Virtualization Technology News and Information
Checkmarx 2020 Predictions: Software is Everywhere. Security Concerns Are Too.

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Matthew Rose, Global Director of Application Security Strategy, Checkmarx

Software is Everywhere. Security Concerns Are Too.

2019 proved to be a hectic year in the cybersecurity landscape. With over 3,800 data breaches occurring in the first six months alone, (exposing over 4.1 billion records,) and more than 12,100 new vulnerabilities discovered in commercial and open source software, this year has certainly been one for the memory books.

With all signs pointing to 2020 being equally active, I gave thought to what we can expect to see next year in terms of emerging threats, shifts in software development processes, and more. These predictions were all derived through observed trends, professional insight, and intimate knowledge of our industry.


In 2020, we'll see the proliferation of microservices in software architecture with development teams placing an equal emphasis on speed and security. The utilization of these small code blocks is becoming essential to maintaining agility in the CI/CD pipeline, and a modernized, secure microservices approach will become the new normal for software development next year and beyond.

Software Scanning Automation

One of the greatest challenges currently facing security and development teams revolves around security-related data overload, which hinders software delivery speeds and security integrity. Application security testing tools that leverage automation to produce high-quality results will continue to evolve in 2020, helping organizations shift to a true DevSecOps model by automating vulnerability detection and triage, thereby reducing software time-to-market overall.

In order to understand their threat landscape better, and what should be automated in their SDLC, next year, organizations must stop solely looking at the top industry threats to shape their defense strategies, and instead look at the top threats relevant to their own infrastructures and business models. Automated security tools will support this effort, streamlining triage processes and helping teams focus on their most pressing vulnerabilities first.

Election Security

Voting infrastructure is no longer a physical crank arm and corresponding button. The vast majority of voting and vote-counting now takes place on machines, which run on commercial and open source software, essentially making them just as vulnerable as any other browser-enabled, network-connected resource.

I expect attackers that are looking to interfere with the 2020 elections to find ways to manipulate the data going into or coming out of these machines. With this, common techniques such as SQL injection can be expected to appear, where adversaries will attempt to manipulate a query string and augment - or even outright delete - voting data. The effects of such hacks are clear, as voting data could be skewed, or worse, votes could be erased entirely.


About the Author

Matt Rose 

Matt has over 18 years of software development, sales engineering management and consulting experience. During this time, Matt has helped some of the largest organizations in the world in a variety of industries, regions, and technical environments implement secure software development life cycles utilizing static analysis. Matt's extensive background in application security, object-oriented programming, multi-tier architecture design/implementation, and internet/intranet development has been key to many speaking engagements for organizations like OWASP, ISSA, and ISACA.
Published Friday, January 03, 2020 7:20 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2020>