2024 年预测:安全、人工智能、开发者留存率和未来之路
We’ve hit that time of the year. The time to reflect on everything that’s happened, what we thought would happen and didn’t, lessons learned and what we expect will shape the decisions, actions and outcomes over the next 12 months.
Challenging economic dynamics, emerging cybersecurity threats, and society’s most accessible introduction to AI to date, shaped what was an interesting 2023 for DevSecOps. Even more curious – none of these elements are in the rearview mirror as we turn the page and head into 2024. They are front and center for organizations, their developer and cybersecurity teams, and government regulators.
As priorities shift at a rapid pace, here are the top predictions Secure Code Warrior sees unfolding in the next 12 months:
Organizations will place a premium on developer retention
Developers deliver immense value to organizations and their customers. Now it’s on the organizations to demonstrate their value and appreciate what the developer can do for their bottom line. More investment will be made in retention strategies, programs and other efforts to ensure developers are more empowered to make their current employer their long-term career destination. Learning and development will be a huge differentiator for these enterprises.
More asks of developers will put content and integrations at centerstage.
The pressures placed on developers will not let up anytime soon, knowing organizations want more software, and continuous digital transformation to get into the hands of their customers sooner. For developers to stay sharp, anticipate emerging roadblocks in software development life cycles (SDLC) and have access to more resources to accelerate innovation - more learning content and third-party integrations will be of paramount importance.
AI tooling is the new Stack Overflow
The same way developers go to Stack Overflow or open source forums to seek help, developers will start turning to AI tools. However, this creates a false sense of security. Developers will use AI as a “help channel,” but organizations will realize that this approach is not enough.
AI remediation is here to stay
AI is not replacing the developer tomorrow, but the technology is becoming more embedded in the software development life cycle (SDLC), creating a more foolproof process to avoid introducing vulnerabilities, or to identify a compatible fix. We’re bound to see more experimentation throughout the year that will inevitably bring about a change in developer behavior, organizational investment, staffing re-allocation and new approaches to cybersecurity risk management.
AI reliance + API explosive growth = regulatory measures
The number of companies fueling their businesses through the accelerated creation and enablement of APIs has significantly expanded the API threat vector. With the propensity of AI usage to exponentially increase the speed at which APIs are created and launched, greater governance for API security will need to be a focus – and new regulatory measures are sure to be introduced.
More consequences for software vendors who don’t ship secure code
CISA Director Jen Easterly has made it abundantly clear that software vendors should not be permitted to “pass the buck” when it comes to security within their products. While CISA’s powers only extend so far - helping to enforce Secure-by-Design practices to vendors that sell to federal agencies - The MOVEit incident earlier this year reaffirmed that large software vendors need to hit and exceed a new benchmark. There needs to be more accountability and more consequences to enforce for repeat offenders who ship insecure code.
2024’s OWASP Top 10 will show a renewed focus on design flaws
Speaking of Secure-by-Design, In 2021, OWASP introduced the “Insecure Design” category, focusing on the shift towards architectural security issues and flaws. As we anticipate their upcoming Top 10 list (most likely in 2024), there will be greater, executive-level conversation around the difference between insecure design and insecure implementation, with an emphasis on teams developing a secure software development life cycle (SSDLC), including a complete threat modeling procedure that supports critical authentication and access control configuration.
DevSecOps vendors will need to prove specific ROI to target different executive buyers
In order to sell to multiple groups in a competitive sales cycle, vendors will need to tailor conversations to different areas of the business. Traditionally, security vendors primarily sell to CISOs or security leadership. In 2024, there will be a greater need for the ability to prove risk reduction in increasingly specific contexts for executives across L&D and DevOps/AppSec – in addition to Security/CISOs.
“Gatekeeping” will be the ticket to security maturity in software development
CISOs remain under scrutiny to prove the business value of cybersecurity efforts, as well as the effectiveness of their program over time. Developers will increasingly need to prove they are security-aware before being given projects with sensitive repositories. CISOs who adopt a “gatekeeping” standard and prioritize secure coding from the start of the software creation process will better position their teams for security excellence.
