Get Ready for Next.
Put DevOps, DevSecOps, and AI to Work.
swampUP 2023 nuggets from the desk of Shlomi Ben Haim, CEO & Co-founder, JFrog
Our community has always had a “next.”
There was the dawn of the computer age, when “next” meant that processing didn’t take up an entire room. There was the “next” of personal computing. Next came laptops, the internet, microservices, cloud-native, cybersecurity, automation and more. The thing that is next is always right around the corner – and seems to be accelerating.
In recent times, we have seen the art of software development change rapidly in just 20 years. From giant platforms designed for specific technology stacks, we moved towards an era of open source and developer choice that reshaped the world.
But now, we see that as software continues to be delivered at a torrid pace, the complete freedoms afforded development teams has – unintentionally but understandably – fragmented the marketplace, making standardized delivery, automation, security and deployment difficult to scale. We used to ask “who broke the build?” and now we ask “who broke the toolchain that broke the build?”
Reflecting this, recent CIO surveys indicate that companies (every company is a software company, after all) are moving back towards platforms to accomplish their tasks with some measure of standardization through consolidation of point solution tools. But these are not the platforms of yesterday that limit choice.
Companies are now looking for platforms that supply best of breed solutions and integrate into other technology ecosystem investments companies have already made. They want to have a single source of truth for delivery and attestation, but can’t slow developer innovation or create strain on infrastructure.
Unlike platforms of yesterday, the rise of platforms for DevOps, Security, IoT, ML, Code Management, and observability today coalesced around a single, unifying asset across companies that the industry has to address: the software binary.
The commonality in every industry “next” mentioned above is that they are evolutions in management of the software package. Even code-oriented solutions must now manage the output of that code – binaries – if they hope to serve the needs of modern development shops. Operating systems? Binaries. Web apps? Binaries. OSS? Binaries. AI and ML models? Binaries. Containers? Binaries. Even the SBOM itself is a binary. The list goes on… The entire software supply chain flow is the flow of software packages a.k.a binaries – either bought, borrowed or created.
Any conversation about what comes next must also include the recent impact of security on developers and teams. The infamous “shifting left” by companies over the last several years has likewise been focused on software packages. DevSecOps can’t happen without the security and control of the binary, and has given rise to myriad point solutions that scan certain types of binary, observe binaries in production, provide contextual analysis for binaries and more. Attackers realized that their way into the organization is easier through developer’s processes, and so as the only asset in production (unlike source code) binaries have become the door for hackers to sneak into the organization.
This means the only way “next” can happen is with a holistic, integrated end-to-end focus on binaries that begins with software package curation outside an organization and includes inside-out, advanced security technologies that guard what is happening within the pipeline. DevOps and DevSecOps are now one, and both focus on the binary as the asset that must be protected to secure the SSC.
So what is next in this binary-driven industry? There are undoubtedly many “nexts” that will come rapidly or are here already today; generative AI will reshape our world quickly, with some estimates saying 80-90% of applications will have AI components in just a few years.
Integrating AI and MLOps capabilities into the JFrog Platform will revolutionize DevOps and DevSecOps workflows across every industry. Advances in application security and automation of security tasks will refocus what developers are responsible for and what they need to actively consider. Hyperscale enabled by cloud computing will continue to revolutionize how we all think about software consumption. 50 billion IoT devices will need to be managed and updated automatically and over-the-air. And, inevitably, there are some things coming next that we cannot even imagine today. All of this will default to developers’ ownership and DevOps services as it always has, requiring them to not only manage their environments, but also proactively manage coexisting platforms that deliver full software supply chain delivery solutions for multiple internal personas. Organizations will have to manage a single source of record that serves the organization as a scalable, secured robust DevOps, DevSecOps and MLOps local hub.
With a focus on development teams, enterprise pains and a binary-centric approach to the pipeline, we’re proud to welcome the community to swampUP where we will share some of the world’s first solutions for DevOps, DevSecOps and MLOps together as we humbly take the lead on all three fronts, delivering new products and services that prepare us all for what is coming next.
Let’s get ready for next, together!
May The FROG be with you,
Shlomi