2023 DevSecOps Predictions - Part 1
January 18, 2023

DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact the business in 2023.


As developers continue to rely on open source code to build applications, hefty security concerns around vulnerabilities and secret leakage loom over organizations. In 2023, we see a mindset shift and full commitment from DevSecOps to shore up these SDLC security gaps and ensure zero trust. Many will migrate to CNAPP platforms incorporating security of the code itself - from development to production on through to runtime. By ‘shifting left’ even further and offering pipeline security and code functionality into one unified platform, teams can adopt a prevention-first mindset that addresses security issues before they become real problems.
Dotan Nahum
Head of Developer Security, Check Point Software Technologies


Security will be a top priority for CIOs heading into 2023. It hasn't been in the news this year quite as much as it was last year, but it remains the biggest problem that CIOs are facing. While awareness of the problem has certainly increased, I don't think most companies have made real progress in addressing the issues. Ransomware is still a big problem — still a growing problem, in fact, even though we haven't seen as many high-profile attacks as we did in 2021. Or maybe they're just old news. Ransomware operators have added extortion to their bag of tricks. In addition to encrypting data, they will sell it or just release it if the victim doesn't pay. Software supply chain attacks are another huge issue. They don't get quite as much coverage because few people really understand how many pieces of software, and how many different sources, are combined to make any product. Of course, there are many other kinds of attacks. These are the two that CIOs really need to focus on.
Mike Loukides
VP of Emerging Tech Content, O'Reilly Media


DevSecOps will evolve slowly to replace DevOps in 2023. DevSecOps is an evolution of DevOps that emerged from the need for security considerations to be addressed earlier in the development cycle rather than being bolted on as an afterthought. Far from being yet another add-on to DevOps, DevSecOps is an entire culture and tooling change that puts the responsibility for security at the build stage before shipping features to customers. This paradigm shift is necessary because of the significant increase in cyber attacks on applications. As more organizations embrace serverless, microservice architectures, Docker, Kubernetes, and similar modern-day cloud technologies, security will take center stage eventually becoming a part of DevOps by default.
Brian Galura
CEO, Convox


DevSecOps will get a huge boost as more and more organizations with matured/maturing DevOps practices will opt to enhance and integrate security into their DevOps pipelines. Security should be baked-in instead of bolted-on, so a DevSecOps mindset that advocates moving security left and considering security in every stage of DevOps will be the talk of the town and will get huge attention next year. With a lot of upcoming interest and opportunities in the DevSecOps space, we could also expect security vendors to provide umbrella security solutions to secure all stages of DevOps, instead of focusing on individual stages.
Ayush Kaushik
Manager, Product Security, Avalara

Going into 2023, we expect Developers will finally grow tired of being the last to know when it comes to application security and revolt against ticketing interface-type tools. Developer teams will have more budget and influence over security testing tools and AppSec providers will invest more in the developer experience. The combination will help drive the widespread adoption of a DevSecOps philosophy.
Scott Gerlach
CSO and Co-Founder, StackHawk


DevOps will need to own security and compliance on some level in 2023 because security control operations will become a more rigorous and critical aspect of their contributions. Security operations owned by DevOps teams must be discretely defined to allow for valid testing of the security controls. Automated testing of deployment processes, data privacy and business continuity will become critical responsibilities of this role. DevOps teammates will need to be conversant in certifications like SOC 2, ISO 27001 and HIPAA to understand their responsibilities and respond to related organizational compliance goals.
Justin Beals
CEO and Co-Founder, Strike Graph


As we enter the New Year, organizations will be looking to balance accelerating modernization efforts while optimizing costs, managing risk and driving revenue. In 2023, I predict we’ll see more organizations implementing platform teams to standardize tools, platforms, to streamline and strengthen software delivery and operations of modern applications. Platform teams are integral to a DevSecOps practice by not only building and running the platform developers use to create new applications that drive business revenue while "shifting left" management and security, and partnering with Cloud Operations team to automate and optimize use of cloud resources. By having teams devoted to running platform as a product, organizations will improve the developer productivity, deliver secure applications continuously and operate applications at scale across clouds.
Ajay Patel
SVP and GM, Modern Applications & Management Business,VMware