Reactive security will be seen as old school
As the goal of increased cyber resilience continues to dominate cyber strategies across multiple verticals, those who rely on reaction and incident response as the only core tenets of their plan will find themselves in a place of unacceptable exposure and risk. “Shift left” needs to be more than a rapidly aging buzzword; code-level security should be prioritized, alongside upskilling and verifying the competence of the developers working on the software and critical digital infrastructure we take for granted. Now, more than ever, governments and enterprises alike must commit themselves to a preventative, high-awareness security program in which every member of staff is enabled to share responsibility.
As the leader in secure coding education and implementation, we’re excited for the year ahead and collaborating with our 600+ customers to get ahead of these evolving dynamics. What does your 2024 look like and how can Secure Code Warrior help?
Interested to learn more? Follow us on X and LinkedIn to stay up-to-date on all announcements.
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
预订演示
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
This article was written by Secure Code Warrior's team of industry experts, committed to empowering developers with the knowledge and skills to build secure software from the start. Drawing on deep expertise in secure coding practices, industry trends, and real-world insights.
We’ve hit that time of the year. The time to reflect on everything that’s happened, what we thought would happen and didn’t, lessons learned and what we expect will shape the decisions, actions and outcomes over the next 12 months.
Challenging economic dynamics, emerging cybersecurity threats, and society’s most accessible introduction to AI to date, shaped what was an interesting 2023 for DevSecOps. Even more curious – none of these elements are in the rearview mirror as we turn the page and head into 2024. They are front and center for organizations, their developer and cybersecurity teams, and government regulators.
As priorities shift at a rapid pace, here are the top predictions Secure Code Warrior sees unfolding in the next 12 months:
Organizations will place a premium on developer retention
Developers deliver immense value to organizations and their customers. Now it’s on the organizations to demonstrate their value and appreciate what the developer can do for their bottom line. More investment will be made in retention strategies, programs and other efforts to ensure developers are more empowered to make their current employer their long-term career destination. Learning and development will be a huge differentiator for these enterprises.
More asks of developers will put content and integrations at centerstage.
The pressures placed on developers will not let up anytime soon, knowing organizations want more software, and continuous digital transformation to get into the hands of their customers sooner. For developers to stay sharp, anticipate emerging roadblocks in software development life cycles (SDLC) and have access to more resources to accelerate innovation - more learning content and third-party integrations will be of paramount importance.
AI tooling is the new Stack Overflow
The same way developers go to Stack Overflow or open source forums to seek help, developers will start turning to AI tools. However, this creates a false sense of security. Developers will use AI as a “help channel,” but organizations will realize that this approach is not enough.
AI remediation is here to stay
AI is not replacing the developer tomorrow, but the technology is becoming more embedded in the software development life cycle (SDLC), creating a more foolproof process to avoid introducing vulnerabilities, or to identify a compatible fix. We’re bound to see more experimentation throughout the year that will inevitably bring about a change in developer behavior, organizational investment, staffing re-allocation and new approaches to cybersecurity risk management.
AI reliance + API explosive growth = regulatory measures
The number of companies fueling their businesses through the accelerated creation and enablement of APIs has significantly expanded the API threat vector. With the propensity of AI usage to exponentially increase the speed at which APIs are created and launched, greater governance for API security will need to be a focus – and new regulatory measures are sure to be introduced.
More consequences for software vendors who don’t ship secure code
CISA Director Jen Easterly has made it abundantly clear that software vendors should not be permitted to “pass the buck” when it comes to security within their products. While CISA’s powers only extend so far - helping to enforce Secure-by-Design practices to vendors that sell to federal agencies - The MOVEit incident earlier this year reaffirmed that large software vendors need to hit and exceed a new benchmark. There needs to be more accountability and more consequences to enforce for repeat offenders who ship insecure code.
2024’s OWASP Top 10 will show a renewed focus on design flaws
Speaking of Secure-by-Design, In 2021, OWASP introduced the “Insecure Design” category, focusing on the shift towards architectural security issues and flaws. As we anticipate their upcoming Top 10 list (most likely in 2024), there will be greater, executive-level conversation around the difference between insecure design and insecure implementation, with an emphasis on teams developing a secure software development life cycle (SSDLC), including a complete threat modeling procedure that supports critical authentication and access control configuration.
