Virtualization Technology News and Information
Article
RSS
Secure Code Warrior 2024 Predictions: Security, developers and the road ahead in 2024

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

Security, developers and the road ahead in 2024

By Pieter Danhieux, Secure Code Warrior Co-Founder & CEO

We've hit that time of the year. The time to reflect on everything that's happened, what we thought would happen and didn't, lessons learned and what we expect will shape the decisions, actions and outcomes over the next 12 months.

Challenging economic dynamics, emerging cybersecurity threats, and society's most accessible introduction to AI to date, shaped what was an interesting 2023 for DevSecOps. Even more curious - none of these elements are in the rearview mirror as we turn the page and head into 2024. They are front and center for organizations, their developer and cybersecurity teams, and government regulators.

As priorities shift at a rapid pace, here are the top predictions Secure Code Warrior sees unfolding in the next 12 months:

Organizations will place a premium on developer retention

Developers deliver immense value to organizations and their customers. Now it's on the organizations to demonstrate their value and appreciate what the developer can do for their bottom line. More investment will be made in retention strategies, programs and other efforts to ensure developers are more empowered to make their current employer their long-term career destination. Learning and development will be a huge differentiator for these enterprises.

More asks of developers will put content and integrations at centerstage

The pressures placed on developers will not let up anytime soon, knowing organizations want more software, and continuous digital transformation to get into the hands of their customers sooner. For developers to stay sharp, anticipate emerging roadblocks in software development life cycles (SDLC) and have access to more resources to accelerate innovation - more learning content and third-party integrations will be of paramount importance.

AI tooling is the new Stack Overflow

The same way developers go to Stack Overflow or open source forums to seek help, developers will start turning to AI tools. However, this creates a false sense of security. Developers will use AI as a "help channel," but organizations will realize that this approach is not enough.

AI remediation is here to stay

AI is not replacing the developer tomorrow, but the technology is becoming more embedded in the software development life cycle (SDLC), creating a more foolproof process to avoid introducing vulnerabilities, or to identify a compatible fix. We're bound to see more experimentation throughout the year that will inevitably bring about a change in developer behavior, organizational investment, staffing re-allocation and new approaches to cybersecurity risk management.

AI reliance + API explosive growth = regulatory measures

The number of companies fueling their businesses through the accelerated creation and enablement of APIs has significantly expanded the API threat vector. With the propensity of AI usage to exponentially increase the speed at which APIs are created and launched, greater governance for API security will need to be a focus - and new regulatory measures are sure to be introduced.

More consequences for software vendors who don't ship secure code

CISA Director Jen Easterly has made it abundantly clear that software vendors should not be permitted to "pass the buck" when it comes to security within their products. While CISA's powers only extend so far - helping to enforce Secure-by-Design practices to vendors that sell to federal agencies - The MOVEit incident earlier this year reaffirmed that large software vendors need to hit and exceed a new benchmark. There needs to be more accountability and more consequences to enforce for repeat offenders who ship insecure code.

2024's OWASP Top 10 will show a renewed focus on design flaws

Speaking of Secure-by-Design, In 2021, OWASP introduced the "Insecure Design" category, focusing on the shift towards architectural security issues and flaws. As we anticipate their upcoming Top 10 list (most likely in 2024), there will be greater, executive-level conversation around the difference between insecure design and insecure implementation, with an emphasis on teams developing a secure software development life cycle (SSDLC), including a complete threat modeling procedure that supports critical authentication and access control configuration.

DevSecOps vendors will need to prove specific ROI to target different executive buyers

In order to sell to multiple groups in a competitive sales cycle, vendors will need to tailor conversations to different areas of the business. Traditionally, security vendors primarily sell to CISOs or security leadership. In 2024, there will be a greater need for the ability to prove risk reduction in increasingly specific contexts for executives across L&D and DevOps/AppSec - in addition to Security/CISOs.

"Gatekeeping" will be the ticket to security maturity in software development

CISOs remain under scrutiny to prove the business value of cybersecurity efforts, as well as the effectiveness of their program over time. Developers will increasingly need to prove they are security-aware before being given projects with sensitive repositories. CISOs who adopt a "gatekeeping" standard and prioritize secure coding from the start of the software creation process will better position their teams for security excellence.

Reactive security will be seen as old school

As the goal of increased cyber resilience continues to dominate cyber strategies across multiple verticals, those who rely on reaction and incident response as the only core tenets of their plan will find themselves in a place of unacceptable exposure and risk. "Shift left" needs to be more than a rapidly aging buzzword; code-level security should be prioritized, alongside upskilling and verifying the competence of the developers working on the software and critical digital infrastructure we take for granted. Now, more than ever, governments and enterprises alike must commit themselves to a preventative, high-awareness security program in which every member of staff is enabled to share responsibility.

As the leader in secure coding education and implementation, we're excited for the year ahead and collaborating with our 600+ customers to get ahead of these evolving dynamics. What does your 2024 look like and how can Secure Code Warrior help?

Interested to learn more? Follow us on X and LinkedIn to stay up-to-date on all announcements.

##

ABOUT THE AUTHOR

Pieter Danhieux 

Pieter Danhieux is the CoFounder/CEO of Secure Code Warrior, a global security company that makes software development better and more secure. In 2016, he was No. 80 on the list of Coolest Tech people in Australia (Business Insider) and awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association).

Pieter is also a Principal instructor for the SANS Institute teaching military, government and private organisations offensive techniques on how to target and assess organisations, systems and individuals for security weaknesses. He also serves as an advisory board member of NVISO, a cyber security consulting company in Europe. Before starting his own company, Pieter worked at Ernst & Young and BAE Systems. He is also one of the Co-Founders of BruCON, one of the most awesome hacking conferences on this planet.

He started his information security career early in life and obtained the Certified Information Systems Security Professional (CISSP) certification as one of the youngest persons ever in Belgium. On his way, he collected a whole range of cyber security certificates (CISA, GCFA, GCIH, GPEN, GWAP) and is currently one of the select few people worldwide to hold the top certification GIAC Security Expert (GSE).

Published Thursday, January 04, 2024 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2024>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910