We started highlighting open source, engineering, and Software Composition Analysis trends and predictions for 2020 (and beyond) in the fourth quarter of last year. We began with two predictions:
- The idea that increased regulatory changes around open source governance will continue to be a factor, and perhaps certain industries will see more emphasis on management methodologies.
- There’s an increased level of sophistication regarding license compliance and risk management.
Let’s get the potential obvious out of the way. I only say that because, well, just conduct a search. Security breaches continue to make headlines. According to the RiskBased Data Breach QuickView Report 2019 Q3, at the end of September, there were 5,183 data breaches. This is up over 33 percent compared to the same time in 2018. The 2019 breaches exposed 7.9 billion records, up 112 percent from 2018.
Vulnerabilities and Technical Debt
A review of the National Vulnerability Database (NVD) shows the number of vulnerabilities contributed to the database is increasing year over year. Let’s be clear. This doesn’t mean that code development is getting worse. To the contrary, the industry is doing a better job of paying attention to finding and reporting issues and, in addition, to finding fixes that address problems. We see this as a trend that will continue into 2020 and beyond.
Likewise, developers are spending a significant amount of time both reviewing and remediating vulnerabilities as opposed to innovating and improving their applications. Technical debt is more than ever moving to the forefront of application development as engineers are dealing with security issues that were once dormant or unknown but because of raised awareness are now being discovered.
Multi-Vendor Solutions and Tighter Integrations
There’s a strong movement across industries to accept multi-vendor solutions focused on managing IP, license compliance and security risks. You’ve undoubtedly secured solutions yourself or at the very least been flooded with marketing from companies like – yes – us that deal with Software Composition Analysis, security management, data management, etc. At Flexera we see a lot of our customers and prospects dealing and managing multiple vendors for quick-scans, deep scans, and some for security. This trend is creating another critical requirement; the need for to have the ability to organize this data and present it in a unified interface.
With multiple vendors in play it also means these companies need to be able to play nicely together to ensure tighter, more reliable integration. With organizations needing various levels and types of code scans for code quality, software composition, and security, there is the need for:
- a more unified view into all of the data,
- open source management policies that cut across the various tools, and
- the ability to manage solutions as single business requirement.
Developers and software development companies should be able to focus on selecting and developing software that enables them to continue to innovate, inspire, and drive success for themselves and their customers. That’s not a trend, but a business fact. Following trends like those I’ve addressed above and creating awareness helps build a foundation for hopefully jumping ahead of competitors who may be slower to react.
Are there any of these trends that concern you? Any you see the need to take on first?