DevSecOps vendors will need to prove specific ROI to target different executive buyers
In order to sell to multiple groups in a competitive sales cycle, vendors will need to tailor conversations to different areas of the business. Traditionally, security vendors primarily sell to CISOs or security leadership. In 2024, there will be a greater need for the ability to prove risk reduction in increasingly specific contexts for executives across L&D and DevOps/AppSec – in addition to Security/CISOs.
“Gatekeeping” will be the ticket to security maturity in software development
CISOs remain under scrutiny to prove the business value of cybersecurity efforts, as well as the effectiveness of their program over time. Developers will increasingly need to prove they are security-aware before being given projects with sensitive repositories. CISOs who adopt a “gatekeeping” standard and prioritize secure coding from the start of the software creation process will better position their teams for security excellence.
Reactive security will be seen as old school
As the goal of increased cyber resilience continues to dominate cyber strategies across multiple verticals, those who rely on reaction and incident response as the only core tenets of their plan will find themselves in a place of unacceptable exposure and risk. “Shift left” needs to be more than a rapidly aging buzzword; code-level security should be prioritized, alongside upskilling and verifying the competence of the developers working on the software and critical digital infrastructure we take for granted. Now, more than ever, governments and enterprises alike must commit themselves to a preventative, high-awareness security program in which every member of staff is enabled to share responsibility.
As the leader in secure coding education and implementation, we’re excited for the year ahead and collaborating with our 600+ customers to get ahead of these evolving dynamics. What does your 2024 look like and how can Secure Code Warrior help?
Interested to learn more? Follow us on X and LinkedIn to stay up-to-date on all announcements.
We’ve hit that time of the year. The time to reflect on everything that’s happened, what we thought would happen and didn’t, lessons learned and what we expect will shape the decisions, actions and outcomes over the next 12 months.
Challenging economic dynamics, emerging cybersecurity threats, and society’s most accessible introduction to AI to date, shaped what was an interesting 2023 for DevSecOps. Even more curious – none of these elements are in the rearview mirror as we turn the page and head into 2024. They are front and center for organizations, their developer and cybersecurity teams, and government regulators.
As priorities shift at a rapid pace, here are the top predictions Secure Code Warrior sees unfolding in the next 12 months:
Organizations will place a premium on developer retention
Developers deliver immense value to organizations and their customers. Now it’s on the organizations to demonstrate their value and appreciate what the developer can do for their bottom line. More investment will be made in retention strategies, programs and other efforts to ensure developers are more empowered to make their current employer their long-term career destination. Learning and development will be a huge differentiator for these enterprises.
More asks of developers will put content and integrations at centerstage.
The pressures placed on developers will not let up anytime soon, knowing organizations want more software, and continuous digital transformation to get into the hands of their customers sooner. For developers to stay sharp, anticipate emerging roadblocks in software development life cycles (SDLC) and have access to more resources to accelerate innovation - more learning content and third-party integrations will be of paramount importance.
AI tooling is the new Stack Overflow
The same way developers go to Stack Overflow or open source forums to seek help, developers will start turning to AI tools. However, this creates a false sense of security. Developers will use AI as a “help channel,” but organizations will realize that this approach is not enough.
AI remediation is here to stay
AI is not replacing the developer tomorrow, but the technology is becoming more embedded in the software development life cycle (SDLC), creating a more foolproof process to avoid introducing vulnerabilities, or to identify a compatible fix. We’re bound to see more experimentation throughout the year that will inevitably bring about a change in developer behavior, organizational investment, staffing re-allocation and new approaches to cybersecurity risk management.
AI reliance + API explosive growth = regulatory measures
The number of companies fueling their businesses through the accelerated creation and enablement of APIs has significantly expanded the API threat vector. With the propensity of AI usage to exponentially increase the speed at which APIs are created and launched, greater governance for API security will need to be a focus – and new regulatory measures are sure to be introduced.
