Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
2021 DevSecOps Trends to Expect
By Jeff Whalen, VP of
Product, ForAllSecure
The acceleration of
application development has shown no sign of stopping. The result is
increasingly complex, interconnected software. These forces are driving
organizations to go beyond merely identifying common security errors or
protecting against common attack techniques. Increasingly complex applications
are calling for the need to anticipate, detect, and respond to new
threats.
Next year we will see
development teams embrace new tools that will produce software at scale, while
maintaining the integrity and security of their code.
API attacks bring
attention to API risks
There are more than 23,000 public web APIs, and
the API market is estimated to be worth $5.1 billion by 2023. APIs bring considerable
benefits - including internal interoperability, reduced development time, and
extended functionality. As a result, organizations have grown increasingly
reliant on this technology, which remains largely untested.
Third-party software can expose companies to
vulnerabilities and weaknesses within software they do not own. Next year
organizations will look for tools that will help them better understand how the
third-party software behaves with their own APIs.
The rise of fuzzing to address CI/CD needs: Development speeds and deployment frequencies
have only continued to intensify and that will not change in the coming years.
In response, developers are turning to Continuous Integration (CI) like
automation tools that support building and testing within the SDLC and
Continuous Delivery (CD) to orchestrate software production. The CI/CD pipeline
constitutes a crucial bridge between the development organization and those
consumers who use its products. But digital attackers know that by gaining
access to the CI/CD pipeline, they can corrupt the software delivery
process.
Next year we'll see an increasing need for highly accurate and automated
security testing techniques. Development teams will look for testing solutions
that offer multiple layers of testing -- whether it's unit testing, regression
testing, or negative testing -- earlier in the development cycle.
Rust goes mainstream: This year Rust broke into the TIOBE index top 20 for
the first time, but 2021 is the year that Rust will go mainstream. The language will
continue to mature and will become a preferred language for new projects at
startups and enterprises alike.
Developers have found that it offers performance without
compromising safety. Microsoft, Amazon, Apple, Cloudflare, and many others are
transitioning projects to Rust, or selecting it as the language of choice for
new projects. While there is always a new hip language (or flavor of the week),
Rust's offering is unique and will only grow in popularity.
Unit testing becomes automated: While unit testing is considered an essential part of detecting and protecting against software bugs, some
organizations find the process burdensome. It can also lead to friction
associated with regulatory or other compliance, integration challenges with
legacy technology, or be viewed as a cost center by more traditional
leadership.
Amid demands to push more testing left, the time is ripe for
automation technology to evolve unit testing approaches. Property-based fuzzing
-- technologies like fuzzing, combined with property-based testing techniques
-- are significantly more effective and efficient than traditional unit testing
methods. As organizations see gains from property-based fuzzing, we will see
deeper integrations between fuzzing techniques and source code management
systems in 2021.
##
About the Author
Jeff
brings more than a dozen years of product experience to ForAllSecure, where he
serves as the Vice President of Product Management. An experienced, highly
analytical product executive, Jeff's focus is driving ForAllSecure's product
strategy and execution. Prior to ForAllSecure, Jeff served as a director of
product management at Contrast Security, where he headed up program management
as the company grew and secured series B and series C funding rounds. Jeff has
a breadth of experience with cybersecurity solutions, previously working at
Zscaler Corporation, HP ArcSight, Good Technology and Blue Coat Systems, now
part of Broadcom. Prior to his career in cybersecurity, Jeff spent 8 years
working in semiconductor engineering at NVIDIA and Transmeta. Jeff holds a BS
in Electrical and Computer Engineering from Carnegie Mellon University.