Defined as a network of 3D virtual worlds focused on enhancing social connections through conventional personal computing and virtual reality and augmented reality headsets, the metaverse was once a fringe concept that few, if any, gave much thought to. they thought something. But more recently it came into the spotlight when Facebook decided to rebrand as Meta, and now consumers have begun to dream of the potential of a completely digital universe that they can experience from the comfort of their home.

While the metaverse is still years away from being ready for everyday use, many of its parts are already here, with companies like Apple, Epic Games, Intel, Meta, Microsoft, Nvidia, and Roblox working hard to bring this virtual reality to life. . But while most people predetermine visions of AR headsets or perhaps the super-speed chips that power today’s game consoles, there’s no question that a lot of software will be needed to design and host the metaverse. , as well as endless business use cases. that will be developed to exploit it.

With this in mind, it’s worth thinking about how the metaverse will be secured, not just in a general sense, but at the deepest level of its underlying programming. The question of securing the core components of the metaverse, or of any enterprise, comes to the fore regularly, most recently by the Apache Log4j vulnerability, which compromised nearly half of all enterprise systems worldwide, and before that by SolarWinds. attack, which injected malicious code into a simple, routine software update rolled out to tens of thousands of customers. The malicious code created a backdoor into customers’ information technology systems, which the hackers then used to install even more malware that helped them spy on US businesses and government organizations.

Shift left, again

From a DevOps point of view, protecting the metaverse depends on integrating security as a core process through technologies like automated scanning, something that is currently being touted but not widely practiced.

We previously discussed “shift left” or DevSecOps, the practice of making security a “first-class citizen” when it comes to software development, building it in early on rather than hardening it at runtime. Log4j, SolarWinds, and other high-profile software supply chain attacks only underscore the importance and urgency of shifting to the left. The next “big” is inevitably just around the corner.

A more optimistic view is that, far from highlighting the flaws in current development security, the metaverse could be another reckoning for DevSecOps, accelerating the adoption of automated tools and better security coordination. If so, it would be a great blessing to make up for all the hard work.

As we continue to watch the rise of the metaverse, we believe that supply chain security must take center stage and organizations will come together to democratize security testing and scanning, implement software bill of materials requirements ( SBOM) and increasingly leveraging DevSecOps solutions to create a complete chain of custody for software releases to keep the metaverse running smoothly and securely.

Metaverse 2.0

Currently, the metaverse, at least the Meta version, feels like a hybrid of today’s online collaboration experiences, sometimes expanded in three dimensions or projected onto the physical world. But ultimately, the goal is a virtual universe where you can share immersive experiences with other people, even when you can’t be together and do things together that you couldn’t do in the physical world.

While we’ve had online collaboration tools for decades, the pandemic has increased our reliance on them to connect, communicate, teach, learn, and bring products and services to market. The promise of the metaverse suggests a desire to upgrade remote collaboration platforms for a world where more complex work patterns demand more sophisticated communication systems. While this could usher in exciting new levels of collaboration for developers, it will also create a lot more work for them.

Developers are essentially the game changers of our age, driving most of the digital innovations we see today, and the metaverse will be no exception. The metaverse will be large in terms of the code required to support its advanced virtual worlds, potentially requiring many more software updates than any mainstream commercial application in use today. More code means more DevOps complexity, leading to an even greater need for DevSecOps.

It remains to be seen whether the lure of the social gaming metaverse being touted today will help businesses collaborate and communicate more effectively, but three things are irrefutable: the metaverse is coming; it will be made up largely of software; and it will require comprehensive tools to help developers release updates faster, more securely, and more continuously.

Shachar Menashe is a senior director at JFrog Security Research. With over 10 years of security research experience, including low-level R&D, reverse engineering, and vulnerability research, Shachar is responsible for leading a team of researchers to discover and analyze emerging security vulnerabilities and malicious packages. He joined JFrog through the Vdoo acquisition in June 2021, where he served as Vice President of Security. Shachar has a B.Sc. in electronic and computer engineering from Tel-Aviv University.

New Tech Forum provides a venue to explore and discuss emerging business technology in unprecedented depth and breadth. The selection is subjective, based on our choice of technologies that we believe are important and of most interest to InfoWorld readers. InfoWorld accepts no marketing collateral for publication and reserves the right to edit all contributed content. Send all inquiries to [email protected]

Copyright © 2022 IDG Communications, Inc.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *