Executive Viewpoint 2017 Prediction: Checkmarx – Spotting Software Trends and Beyond
Software is now embedded in every aspect of modern day business, making it critical for organizations to understand how the industry is evolving and where it’s headed. The internet, with the addition of software, has changed the way people and businesses interact and engage, especially when you consider the fact that there are over 4.5 million apps available on platforms such as Google, Apple and Microsoft. Software is the driving force behind everyday tasks like communicating with clients and driving to work. At Checkmarx, we’re keeping an eye on the software industry to spot trends and opportunities in the application space and adapt accordingly.
1. Rise of IoT Makes Software Assurance More Vital
With analysts suggesting that there will be 50bn Internet of Things devices in use by 2020, the current playbook for IoT development is still immature. As witnessed by recent distributed denial of service attacks that hijacked smartphones and a range of vulnerabilities in consumer electronic devices, there is not enough attention being paid to securing IoT devices. There is a palpable fear that a major category of IoT products embedded within a life-critical application such as health, CNI or automotive is vulnerable to a major attack through negligence in software security.
2. IoT Security Will be Enhanced
Over the next few years, Industry groups and regulatory framework within automotive (Misra) and healthcare (HIPPA) backed by governmental agencies are likely to expand their role in ensuring that the software embedded with IoT devices adheres to the agreed level of security and compliance. Organizations and especially device vendors need to plan for this change and start considering how to build a secure software development cycle.
3. AR VR Risks
VR and AR will likely reach mass market in 2017 and as a result, developers will be racing to build software for emerging platforms like Oculus and Microsoft Hololens. During this rush, proper application security practices may not be properly adhered to introducing vulnerabilities to the end user which, when exploited, may have access to the users’ camera, microphone, and in some cases even spatial mappings of their environments.
4. Secure Development Skills Shortage
The lack of secure development awareness centers on the skill shortage that organizations are facing. The situation is getting worse according to Symantec CEO Michael Brown, “In 2015, more than 200,000 cybersecurity job positions went unfilled, a shortfall that is on track to increase to 1.5 million by 2019.” To address this issue, the industry needs to stop applying a bandage and start treating the patient which means dealing with the underlying problem of poor security within software code. Developers will become more empowered and receive the right training and tools to deliver software that has less vulnerabilities. By 2020, we will see more universities introduce secure development courses and developers will be measured not just on the functionality and the speed of app delivery but also how secure their code is in relation to measureable standards.
There are both opportunities and challenges that exist in the coming years for software security, which makes it an exciting space to be a part of. As the needs of businesses and consumers evolve, applications will have to be modified in order to meet, and even exceed, demand. Of course, with the influx of new applications coming to market in the next year, security is top of mind for not only the end user, but developers alike. As such, the emphasis on secure software code will increase and more resources will have to be dedicated to making secure applications a reality.