Predicting a soft future for the security world in 2020
Paul Curran, Content Specialist for Checkmarx looks at several major trends to provide insight on what the software security world will look like in 2020.
Society, having moved from an industrial age to the birth of the internet is now truly an era where software has become the most critical aspect of our modern world. In earlier times, manufactured products left the factory with just a single purpose, now, through updates via the internet, products evolve or play host to the 4.5 million apps available on platforms from Google, Apple and Microsoft. From national infrastructure to banking and even the cars we drive, software is vital for our health, safety and wellbeing.
Rise of IoT makes software assurance more vital
With analysts suggesting that there will be 50bn Internet of Things devices in use by 2020, the current playbook for IoT development is still immature. As witnessed by recent distributed denial of service attacks that hijacked smartphones and a range of vulnerabilities in consumer electronic devices, there is not enough attention being paid to securing IoT devices. There is a palpable fear that a major category of IoT products embedded within a life-critical application such as health, CNI or automotive is vulnerable to a major attack through negligence in software security.
IoT security will be enhanced
Over the next few years, Industry groups and regulatory framework within automotive (Misra) and healthcare (HIPPA) backed by governmental agencies are likely to expand their role in ensuring that the software embedded with IoT devices adheres to the agreed level of security and compliance. Organisations and especially device vendors need to plan for this change and start considering how to build a secure software development cycle.
AR VR Risks
VR and AR will likely reach mass market in 2017 and as a result, developers will be racing to build software for emerging platforms like Oculus and Microsoft Hololens. During this rush, proper application security practices may not be properly adhered to introducing vulnerabilities to the end user which, when exploited, may have access to the users’ camera, microphone, and in some cases even spatial mappings of their environments.
Secure Development Skills Shortage
The lack of secure development awareness centres on the skill shortage that organisations are facing. The situation is getting worse according to Symantec CEO Michael Brown, “In 2015, more than 200,000 cybersecurity job positions went unfilled, a shortfall that is on track to increase to 1.5 million by 2019.” To address this issue, the industry needs to stop applying a bandage and start treating the patient which means dealing with the underlying problem of poor security within software code. Developers will become more empowered and receive the right training and tools to deliver software that has less vulnerabilities. By 2020, we will see more universities introduce secure development courses and developers will be measured not just on the functionality and the speed of app delivery but also how secure their code is in relation to measurable standards.