Check Point® Software Technologies Ltd.(link is external) announced that U.S. News & World Report has named the company among its 2025-2026 list of Best Companies to Work For(link is external).
DEVOPSdigest asked industry experts how they think DevSecOps will evolve and impact development and application security in 2024. Part 3 looks at more issues and solutions.
Start with: 2024 DevSecOps Predictions - Part 1
Start with: 2024 DevSecOps Predictions - Part 2
LARGE LANGUAGE MODELS IMPACT SECURITY
In 2024, as Large Language Models (LLMs) become increasingly ubiquitous, we can anticipate a growing concern in the realm of developer security.
There are two key aspects that warrant attention:
■ Emergence of Malicious Open-Source Packages: In the past, crafting a malicious open source package required a level of domain expertise. However, the widespread availability of LLMs has lowered the entry barrier, making it feasible for anyone with a computer and an internet connection to create malicious packages. Consequently, we should expect a surge in cyberattacks, characterized by increased sophistication and a broader linguistic spectrum due to the ease of language adaptation.
■ Security Measures for LLM Adoption: With the integration of LLMs into various processes, companies will need to fortify their security defenses. For those consuming LLMs through APIs, traditional threats such as injection vulnerabilities will persist, but new risks will emerge, like verifying the input and output of LLMs to ensure they don't compromise the organization's network or contain malicious instructions. Companies opting to run LLMs in-house will encounter the challenge of managing a new technology stack, involving permissions, restrictions, and more.
In summary, the wider adoption of LLMs will have ripple effects, not only on hackers seeking to exploit vulnerabilities but also on security services working to safeguard digital assets and networks.
Ori Abramovsky
Head of Data Science, Check Point Software Technologies(link is external)
EMA'S 2024 CYBERSECURITY PREDICTIONS
Chris Steffen, VP of Research covering Information Security, Risk, and Compliance Management at Enterprise Management Associates (EMA), and Ken Buckler, Research Analyst covering Information Security at EMA, make 2024 cybersecurity predictions on the Cybersecurity Awesomeness Podcast.
Click here for a direct MP3 download of Episode 41(link is external)
AI IMPROVES API SECURITY
API security evolves as AI enhances offense-defense strategies: In 2023, AI began transforming cybersecurity, playing pivotal roles both on the offensive and defensive security fronts. Traditionally, identifying and exploiting complex, one-off API vulnerabilities required human intervention. AI is now changing this landscape, automating the process, enabling cost-effective, large-scale attacks. In 2024, I predict a notable increase in the sophistication and scalability of attacks. We will witness a pivotal shift as AI becomes a powerful tool for both malicious actors and defenders, redefining the dynamics of digital security.
Shay Levi
CTO and Co-Founder, Noname Security(link is external)
OPEN SOURCE PRODUCT SECURITY TEAMS
In 2024, we see the rise of dedicated open source product security teams within organizations. As open source continues to expand its footprint within commercial products, product security groups will begin building out dedicated teams focused exclusively on the security of the open source components that make up much of the source code in their products.
Donald Fischer
CEO and Co-Founder, Tidelift(link is external)
CONTAINER PROTECTION
In 2024, I think we're going to see DevOps teams work more closely with their CISOs or IT security leads to protect containerized environments. Regulations such as GDPR, PCI, and HIPAA are making it increasingly important for organizations to protect and back up data that is vulnerable to increasingly sophisticated cyber threats like Ransomware, and more often than not, that data is in containers. Nearly 9 out of 10 companies today are using containers in development to drive rapid innovation. Although Kubernetes is known to have strict security protocols that help block access to components outside of a cluster, it's definitely not impenetrable. Misconfigurations, missing container replacements, and gaps with backing up create vulnerabilities that attackers are actively exploiting. Warm cloud backups to speed up recovery times during any future downtime incidents, regular scanning, and running containers with the least privileges possible should all be priorities in the year ahead.
Faiz Khan
CEO, Wanclouds(link is external)
DevOps Adopts Cloud-based Code Signing
In 2023, the CA/Browser Forum passed a new baseline requirement for how code signing certificates and keys are to be securely stored. This was a direct result of several high profile cyberattacks related to compromised code signing keys and processes. While code signing has become essential to proving the authenticity, integrity and security of software, it is still an afterthought for many development organizations. DevOps teams will use the new CA/B Forum requirements to reinvent their code signing processes. The popularity of SaaS code signing with a cloud-based HSM will enable simplified and centralized code signing processes, support distributed developers and meet the CA/B Forum requirements – promoting speed, agility and security through the software development lifecycle.
Murali Palanisamy
CTO, AppViewX(link is external)
CLUSTERED ARCHITECTURES
As businesses increasingly adopt containerized and microservices architectures for their application delivery, I believe that a notable shift towards enhanced segmentation within clusters is on the horizon. This evolution is particularly evident in the growing prominence of Kubernetes as a primary delivery method in the cloud. Organizations are poised to invest significant efforts in fortifying the security and segmentation of clustered architectures at the container level. This proactive approach recognizes the pivotal role of secure containerization and microservices in modern software development. The future landscape is one where the nuances of clustered environments are carefully addressed to not only optimize performance but, more crucially, to bolster the resilience and security of applications as they navigate the dynamic and interconnected realms of containerized and microservices-based infrastructures in multi-cloud vendor environment.
Erez Tadmor
Cybersecurity Evangelist, Tufin(link is external)
APPLICATION SHIELDING
Application shielding will continue to grow in adoption as organizations realize its value in the DevSecOps framework. Application shielding helps DevSecOps teams work more efficiently by embedding protections to secure source code and IP from reverse-engineering and tampering attempts; IT and security teams will need a mobile app protection platform that meshes with a DevSecOps framework or risk being further siloed from development team efforts.
RJT Keating
SVP of Corporate Development, Zimperium(link is external)
HARDWARE ACCELERATORS
As DevSecOps matures in 2024, we foresee a deeper fusion with hardware accelerators, optimizing security task efficiency. This synergy will accelerate development workflows and strengthen security postures, narrowing potential attack vectors. For containerized applications, this progress is crucial — enhancing governance, ensuring the deployment of secure containers, and swiftly neutralizing threats. Such advancements are key to advancing the security and performance duality, especially in high-stakes, performance-sensitive environments.
Keith Cunningham
VP of Strategy, Sylabs(link is external)
MORE OPTIONS FOR DEVELOPERS
Developers will begin to have more options to protect and restore scripts, configurations, and code for applications they are developing across the application development lifecycle. This, in turn, will help make the critical services and configurations essential to run modern data applications available and recoverable in the event of simple human error or malicious actors.
Andy Fernandez
Director, Product Management, HYCU(link is external)
2024: THE YEAR OF SBOM
2024 will be the year of the Software Bill of Materials (SBOM). In 2024, the software landscape is poised for significant changes, with a growing emphasis on SBOMs. As concerns about supply chain attacks continue to escalate, compliance measures will tighten, due to the increasing frequency and visibility of such incidents. The proactive adoption of SBOMS is not only a response to heightened awareness, but a crucial step in securing the software supply chain. This upcoming year, increased emphasis will be placed on preventing and disclosing supply chain threats, as well as an increase in compliance requirements, like US Executive Order 14028, across the globe.
Nick Mistry
SVP, CISO, Lineaje(link is external)
Industry News
Postman announced new capabilities that make it dramatically easier to design, test, deploy, and monitor AI agents and the APIs they rely on.
Opsera announced the expansion of its partnership with Databricks.
Postman announced Agent Mode, an AI-native assistant that delivers real productivity gains across the entire API lifecycle.
Progress Software announced the Q2 2025 release of Progress® Telerik® and Progress® Kendo UI®, the .NET and JavaScript UI libraries for modern application development.
Voltage Park announced the launch of its managed Kubernetes service.
Cobalt announced a set of powerful product enhancements within the Cobalt Offensive Security Platform aimed at helping customers scale security testing with greater clarity, automation, and control.
LambdaTest announced its partnership with Assembla, a cloud-based platform for version control and project management.
Salt Security unveiled Salt Illuminate, a platform that redefines how organizations adopt API security.
Workday announced a new unified, AI developer toolset to bring the power of Workday Illuminate directly into the hands of customer and partner developers, enabling them to easily customize and connect AI apps and agents on the Workday platform.
Pegasystems introduced Pega Agentic Process Fabric™, a service that orchestrates all AI agents and systems across an open agentic network for more reliable and accurate automation.
Fivetran announced that its Connector SDK now supports custom connectors for any data source.
Copado announced that Copado Robotic Testing is available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
Check Point® Software Technologies Ltd.(link is external) announced major advancements to its family of Quantum Force Security Gateways(link is external).
Sauce Labs announced the general availability of iOS 18 testing on its Virtual Device Cloud (VDC).