The use of this site and the content contained therein is governed by the Terms of Use. When you use this site you acknowledge that you have read the Terms of Use and that you accept and will be bound by the terms hereof and such terms as may be modified from time to time.
All text, graphics, audio, design and other works on the site are the copyrighted works of nasscom unless otherwise indicated. All rights reserved.
Content on the site is for personal use only and may be downloaded provided the material is kept intact and there is no violation of the copyrights, trademarks, and other proprietary rights. Any alteration of the material or use of the material contained in the site for any other purpose is a violation of the copyright of nasscom and / or its affiliates or associates or of its third-party information providers. This material cannot be copied, reproduced, republished, uploaded, posted, transmitted or distributed in any way for non-personal use without obtaining the prior permission from nasscom.
The nasscom Members login is for the reference of only registered nasscom Member Companies.
nasscom reserves the right to modify the terms of use of any service without any liability. nasscom reserves the right to take all measures necessary to prevent access to any service or termination of service if the terms of use are not complied with or are contravened or there is any violation of copyright, trademark or other proprietary right.
From time to time nasscom may supplement these terms of use with additional terms pertaining to specific content (additional terms). Such additional terms are hereby incorporated by reference into these Terms of Use.
Disclaimer
The Company information provided on the nasscom web site is as per data collected by companies. nasscom is not liable on the authenticity of such data.
nasscom has exercised due diligence in checking the correctness and authenticity of the information contained in the site, but nasscom or any of its affiliates or associates or employees shall not be in any way responsible for any loss or damage that may arise to any person from any inadvertent error in the information contained in this site. The information from or through this site is provided "as is" and all warranties express or implied of any kind, regarding any matter pertaining to any service or channel, including without limitation the implied warranties of merchantability, fitness for a particular purpose, and non-infringement are disclaimed. nasscom and its affiliates and associates shall not be liable, at any time, for any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communications line failure, theft or destruction or unauthorised access to, alteration of, or use of information contained on the site. No representations, warranties or guarantees whatsoever are made as to the accuracy, adequacy, reliability, completeness, suitability or applicability of the information to a particular situation.
nasscom or its affiliates or associates or its employees do not provide any judgments or warranty in respect of the authenticity or correctness of the content of other services or sites to which links are provided. A link to another service or site is not an endorsement of any products or services on such site or the site.
The content provided is for information purposes alone and does not substitute for specific advice whether investment, legal, taxation or otherwise. nasscom disclaims all liability for damages caused by use of content on the site.
All responsibility and liability for any damages caused by downloading of any data is disclaimed.
nasscom reserves the right to modify, suspend / cancel, or discontinue any or all sections, or service at any time without notice.
For any grievances under the Information Technology Act 2000, please get in touch with Grievance Officer, Mr. Anirban Mandal at data-query@nasscom.in.
A decade ago, no one thought binary management would be a thing — now it’s a standard most companies can’t live without. Back then, we said software universality would be necessary, and now others follow suit. People thought cloud would be a single-vendor decision. We invested in hybrid and multi-cloud, and now we see it happening across industries.
We said we would see a huge growth in DevOps in 2021, and in just one year we see some public companies and investors now estimating a $50 billion TAM for the DevOps marketplace. These are nice pats on the back and a confirmation of our focus, sure. But it’s time to look forward to the next leaps ahead for DevOps, supporting all companies as they digitally transform their businesses.
2022 Is All About the Binaries
In a world where automation drives smarter, faster, better software at scale, binary management is now at the core of any company. And since software powers the world, binaries have become everyone’s business. Let me explain.
Binaries are the only asset in the world of software that is being “brought” into the organization, built in the organization, tested, automated, secured, promoted and deployed at the edge. Binaries are the blood flow of the software supply chain, and the core software value you ultimately deliver into production (not source code.) The software supply chain is about the binaries being imported, built and delivered by your organization’s dev team, and it simply cannot be brought under control with source code-centric approaches.
