As a leading provider of products and solutions to help secure software supply chains, we recently hosted our webinar "2024 Predictions: Top 5 Trends Every DevOps Manager Needs to Know," featuring Tyler Warden, Senior Vice President of Product.
Warden discussed five key predictions shaping the future of software development and provided insights to empower DevOps leads in navigating the evolving development landscape.
In this blog post, we cover each of the five predictions below.
Warden highlighted the increasing complexity surrounding open source component selection, emphasizing the growing decision points developers face. He noted that choosing the right components is going to increase, not decrease.
"The average Java component has 150 dependencies averaging 10 releases per year. That's over 1,500 updates of dependencies just for one component," said Warden. "This is coupled with the fact that about 20% of open source projects will go unmaintained, and probably 10-15% new projects will start to come online and be actively maintained."
With this level of complexity in development, Warden predicted heightened pressure on developers to make informed decisions, impacting project timelines.
This trend also underscores the need for tools and support to aid developers in managing the growing challenges of component selection.
"There's going to be this increased pressure and decision-making inputs for developers on what components to use, what components not to use, what components to upgrade, what can wait," said Warden. "All of these add time, risk, strain, and stress on teams and systems and delivery timelines."
Warden discussed the transformation of a software bill of materials (SBOM) from a compliance trend to a new standard, driven by regulatory initiatives globally.
"We predict that in 2024, more than 50% of organizations will actively consider or require software bills of materials," said Warden.
The shift indicates a move towards greater transparency in software supply chains, with organizations expected to embrace an SBOM as a fundamental component in their procurement processes.
Battling evolving threats
The webinar also addressed the surge in intentionally malicious open source components posing threats to DevOps environments. Warden pointed out the exponential rise in malicious components in the previous year alone.
"In looking at CI/CD infrastructure, development machines and environments and containers, we've seen, last year, over 245,000 distinct malicious components introduced. From 2019 to 2022, if you take all of the distinct malicious components from then and double it, more than that happened just last year," said Warden. "So, we predict more malicious components being used to attack the software development life cycle than we’ve seen previously."
This prediction emphasizes the critical need for enhanced security measures to protect against evolving threat vectors, especially within CI/CD infrastructure and development environments.
Time versus efficiency
The battle between time and efficiency in software dependency management was a key focus as well in the webinar. Warden predicted that organizations might prioritize shorter-term gains over smarter, long-term decisions, especially concerning component upgrades.
"Based on our studies and predictions, good dependency management could save, for an average-sized company, two full dev weeks per year," said Warden. "So, that's two full development weeks back to building the software and not just keeping components in-sync and up-to-date."
The challenge lies in reversing the trend and encouraging organizations to make choices that enhance both safety and efficiency.
Warden also discussed the increasing role of artificial intelligence and machine learning (AI/ML) components in the development process, predicting a shift from visibility to policy.
"Organizations will be tasked more to set policies around acceptable use, intellectual property, and the use of public models," said Warden.
With AI/ML becoming a greater target for malicious actors, the emphasis on visibility and robust policies is expected to grow to safeguard organizations from potential risks.
Sonatype's 2024 predictions: Planning for DevOps excellence
Sonatype's 2024 predictions offer valuable insights for DevOps managers navigating the complexities of the evolving development landscape.
With an emphasis on open source component selection, SBOM adoption, cybersecurity measures, efficient dependency management, and AI/ML policies, the webinar provides a roadmap for DevOps teams to stay ahead of threats and secure their software supply chains.