The world of technology is constantly undergoing both evolutions and revolutions. It is always difficult to know just what kinds of changes and innovations each year is going to bring. The fields of Development and Operations (DevOps) and Development, Security, and Operations (DevSecOps) are two examples where the best people can do is offer their predictions of what might be in store.
PeerSpot users look at trends in various fields and try to anticipate what kind of changes those fields might undergo. What follows is a compilation of the evaluations and predictions that PeerSpot users made for what these fields will look like in 2022.
PeerSpot users feel that one area that will undergo growth in 2022 is the use of Software Composition Analysis (SCA) tools by companies to secure their systems. They will be looking to protect themselves from the kind of open-source vulnerabilities that Log4j brought into public awareness. These SCA tools find and track any and all open-source code that is present in a user’s code base. It is likely that users will want to secure their continuous integration (CI) and continuous delivery protocols against threats potentially lurking in open-source code. This will enable them to manage their software both during development and after it has been released, keeping the cost of fixing issues down and allowing companies to maintain a trusting relationship with their customers.
Vulnerability management is an area in which PeerSpot users predict that changes will occur. Companies will likely not only aim to use SCA tools, but they will invest more into protecting their infrastructures. API testing and code script testing are things that companies may begin to employ more often. The issues revealed brought to light by Log4j’s are probably going to spur software creators to ensure that all potential avenues of harm are closed off.
Our reviewers feel that users of DevSecOps tools are going to want to have more flexibility as far as the DevSecOps modular frameworks that are available to them. They will want to match the modular frameworks that they use to their actual business needs instead of paying for things that are not relevant to them.
Another area that PeerSpot users feel will undergo change in 2022 is the effectiveness of the dashboards that are used to manage DevOps and DevSecOps tools. There is always room to sharpen the ability of administrators and software designers to manage their operations. There are times that the data that program dashboards gather is not always immediately usable. These issues can prove to be especially debilitating in the case of security software. Instead of being able to address problems directly, there are times when the data is directed to a third-party program before anything is done. The rise in usage of SCA and other similar tools and protocols makes it more imperative that any data that is gathered be usable. This is something that is unlikely to escape the notice of software designers.
Additionally, the ability of dashboards to help users triage issues is predicted to be a place where improvements will be made. There are security programs that can inform users that there are issues, but won’t do anything to help them figure out just how severe the damage is. An increased awareness of the different threats that developers face may lead to an increased desire to not only prevent potential threats, but mitigate the worst potential damage if something slips through the cracks. The designers may make it easier for users to set specific parameters as to what level of severity the software will notify users about. It’s conceivable that with an increased focus on security, programs aimed at security will make moves to improve the overall ability of users to diagnose threats.
The accuracy of DevSecOps threat detection tools is yet another area that could see improvement. Unfortunately, there are many instances where DevSecOps tools discover false positives, which puts a drain on resources that would otherwise be spent looking for and trying to address legitimate threats. The tests that detect threats will likely be fine-tuned in a way that keeps irrelevant issues from being flagged by the system. In addition users should be able to tune the system to look for only specific things. That will sharpen the ability of these solutions to only spot real, actual threats.
Another aspect that PeerSpot users feel will be improved is the way that administrators are able to manage false positives. Users may gain the ability to mark issues that have been proven to be false positives. These false positives will then be remembered by the system and flagged as irrelevant. This gives administrators an ability to effectively train the system to recognize the types of things that are not worthy of having resources assigned to them. Fewer false positives will appear and administrators will be able to focus the solution to more closely align with their business needs.
The ability of DevSecOps to effectively integrate with a greater number of solutions and tools is an area that our users believe will be improved in 2022. Currently, DevSecOps solutions have the ability to integrate with other tools, but there are many tools and solutions that are incompatible with other programs. There are major platforms and programming languages that some mainstream pieces of DevSecOps software do not support. This limits the ability of administrators to secure themselves from threats that could do real harm to their systems and businesses. The increased focus on operational security will most likely lead to a greater number of integration options being added to the toolboxes of system administrators.
The expanded use of artificial intelligence in platforms that are designed to scan for issues in the code bases of programs in development prior to their release is another area that is predicted to be improved in 2022. Designers of DevSecOps software that lack AI may upgrade their code base scanning program by adding AI capabilities to them. This will save developers time and resources by enabling them to spot and fix coding flaws without expending a lot of money and other resources on them.