As remote development becomes more and more commonplace, software supply chain security will play a more expansive role across the SDLC. Security responsibilities will span from the IDE and extend to applications running in production, continuing the ongoing trend toward security as an organization-wide responsibility.
David DeSanto
VP of Product, GitLab

Amid rising cyber threats and endemic vulnerabilities such as Log4Shell, security and cyber resilience needs to be viewed as a shared responsibility that falls on everyone involved in innovation. Organizations who take out cyber-insurance policies will need to demonstrate that all team members, including development and operations, are accountable for delivering secure innovation. Organizations will need to be focused on finding solutions that enable them to build a holistic DevSecOps approach, which will require greater investment into observability platforms that support cross-departmental processes to ensure all teams have the information necessary to minimize risk.
Amit Shah
Director of Product Marketing, Dynatrace

Everyone needs to take part in DevSecOps — Up until now, DevSecOps was mostly a discipline for devs, devops, and security teams. But as the tech-stack continues to grow larger and more complex, everyone from product and sales to marketing and support need to be actively involved, as everyone is becoming (low-code) developers. This would be most apparent in areas like IAM (defining identities, passwordless experience management ,and managing application permissions and access-control); CI/CD (feature gating, adjusting, and toggling); and data-enrichment (PII redaction and privacy). These key features dramatically impact customer experiences and business interactions.
Or Weis
CEO & Co-Founder, Permit.io


Most of our users in the test space are being asked to do security testing as part of a shift-left motion. I believe 2023 will see more widespread security testing happening in parallel with application development, rather than at the end, right before release. The ability to add in OWASP Top 10 scanning alongside existing tests will be a differentiator.
Marcus Merrell
VP of Technology Strategy, Sauce Labs

Now, the reality is a matter of when, not if, your organization will be the target of an attack. To combat this rising security concern, organizations will need to integrate security within the development process from the very beginning. Integrating security and compliance testing at the upfront will greatly reduce risk and prevent disruptions.
Kevin Thompson
CEO and Executive Chairman, Tricentis


Lately the market has been focused on the shift left and a lot of resources were invested to educate and build proper security tools to address these issues in cloud native pipelines (SCM security, CI/CD etc). Attackers see that there’s a gap between the shift left stakeholders (developers and devops) and the more traditional security practitioners (CISO office etc). We predict that the cooperation between the more traditional security groups in the organization and the shift left stakeholders will increase in the coming year.
Assaf Morag
Lead Data Analyst, Aqua Security


Our mobile devices are frequently at arm's reach and store personal, sensitive data, so it should be no surprise that this is a primary target of malicious attacks. After another trying year of data breaches and cyber threats, organizations and their development teams must better prioritize cyber resilience and risk-reducing strategies in 2023 for the sake of their customers. To achieve this, teams can introduce a shift left approach to security to implement codes and policies earlier in the development process that identify mobile security gaps and potential weaknesses. However, the most successful teams will integrate these security testing parameters and checkpoints throughout the entire development lifecycle in a continuous and agile manner — taking this a step beyond only "shifting left." Expect to see more development teams bring security analysis into the CI/CD pipeline, including static code and dynamic analysis activities and validating with functional testing and mocking services in the new year.
Eran Kinsbruner
Chief Evangelist, Perforce Software

Go to: 2023 DevSecOps Predictions - Part 2

Share this

Industry News

September 21, 2023

Red Hat and Oracle announced the expansion of their alliance to offer customers a greater choice in deploying applications on Oracle Cloud Infrastructure (OCI). As part of the expanded collaboration, Red Hat OpenShift, the industry’s leading hybrid cloud application platform powered by Kubernetes for architecting, building, and deploying cloud-native applications, will be supported and certified to run on OCI.

September 21, 2023

Harness announced the availability of Gitness™, a freely available, fully open source Git platform that brings a new era of collaboration, speed, security, and intelligence to software development.

September 20, 2023

Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).

September 20, 2023

Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.

September 20, 2023

DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.

September 19, 2023

Oracle announced the availability of Java 21.

September 19, 2023

Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.

September 19, 2023

Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.

September 19, 2023

CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).

September 18, 2023

Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.

September 18, 2023

CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.

September 18, 2023

Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.

September 14, 2023

CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.