2024 DevSecOps Predictions - Part 3
January 24, 2024

DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024. Part 3 looks at more issues and solutions.

Start with: 2024 DevSecOps Predictions - Part 1

Start with: 2024 DevSecOps Predictions - Part 2

LARGE LANGUAGE MODELS IMPACT SECURITY

In 2024, as Large Language Models (LLMs) become increasingly ubiquitous, we can anticipate a growing concern in the realm of developer security.

There are two key aspects that warrant attention:

Emergence of Malicious Open-Source Packages: In the past, crafting a malicious open source package required a level of domain expertise. However, the widespread availability of LLMs has lowered the entry barrier, making it feasible for anyone with a computer and an internet connection to create malicious packages. Consequently, we should expect a surge in cyberattacks, characterized by increased sophistication and a broader linguistic spectrum due to the ease of language adaptation.

Security Measures for LLM Adoption: With the integration of LLMs into various processes, companies will need to fortify their security defenses. For those consuming LLMs through APIs, traditional threats such as injection vulnerabilities will persist, but new risks will emerge, like verifying the input and output of LLMs to ensure they don't compromise the organization's network or contain malicious instructions. Companies opting to run LLMs in-house will encounter the challenge of managing a new technology stack, involving permissions, restrictions, and more.

In summary, the wider adoption of LLMs will have ripple effects, not only on hackers seeking to exploit vulnerabilities but also on security services working to safeguard digital assets and networks.
Ori Abramovsky
Head of Data Science, Check Point Software Technologies

EMA'S 2024 CYBERSECURITY PREDICTIONS

Chris Steffen, VP of Research covering Information Security, Risk, and Compliance Management at Enterprise Management Associates (EMA), and Ken Buckler, Research Analyst covering Information Security at EMA, make 2024 cybersecurity predictions on the Cybersecurity Awesomeness Podcast.

Click here for a direct MP3 download of Episode 41

AI IMPROVES API SECURITY

API security evolves as AI enhances offense-defense strategies: In 2023, AI began transforming cybersecurity, playing pivotal roles both on the offensive and defensive security fronts. Traditionally, identifying and exploiting complex, one-off API vulnerabilities required human intervention. AI is now changing this landscape, automating the process, enabling cost-effective, large-scale attacks. In 2024, I predict a notable increase in the sophistication and scalability of attacks. We will witness a pivotal shift as AI becomes a powerful tool for both malicious actors and defenders, redefining the dynamics of digital security.
Shay Levi
CTO and Co-Founder, Noname Security

OPEN SOURCE PRODUCT SECURITY TEAMS

In 2024, we see the rise of dedicated open source product security teams within organizations. As open source continues to expand its footprint within commercial products, product security groups will begin building out dedicated teams focused exclusively on the security of the open source components that make up much of the source code in their products.
Donald Fischer
CEO and Co-Founder, Tidelift

CONTAINER PROTECTION

In 2024, I think we're going to see DevOps teams work more closely with their CISOs or IT security leads to protect containerized environments. Regulations such as GDPR, PCI, and HIPAA are making it increasingly important for organizations to protect and back up data that is vulnerable to increasingly sophisticated cyber threats like Ransomware, and more often than not, that data is in containers. Nearly 9 out of 10 companies today are using containers in development to drive rapid innovation. Although Kubernetes is known to have strict security protocols that help block access to components outside of a cluster, it's definitely not impenetrable. Misconfigurations, missing container replacements, and gaps with backing up create vulnerabilities that attackers are actively exploiting. Warm cloud backups to speed up recovery times during any future downtime incidents, regular scanning, and running containers with the least privileges possible should all be priorities in the year ahead.
Faiz Khan
CEO, Wanclouds

DevOps Adopts Cloud-based Code Signing

In 2023, the CA/Browser Forum passed a new baseline requirement for how code signing certificates and keys are to be securely stored. This was a direct result of several high profile cyberattacks related to compromised code signing keys and processes. While code signing has become essential to proving the authenticity, integrity and security of software, it is still an afterthought for many development organizations. DevOps teams will use the new CA/B Forum requirements to reinvent their code signing processes. The popularity of SaaS code signing with a cloud-based HSM will enable simplified and centralized code signing processes, support distributed developers and meet the CA/B Forum requirements – promoting speed, agility and security through the software development lifecycle.
Murali Palanisamy
CTO, AppViewX

