Virtualization Technology News and Information
Article
RSS
Snyk 2025 Predictions: In 2025, Developers Will Become Creators & Defenders

vmblog-predictions-2025 

Industry executives and experts share their predictions for 2025.  Read them in this 17th annual VMblog.com series exclusive.

By Danny Allan, CTO of Snyk

Savvy developers are adopting new tools and technologies to make their workflows more conducive to the pace of innovation that modern enterprises necessitate. Leaders push their developers to be more groundbreaking, more creative and more solution-oriented, but the question remains if leaders and developers alike are prioritizing this rapid innovation with a security-focused mindset. As we step into 2025, the industry faces a critical turning point: once and for all, shifting security left in the software development lifecycle. To address the mounting challenges emerging from increasingly sophisticated cyber threats, the developer community must embrace this foundational shift and make it an integral part of the development process.

A Secure Future Starts with Security-Focused Developers

As people, we collectively love to create more than we want to fix what's broken. It's why many developers gravitate to careers in product development rather than cybersecurity. However, in 2025, we'll all need a mindset grounded in shift-left, security-first thinking.

This shift is essential because the software industry has transformed from the era of full-stack developers - those who once understood each layer of application development end-to-end - to a specialized ecosystem. Specialization has widened gaps in foundational security knowledge, particularly among junior developers entering an industry increasingly dependent on generative AI (GenAI) tools. In fact, a recent survey showed that less than half (44.8%) of organizations provided AI coding tool training to the majority of their developers, emphasizing this gap is widening as new GenAI tools are adopted. While these tools accelerate development, they often miss larger security concerns, leading to code that lacks proper security standards.

This challenge is further complicated by a disconnect between junior developers' education and the training available to those specifically pursuing cybersecurity-focused degrees. Research shows that out of the top 50 computer science programs in the US, only three require a cybersecurity course for graduation. There is another issue that further compounds this problem: coding languages have become more abstract. Because of this, there's been less of a focus on understanding all the levels of development, and junior developers simply have less security knowledge compared to their predecessors.

I anticipate that as more high-profile cyberattacks occur in 2025 and security becomes a more mainstream topic, the number of professionals seeking a cybersecurity degree will increase​. I also expect ​a computer science education will incorporate more security requirements as a fundamental learning block to keep up with industry needs. This shift will naturally bring in more junior developers who inherently have the security-focused mindset and allow the industry to once and for all, truly shift left.

Security Won't Become Invisible to the Developer in 2025, but it Will Become Easier to Manage

Right now, developers are primarily tasked with creativity -building things - but security will become part of their remit with the shift left. In 2025, we'll see security largely given over to the security operations team, guided much more by AI in every part of the software development lifecycle.

AI will help security and policy teams understand where they need to spend their attention, which will help remove the burden and cognitive load from developers. However, this will only happen for those organizations that put in place strong DevOps practices providing consistency and checkpoints, especially for GenAI. Leaders taking this seriously will have board groups devoted to security and governance along with the governance solutions in place to support policy.

When done well, many of the common repetitive, painful security tasks that have existed for the last 20 years will become much less visible to developers and the wider organization. We'll see more organizations giving security workloads to platform engineering teams who will set up guardrails on the ‘paved path'. As a consequence, developers will finally get a reduction in their cognitive load, unlocking greater innovation and time-on-task.

Bridging the Gap Between Speed and Security

The future of software development hinges on bridging the gap between speed and security. Leaders shaping those already in the field, and educators shaping those coming into the field, should empower their teams and students with the tools, training and practices to think like security professionals. This will allow organizations now and in the future to unlock a new era of secure and groundbreaking innovation. Like 2024, 2025 will be a rapid year of change, with new AI-driven solutions that will lighten developers' security burdens and enable them to focus on what they do best: creating. However, this change begins with a commitment from all, across the industry, to foster a security-first mindset and to ensure every line of code brings us closer to a secure, innovative future.

##

ABOUT THE AUTHOR

danny allan 

As CTO, Danny leads end-to-end ownership of Snyk’s current core offerings and roadmap, as well as the company’s near-term platform vision. Before joining Snyk, he was CTO at Veeam and Desktone (acquired by VMWare) and Director of Security Research at IBM. In his free time, he loves scuba diving, cycling, and hockey (like a true Canadian!).

Published Friday, December 13, 2024 7:34 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2024>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234