More consequences for software vendors who don’t ship secure code
CISA Director Jen Easterly has made it abundantly clear that software vendors should not be permitted to “pass the buck” when it comes to security within their products. While CISA’s powers only extend so far - helping to enforce Secure-by-Design practices to vendors that sell to federal agencies - The MOVEit incident earlier this year reaffirmed that large software vendors need to hit and exceed a new benchmark. There needs to be more accountability and more consequences to enforce for repeat offenders who ship insecure code.
2024’s OWASP Top 10 will show a renewed focus on design flaws
Speaking of Secure-by-Design, In 2021, OWASP introduced the “Insecure Design” category, focusing on the shift towards architectural security issues and flaws. As we anticipate their upcoming Top 10 list (most likely in 2024), there will be greater, executive-level conversation around the difference between insecure design and insecure implementation, with an emphasis on teams developing a secure software development life cycle (SSDLC), including a complete threat modeling procedure that supports critical authentication and access control configuration.
DevSecOps vendors will need to prove specific ROI to target different executive buyers
In order to sell to multiple groups in a competitive sales cycle, vendors will need to tailor conversations to different areas of the business. Traditionally, security vendors primarily sell to CISOs or security leadership. In 2024, there will be a greater need for the ability to prove risk reduction in increasingly specific contexts for executives across L&D and DevOps/AppSec – in addition to Security/CISOs.
“Gatekeeping” will be the ticket to security maturity in software development
CISOs remain under scrutiny to prove the business value of cybersecurity efforts, as well as the effectiveness of their program over time. Developers will increasingly need to prove they are security-aware before being given projects with sensitive repositories. CISOs who adopt a “gatekeeping” standard and prioritize secure coding from the start of the software creation process will better position their teams for security excellence.
Reactive security will be seen as old school
As the goal of increased cyber resilience continues to dominate cyber strategies across multiple verticals, those who rely on reaction and incident response as the only core tenets of their plan will find themselves in a place of unacceptable exposure and risk. “Shift left” needs to be more than a rapidly aging buzzword; code-level security should be prioritized, alongside upskilling and verifying the competence of the developers working on the software and critical digital infrastructure we take for granted. Now, more than ever, governments and enterprises alike must commit themselves to a preventative, high-awareness security program in which every member of staff is enabled to share responsibility.
As the leader in secure coding education and implementation, we’re excited for the year ahead and collaborating with our 600+ customers to get ahead of these evolving dynamics. What does your 2024 look like and how can Secure Code Warrior help?
Interested to learn more? Follow us on X and LinkedIn to stay up-to-date on all announcements.
点击下面的链接并下载此资源的PDF。
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
查看报告预订演示
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
预订演示Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
This article was written by Secure Code Warrior's team of industry experts, committed to empowering developers with the knowledge and skills to build secure software from the start. Drawing on deep expertise in secure coding practices, industry trends, and real-world insights.
We’ve hit that time of the year. The time to reflect on everything that’s happened, what we thought would happen and didn’t, lessons learned and what we expect will shape the decisions, actions and outcomes over the next 12 months.
Challenging economic dynamics, emerging cybersecurity threats, and society’s most accessible introduction to AI to date, shaped what was an interesting 2023 for DevSecOps. Even more curious – none of these elements are in the rearview mirror as we turn the page and head into 2024. They are front and center for organizations, their developer and cybersecurity teams, and government regulators.
As priorities shift at a rapid pace, here are the top predictions Secure Code Warrior sees unfolding in the next 12 months:
Organizations will place a premium on developer retention
Developers deliver immense value to organizations and their customers. Now it’s on the organizations to demonstrate their value and appreciate what the developer can do for their bottom line. More investment will be made in retention strategies, programs and other efforts to ensure developers are more empowered to make their current employer their long-term career destination. Learning and development will be a huge differentiator for these enterprises.
More asks of developers will put content and integrations at centerstage.
The pressures placed on developers will not let up anytime soon, knowing organizations want more software, and continuous digital transformation to get into the hands of their customers sooner. For developers to stay sharp, anticipate emerging roadblocks in software development life cycles (SDLC) and have access to more resources to accelerate innovation - more learning content and third-party integrations will be of paramount importance.
