Perforce Software announced the launch of AI Validation, a new capability within its Perfecto continuous testing platform for web and mobile applications.
2020 DevSecOps Predictions - Part 1
January 13, 2020
As part of DEVOPSdigest's 2020 predictions, industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020.
Start with 2020 DevOps Predictions
BIZDEVSECOPS 2020
2019 marked a year of record breaking losses due to over zealous digital transformation issues. Issues created by lack of communication and visibility across the silos being key contributors. 2020 will mark the year of the Digital Transformation winners like the NFL being shined a light on. The year the 70-80% of Fortune 2000 failing at digital transformation, their vendors, and advisors — will take pause to think outside the box. They will finally realize that doing the same thing over and over while expecting a different result is the very definition of insanity and their inherent failure. 2020 will be the pivotal year for the Business, Security, Dev and Ops teams to work together to overcome the visibility challenges across their organizations causing the mass losses in planning and predictions. Tools that enable data integration across licensing, cloud, costs, and resources will further consolidate and the real data platform vendors will start to solve the Digital Dilemma once and for all.
Jeanne Morain
Author and Strategist, iSpeak Cloud
SECURE BY DESIGN
In 2020, the principle of "secure by design" will attract greater attention, as it is a core cloud-native computing principle. DevSecOps will thus be less of a difficult combination of security and DevOps, and more of a business and architecture-driven approach that becomes an essential driver of appdev.
Jason Bloomberg
President, Intellyx
DEVOPS AND DEVSECOPS CONVERGENCE
DevOps will become part of every security discussion and security will become a part of every DevOps discussion. We will no longer need to use and explain the term DevSecOps.
Brian Dawson
DevOps Evangelist and Product Suite Marketing, CloudBees
CISO JOINS THE DEVOPS TEAM
The Chief Information Security Officer (CISO) will be part of the DevOps team, influencing a holistic approach to security within DevOps pipelines. Just as DevOps strives to deliver value quickly to the customer, it has the potential to unintentionally introduce security vulnerabilities quickly as well. This has spurred DevOps teams to embed security testing in the DevOps pipeline, increasing the sense of shared responsibility for security. Over the course of 2020, any remaining barriers between CISO staff and DevOps teams will be broken down, with CISO staff becoming full-fledged members of the DevOps team. Security will no longer be a bolt-on activity, and will become a standard component of any DevOps pipeline. Through closer cooperation with the CISO, DevOps security testing will go beyond static and dynamic application security testing (SAST and DAST) and adherence to corporate and regulatory policies. Acknowledging that no software is immune to attack, continuous testing will also include regular, proactive testing of security incident response and damage control protocols, to ensure that any breach can be contained immediately and its effects and costs limited.
Malcom Isaacs
Senior Solutions Manager, Application Delivery Management, Micro Focus
DEVSECOPS MERGES WITH ENGINEERING
At a high level, SaaS apps have highly tailored needs when it comes to information security and protecting customer data, and will require guidance and prioritization from product teams. Implementing these InfoSec needs will require the expertise of the security team, as well as resources of the engineering team, which are allocated by the product teams. Therefore, I predict that DevSecOps will merge into engineering and be guided by product. Currently, this is from an operational point of view due to the proximity to DevOps' technical capabilities. However, I see it as a strong business need that requires product and customer knowledge, to keep up with the increasing complexity of SaaS apps and the sensitive data these apps can access.
Shahar Ben Hador
VP, Product Management, Exabeam
AIOPS UNIFIES SECURITY AND OPS
DevOps organizations continue to adopt AIOps solutions at a rapid clip. SIEM vendors are exploring how AI/ML technology can add operational intelligence to their security event-driven processes. 2020 will see these two parallel drives begin to intersect. AIOps tools will begin to unify IT Operations and Information Security against the explosion of next-generation zero-day threats. The challenges of modern IT environments (i.e. multi-cloud, serverless, etc.) and continued vendor innovation will both fuel this trend.
Richard Whitehead
Chief Evangelist, Moogsoft
SHARED SECURITY RESPONSIBILITY
Until the "shared security responsibility" among teams is complete, we will continue to face serious breaches. Now that a cultural shift has broken down the specialization between development and security teams, creating an environment of shared responsibility, infrastructure as code and orchestration has become more challenging. The truth is, it's not always clear what security responsibilities fall on Dev, Ops — or to both acting in concert. Until we see a re-balancing of security responsibilities explicitly into this shared model, we're going to see stuff fall through the cracks and result in serious breaches. Some organizations have focused on containers as a single point of control and means of addressing this complexity, but containers frequently don't provide the visibility and resolution to tackle security comprehensively.
Ernesto DiGiambattistaFounder, ZeroNorth
PRIORITIZATION
Security organizations will begin accepting that there is just too much to do, and not enough resources. Teams will start looking for methods to make the overall process less demanding as well as for new techniques to allocate resources most effectively. Vendors will start to focus more on making the process easier, while teams will start to lean more on defense in depth than perhaps they were previously. Prioritization techniques and frameworks will start having a seat at the front of the table. Asset management, discovery, and documentation will continue to be a challenge for enterprise organizations
Bryan Becker
Product Manager, WhiteHat Security
Industry News
January 28, 2025
Mirantis announced the launch of Rockoon, an open-source project that simplifies OpenStack management on Kubernetes.
January 28, 2025
Endor Labs announced a new feature, AI Model Discovery, enabling organizations to discover the AI models already in use across their applications, and to set and enforce security policies over which models are permitted.
January 27, 2025
Qt Group is launching Qt AI Assistant, an experimental tool for streamlining cross-platform user interface (UI) development.
January 27, 2025
Sonatype announced its integration with Buy with AWS, a new feature now available through AWS Marketplace.
January 27, 2025
Endor Labs, Aikido Security, Arnica, Amplify, Kodem, Legit, Mobb and Orca Security have launched Opengrep to ensure static code analysis remains truly open, accessible and innovative for everyone:
January 23, 2025
Progress announced the launch of Progress Data Cloud, a managed Data Platform as a Service designed to simplify enterprise data and artificial intelligence (AI) operations in the cloud.
January 23, 2025
Sonar announced the release of its latest Long-Term Active (LTA) version, SonarQube Server 2025 Release 1 (2025.1).
January 23, 2025
Idera announced the launch of Sembi, a multi-brand entity created to unify its premier software quality and security solutions under a single umbrella.
January 22, 2025
Postman announced the Postman AI Agent Builder, a suite empowering developers to quickly design, test, and deploy intelligent agents by combining LLMs, APIs, and workflows into a unified solution.
January 22, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of CubeFS.
January 21, 2025
BrowserStack and Bitrise announced a strategic partnership to revolutionize mobile app quality assurance.
January 16, 2025
Mendix, a Siemens business, announced the general availability of Mendix 10.18.
January 16, 2025
Red Hat announced the general availability of Red Hat OpenShift Virtualization Engine, a new edition of Red Hat OpenShift that provides a dedicated way for organizations to access the proven virtualization functionality already available within Red Hat OpenShift.