CLUSTERED ARCHITECTURES

As businesses increasingly adopt containerized and microservices architectures for their application delivery, I believe that a notable shift towards enhanced segmentation within clusters is on the horizon. This evolution is particularly evident in the growing prominence of Kubernetes as a primary delivery method in the cloud. Organizations are poised to invest significant efforts in fortifying the security and segmentation of clustered architectures at the container level. This proactive approach recognizes the pivotal role of secure containerization and microservices in modern software development. The future landscape is one where the nuances of clustered environments are carefully addressed to not only optimize performance but, more crucially, to bolster the resilience and security of applications as they navigate the dynamic and interconnected realms of containerized and microservices-based infrastructures in multi-cloud vendor environment.
Erez Tadmor
Cybersecurity Evangelist, Tufin

APPLICATION SHIELDING

Application shielding will continue to grow in adoption as organizations realize its value in the DevSecOps framework. Application shielding helps DevSecOps teams work more efficiently by embedding protections to secure source code and IP from reverse-engineering and tampering attempts; IT and security teams will need a mobile app protection platform that meshes with a DevSecOps framework or risk being further siloed from development team efforts.
RJT Keating
SVP of Corporate Development, Zimperium

HARDWARE ACCELERATORS

As DevSecOps matures in 2024, we foresee a deeper fusion with hardware accelerators, optimizing security task efficiency. This synergy will accelerate development workflows and strengthen security postures, narrowing potential attack vectors. For containerized applications, this progress is crucial — enhancing governance, ensuring the deployment of secure containers, and swiftly neutralizing threats. Such advancements are key to advancing the security and performance duality, especially in high-stakes, performance-sensitive environments.
Keith Cunningham
VP of Strategy, Sylabs

MORE OPTIONS FOR DEVELOPERS

Developers will begin to have more options to protect and restore scripts, configurations, and code for applications they are developing across the application development lifecycle. This, in turn, will help make the critical services and configurations essential to run modern data applications available and recoverable in the event of simple human error or malicious actors.
Andy Fernandez
Director, Product Management, HYCU

2024: THE YEAR OF SBOM

2024 will be the year of the Software Bill of Materials (SBOM). In 2024, the software landscape is poised for significant changes, with a growing emphasis on SBOMs. As concerns about supply chain attacks continue to escalate, compliance measures will tighten, due to the increasing frequency and visibility of such incidents. The proactive adoption of SBOMS is not only a response to heightened awareness, but a crucial step in securing the software supply chain. This upcoming year, increased emphasis will be placed on preventing and disclosing supply chain threats, as well as an increase in compliance requirements, like US Executive Order 14028, across the globe.
Nick Mistry
SVP, CISO, Lineaje

Share this

Industry News

November 07, 2024

Broadcom announced the general availability of VMware Tanzu Platform 10 that establishes a new layer of abstraction across Cloud Foundry infrastructure foundations to make it easier, faster, and less expensive to bring new applications, including GenAI applications, to production.

November 07, 2024

Tricentis announced the expansion of its test management and analytics platform, Tricentis qTest, with the launch of Tricentis qTest Copilot.

November 07, 2024

Redgate is introducing two new machine learning (ML) and artificial intelligence (AI) powered capabilities in its test data management and database monitoring solutions.

November 07, 2024

Upbound announced significant advancements to its platform, targeting enterprises building self-service cloud environments for their developers and machine learning engineers.

November 07, 2024

Edera announced the availability of Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.

November 06, 2024

Progress announced 10 years of partnership with emt Distribution — a leading cybersecurity distributor in the Middle East and Africa.

November 06, 2024

Port announced $35 million in Series B funding, bringing its total funding to $58M to date.

November 05, 2024

Parasoft has made another step in strategically integrating AI and ML quality enhancements where development teams need them most, such as using natural language for troubleshooting or checking code in real time.

November 05, 2024

MuleSoft announced the general availability of full lifecycle AsyncAPI support, enabling organizations to power AI agents with real-time data through seamless integration with event-driven architectures (EDAs).

November 05, 2024

Numecent announced they have expanded their Microsoft collaboration with the launch of Cloudpager's new integration to App attach in Azure Virtual Desktop.

November 04, 2024

Progress announced the completion of the acquisition of ShareFile, a business unit of Cloud Software Group, providing a SaaS-native, AI-powered, document-centric collaboration platform, focusing on industry segments including business and professional services, financial services, industrial and healthcare.

November 04, 2024

Incredibuild announced the acquisition of Garden, a provider of DevOps pipeline acceleration solutions.

October 31, 2024

The Open Source Security Foundation (OpenSSF) announced an expansion of its free course “Developing Secure Software” (LFD121).

October 31, 2024

Redgate announced that its core solutions are listed in Amazon Web Services (AWS) Marketplace.

October 30, 2024

LambdaTest introduced a suite of new features to its AI-powered Test Manager, designed to simplify and enhance the test management experience for software development and QA teams.