In fact, everything “after Git” is a binary-driven step in your software release cycle. Automation is about binaries. Distributing to the edge is binary deployment. Even if it sometimes starts in static source code scanning, a company’s security is about the binaries you run in production (see SolarWinds and Log4j — more on that later.) The software supply chain is about curating, delivering, deploying and protecting binaries. Period.
In 2022 you’ll see the roadmaps of many businesses and platforms begin to address the binary lifecycle as a mission-critical piece of their DevOps and Security stack. If this piece is not handled properly, companies will not be able to meet the promises of digital transformation in the coming year.
And if you think “digital transformation” is a phrase of yester-year, think again. Some analyst firms estimate only a quarter of companies that plan on transforming themselves have even started to do so. There’s a long runway ahead for transformative DevOps, and the way is paved with binary management.
DevSecOps Isn’t a Real Thing Yet (But It Can Be)
While there is a LOT of buzz around “DevSecOps,” it’s still nothing but a phrase — and for sure not any specific standard that offers developers and security stakeholders common ground. We can be honest about why: the way DevOps brought developers and operations teams into a more melded mindset has not yet happened in a “DevSecOps” world. Security is still an add-on, or a very necessary, but developer-intrusive step in the software release process.
Remember how not too long ago “Dev” was the world of programmers and “Ops” was the world of IT? These two populations became one by sharing the same pains and same incentives to become DevOps teams. We have all created this new DevOps reality together.
But it’s very different when you add in the “Sec” in DevSecOps. We’re now asking developers — as an industry — to develop security skills, or at minimum incorporate security scanning and triage into their processes. We say things like “shifting left” to illustrate these moves (very important of course.) Yet, if you ask any developer, they’d much rather be coding and adding value, not worrying about security.
But the business rightfully insists that security MUST be part of the story and integrated into the supply chain lifecycle from the start to protect the organization — not just the developer or development process. Log4j as the latest reminder and other high-profile software supply chain attacks only solidify this point — and the next “big one” is inevitably around the corner.
In 2022, supply chain security — with developers at the center — will take the spotlight as organizations rally to democratize security testing and scanning, implement software bill of materials (SBOM) requirements, and increasingly leverage security solutions to create a full chain of custody for software releases to keep systems running smoothly and securely. But solutions must be much more holistic than today where there are 4, 5, 6, 7+ security solutions that are driven by security engineering teams. Then developers have various specialized solutions to look at their code or applications (also important.) This disintegrated, muti-sec approach must change.
Case in point: millions of developers around the world gave away their Christmas vacation in order to help their companies recover from the recent Log4j vulnerability. The developers all have security tools and OSS scanners – so what happened? Why did developers again pay the price for a security breach? The simple answer is that the focus was not on the right asset! They wanted to find and replace the one binary that fixes it all, but couldn’t because existing systems did not have an implemented binary security and management practice.
The good news is that this dilemma is solvable for both teams. By focusing on the “what” we are trying to secure (binaries) versus the “how” we are trying to secure them (myriad tools for every step), the DevOps world can protect the developer, protect the open source curation process, protect the build process, and protect the deployment and runtime environments. Securing binaries holistically throughout the DevOps pipeline is therefore the key to protecting the organization and making developers more efficient to meet the promises of DevSecOps.
In short, 2022 will be the year we begin to see actual culture change to bring security and development teams together with binaries at the center as a shared asset. It might be a Docker image or an OSS package you proxy from a public hub, but binaries will be the asset we’ll curate, manage, secure and ship.
Managing Source Code Can’t Fix Your Supply Chain
Source code and CI are where every developer starts. Back in the day, Subversion and Perforce were the name of the game, and now most VCS solutions are Git-based. But the pain today isn’t about managing source or making IDE choices. The pain now is about scale and speed and trust as you automate the entire binary-centric delivery cycle.
“GitOps” or other source-driven approaches may be useful in some instances — but aren’t the right asset to use for solving these supply chain issues. Why? Metadata comes from binaries / software packages. Dependencies are applied and delivered with binaries. Automation comes via the movement of binaries. Supply chain security is about curating and securing binaries.
