subscribe for MMS Newsletter

Did you know...

Lessons Learned from Growing an Engineering Organization

MMS • Ben Linders

About the Author

Ben Linders

Subscribe for MMS Newsletter

Did you know...

3,937 Shares in MongoDB, Inc. (NASDAQ:MDB) Purchased by Polymer Capital …

MMS • RSS

Insiders Place Their Bets

MongoDB Trading Down 5.5 %

Analyst Ratings Changes

MongoDB Company Profile

Featured Articles

Subscribe for MMS Newsletter

Did you know...

Presentation: Comprehensive Approaches to Software Supply Chain Security

MMS • Mykhailo Brodskyi

Transcript

Looking Into the Future and Reflecting on the Past

Uncover FinTech Landscape Challenges

Explore Software Supply Chain

Address Mitigation Strategies for Third-Party Risks

Secure Internal Development