AI tooling is the new Stack Overflow
The same way developers go to Stack Overflow or open source forums to seek help, developers will start turning to AI tools. However, this creates a false sense of security. Developers will use AI as a “help channel,” but organizations will realize that this approach is not enough.
AI remediation is here to stay
AI is not replacing the developer tomorrow, but the technology is becoming more embedded in the software development life cycle (SDLC), creating a more foolproof process to avoid introducing vulnerabilities, or to identify a compatible fix. We’re bound to see more experimentation throughout the year that will inevitably bring about a change in developer behavior, organizational investment, staffing re-allocation and new approaches to cybersecurity risk management.
AI reliance + API explosive growth = regulatory measures
The number of companies fueling their businesses through the accelerated creation and enablement of APIs has significantly expanded the API threat vector. With the propensity of AI usage to exponentially increase the speed at which APIs are created and launched, greater governance for API security will need to be a focus – and new regulatory measures are sure to be introduced.
More consequences for software vendors who don’t ship secure code
CISA Director Jen Easterly has made it abundantly clear that software vendors should not be permitted to “pass the buck” when it comes to security within their products. While CISA’s powers only extend so far - helping to enforce Secure-by-Design practices to vendors that sell to federal agencies - The MOVEit incident earlier this year reaffirmed that large software vendors need to hit and exceed a new benchmark. There needs to be more accountability and more consequences to enforce for repeat offenders who ship insecure code.
2024’s OWASP Top 10 will show a renewed focus on design flaws
Speaking of Secure-by-Design, In 2021, OWASP introduced the “Insecure Design” category, focusing on the shift towards architectural security issues and flaws. As we anticipate their upcoming Top 10 list (most likely in 2024), there will be greater, executive-level conversation around the difference between insecure design and insecure implementation, with an emphasis on teams developing a secure software development life cycle (SSDLC), including a complete threat modeling procedure that supports critical authentication and access control configuration.
DevSecOps vendors will need to prove specific ROI to target different executive buyers
In order to sell to multiple groups in a competitive sales cycle, vendors will need to tailor conversations to different areas of the business. Traditionally, security vendors primarily sell to CISOs or security leadership. In 2024, there will be a greater need for the ability to prove risk reduction in increasingly specific contexts for executives across L&D and DevOps/AppSec – in addition to Security/CISOs.
“Gatekeeping” will be the ticket to security maturity in software development
CISOs remain under scrutiny to prove the business value of cybersecurity efforts, as well as the effectiveness of their program over time. Developers will increasingly need to prove they are security-aware before being given projects with sensitive repositories. CISOs who adopt a “gatekeeping” standard and prioritize secure coding from the start of the software creation process will better position their teams for security excellence.
Reactive security will be seen as old school
As the goal of increased cyber resilience continues to dominate cyber strategies across multiple verticals, those who rely on reaction and incident response as the only core tenets of their plan will find themselves in a place of unacceptable exposure and risk. “Shift left” needs to be more than a rapidly aging buzzword; code-level security should be prioritized, alongside upskilling and verifying the competence of the developers working on the software and critical digital infrastructure we take for granted. Now, more than ever, governments and enterprises alike must commit themselves to a preventative, high-awareness security program in which every member of staff is enabled to share responsibility.
As the leader in secure coding education and implementation, we’re excited for the year ahead and collaborating with our 600+ customers to get ahead of these evolving dynamics. What does your 2024 look like and how can Secure Code Warrior help?
Interested to learn more? Follow us on X and LinkedIn to stay up-to-date on all announcements.
目录
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior可以帮助您的组织在整个软件开发生命周期中保护代码,并营造一种将网络安全放在首位的文化。无论您是 AppSec 经理、开发人员、首席信息安全官还是任何与安全相关的人,我们都可以帮助您的组织降低与不安全代码相关的风险。
预订演示下载帮助您入门的资源
%20(1).avif)
.avif)
Threat Modeling with AI: Turning Every Developer into a Threat Modeler
Walk away better equipped to help developers combine threat modeling ideas and techniques with the AI tools they're already using to strengthen security, improve collaboration, and build more resilient software from the start.