This means that in 2022, binary management — alongside your VCS and GitOps practices — is not just a nice-to-have. It’s a requirement to get control of your full supply chain. Recent industry-shaking security alerts are all about vulnerable software packages, not source code management or operations. Discovering impact is about binaries. Patching and updating is about binaries. … There’s a theme here that’s hard to ignore.
Hybrid Becomes a First-Class Citizen in 2022
Just as our work environment has changed to a hybrid model forever, so has the deployment model for most companies. That may not be news, as JFrog has maintained for a long time that hybrid cloud isn’t accidental or a one-off exception. Hybrid is the new cloud norm, and it’s intentional for many companies.
But in 2022, we will all observe there is no single deployment environment anymore — even for “cloud-first” shops. We see the cloud vendors themselves pushing to adopt this hybrid concept. Just look at the bridges between on-prem and cloud with providers like AWS who recently launched services available for on-prem Kubernetes deployment. Hybrid is the intentional, efficient new normal, and if companies do not embrace services that support these models, transformation will prove difficult at best.
We’ll also of course see more hybrid setups as a pathway to a cloud-centric approach, so even if a company intends to migrate fully to the cloud, 2022 will be full of more hybrid setups for dev and production.
2022 Is the Year of the Edge
Analysts believe the number of edges we will all have to manage will grow by several million (data centers, servers, clusters), while incorporating billions (with a “b”) of new devices in the next couple of years. In 2022, we will see an industry-wide push to harness cloud, multi-cloud and hybrid edge topologies that will necessitate robust solutions to distribute (and manage the distribution of) a company’s binaries.
As an example, one of the most popular car companies in the world is saying publicly that it’s not about the tires, the engine, the seating or the horsepower anymore. It’s all about Over The Air (OTA) software updates; these are what provide real value to the driver — their customers. Your experience is going to be improved while you drive, you’ll be safer, you’ll be smarter, you’ll be more informed and entertained as a driver. This shift in focus brings software even more to the forefront. It connects the CI/CD workflow, software distribution and the binaries (and only binaries) being deployed on the device as the new competitive differentiators.
2022 Will Be the Binary “Big Bang”
Binaries will explode even more in 2022. Not just in the number of binaries — which of course grows quickly — but the attention to the importance of binaries and the technology to manage their lifecycle. This isn’t a trend — it’s a truth that’s here to stay.
But simply managing something is not good enough. You must have enough confidence in your assets to drive differentiation with them. As this DevOps universe expands, we look forward to seeing how the development community and platforms continue to build on DevOps for software supply chain.
That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.
JFrog is on a mission to power all the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure, fearless flow of binaries from developers to the edge. The JFrog DevOps Platform enables software creators to power their entire software supply chain throughout the full binary lifecycle to build, secure, distribute, and connect any source with any production environment. Millions of users and thousands of customers worldwide and the majority of the Fortune 100 depend on JFrog solutions to securely embrace digital transformation.
As the cryptocurrency industry continues to grow, businesses are looking for innovative ways to boost user engagement and achieve rapid expansion. One effective strategy is through multi-level marketing (MLM), which incentivizes participants not…
Work-life balance feels like a myth for many of us. Whether you're a student juggling assignments and social commitments, a professional handling endless deadlines, or a parent balancing work with family duties, staying on top of everything can feel…
Equipment calibration is a critical process that ensures the accuracy and reliability of measurement equipment. It involves comparing the equipment's measurements to known standards. Equipment can produce inaccurate results without proper…
Unlocking the Power of Microsoft Dynamics 365 API for Seamless Business Integration
In today’s digitally driven world, businesses need flexible, scalable, and efficient systems to stay competitive. One of the key enablers of this transformation is…
India, over the past few decades, has emerged as a global IT powerhouse, earning its place as a leading hub for outsourcing, technology services, and software development. Among the many IT services offered, staff augmentation stands out as a…
In today's digital age, businesses must prioritize customer service to stay competitive. The traditional methods of customer support, while still valuable, are no longer sufficient to meet the fast-paced demands of modern consumers. This is where…
