In 2024, open-source technology will face increased scrutiny as its prolific use, including in proprietary coding, raises the need for pervasive security screening.
Open-source libraries, valued by developers for their ease of integration and extensive functionalities, pose significant security risks. According to Chad Loeven, VP of business development at cybersecurity firm Opswat, these libraries remain a weak underbelly. They are particularly susceptible to attacks by malicious actors who may insert vulnerabilities or backdoors, compromising the integrity of the software.
“As a result, software bill of materials (SBOM) scanning will become critical to providing an accurate inventory of vulnerable open-source libraries and containers,” he told LinuxInsider.
There is little doubt among experts in the field that 2024 will primarily focus on better hardening open-source software in general. With its growing dominance in software development, enterprises can no longer afford to overlook open source, as it is everywhere.
The importance of managing open-source software and SBOM for software security will be an ever-present concern in 2024, according to Anthony Tam, manager for security engineering at Tigera, an active security platform with full-stack observability for containers and Kubernetes. The company is the creator and maintainer of Calico Open Source container networking and security solutions.
Preventative Measures Critical for Protection
SBOMs provide transparency into the software supply chain and help organizations manage third-party software components’ security and compliance risks.
By maintaining a comprehensive list of all software components and dependencies, organizations can ensure a complete and accurate understanding of their software makeup, including any potential security vulnerabilities,” Tam explained.
Organizations can then prioritize security patches and updates, track and manage vulnerabilities, and ensure compliance with relevant regulations and standards using this information. Given their ever-evolving nature, Tam urged the importance of continuously monitoring open-source components for emerging vulnerabilities.
“This can be achieved by using a reliable software composition analysis (SCA) tool to scan the software and its dependencies for vulnerabilities and license issues in software and automate the process of scanning software code and dependencies,” he told LinuxInsider.
When identifying vulnerabilities, it’s crucial to prioritize them based on severity and potential impact. This approach enables organizations to allocate resources more effectively, focusing first on the most critical vulnerabilities.
Prioritization should involve a risk-based approach, considering the likelihood and potential impact of a vulnerability being exploited. By focusing on the most critical vulnerabilities first, organizations can address the key security risks effectively and reduce the overall risk to their software systems,” Tam added.
“SBOMs should include all open-source components used in the software, including libraries, frameworks, and tools. This includes both direct and indirect [transitive] dependencies, as well as any customized or in-house developed software libraries,” he noted.
More Regulation Leads to Increased SBOM Usage
During the past couple of years, various government initiatives started worldwide to focus on open-source security. In 2022, the U.S. government introduced the Securing Open Source Software Act to push organizations to work with the OSS community to strengthen security practices.
“Organizations should anticipate this trend to continue manifesting itself in two ways: through increased government involvement and, in turn, the growing use of software bill of materials,” advised Javier Perez, chief open source evangelist and open source software advocate with OpenLogic by Perforce.
He expects governments in the U.S., U.K., Europe, and others to continue introducing and passing legislation. These governments will also issue internal agency guidance around using open-source software, focusing on OSS security.
As the industry continues to face new pressures around security, organizations will increasingly rely on generating SBOMs to meet compliance and apply updates and patches more quickly. Leveraging SBOMs to create an inventory of software and setting up continual security scans will empower organizations to combat any critical or high-severity vulnerabilities coming their way more effectively in 2024.
“Given that government initiatives typically require the generation of SBOMs, especially in heavily regulated industries, 2024 will witness an increase in security initiatives and the generation of SBOMs throughout software stacks,” Perez told LinuxInsider.
According to Opswat Senior Product Manager Matt Wiseman, increasing requests for SBOMs and more demand to understand tools at a deeper level will lead to increased requirements from regulatory organizations or government agencies.
“Given the growing concern for threats from vendors, third parties, or nation-states, all software will be more thoroughly vetted before being deployed in critical areas,” he told LinuxInsider.
Stretching Sustainability to Broader Borders
In recent years, planet sustainability has been a war cry for certain factions that pushed the agenda, with political groups and consumers pressuring enterprises to adopt more favorable measures.
One largely unexplored relationship remains between open-source software and sustainability, which will become an important dialogue in 2024, according to Perez.
“Given that OSS is free and available to the public, with plenty of source code being used at the enterprise level, it’s fair to suggest that in 2024, we will begin to see more open source projects around sustainability efforts, whether it is software that will help calculate emission reductions or monitor carbon footprint,” Perez predicted.
As organizations continue to recognize the relationship between sustainability and OSS, increased visibility and collaboration for the greater good will be established in 2024. OSS innovative solutions will be born and shared.
Nurturing Conversational Web Development
OpenAI, an open-source software company, ignited the use of artificial intelligence across all industries in 2023.
Its move to create a conversational web could signal the end of the app store model, believes Hussein Hallak, co-founder and CEO of Momentable Art. His company is an AI-powered SaaS platform bridging the gap between the art world and avid art enthusiasts.
“With chatbots and other conversational interfaces, users can access services and information without needing to download and install apps. This could disrupt the entire app ecosystem and change the way developers create and distribute software,” he told LinuxInsider.
That, in turn, he reasoned, could spur changes in how the working world shifts direction. OpenAI’s technology has the potential to automate many routine tasks, freeing up humans to focus on more creative and strategic work.
“This could lead to a shift in the nature of work and how we organize ourselves,” he offered.
The Next Major Computing Platform
According to Hallak, conversational interfaces will improve and be even more helpful in 2024. Harmless and honest, they have the potential to reshape how we get things done online.
It will create a way to achieve equitable access to information. With a conversational agent, anyone with an internet connection can have an insightful discussion and get knowledgeable responses to their questions, he offered.
“OpenAI is working to make advanced AI accessible to all, which could help close digital divides and spread learning more widely around the world,” he said.
The next web will be interactive, designed to understand users’ needs and assist in achieving their goals through respectful and engaging dialogue. When built with care and oversight, conversational AI has exciting potential to augment human capabilities and make our lives more productive, he added.
New Approach for Big Tech
By open-sourcing techniques and prioritizing safety, OpenAI’s impact on high-tech is staking out the high road in AI development, observed Hallak. As platforms increasingly rely on conversational assistants, other companies would do well to thoughtfully consider questions around transparency, oversight, and benefit to humanity.
“The tech giants will fiercely compete to own this new conversational landscape. As it could be as important as search was, these companies must adapt fast or risk falling behind. For regular users, this conversational shift will be as profound as when Google search took over the web,” Hallack concluded.