While the metaverse is still years from being ready for everyday use, many of its parts are already here with companies like Apple, Epic Games, Intel, Microsoft, Nvidia and Robblox. More are working hard to bring this virtual reality to life. But while most people default to visions of augmented reality headsets, or the superspeed chips that power today's gaming consoles, there's no question there will be a massive amount of software needed to design and host the metaverse, as well as a number of business use cases that will ultimately look to exploit it.
With this in mind, it's worth giving thought to how the metaverse will be secured, not only in a general sense but at the deeper level of its underlying programming. The question of securing the core components of the metaverse - or any enterprise - is one that was brought to light once again most recently by the Apache Log4j vulnerability that compromised nearly half of all enterprise systems around the globe. Or, the SolarWinds attack in which hackers injected malicious code into a simple, routine software update rolled out to tens of thousands of customers. The malicious code created a backdoor to customers' information technology systems, which hackers then used to install even more malware that helped them spy on US companies and government organisations.
From a DevOps point of view, securing the metaverse depends on integrating security as a fundamental process using technologies such as automated scanning, something that's widely touted today but not always widely practised.
'Shifting left', or DevSecOps, underscores the importance of making security a 'first-class citizen' when it comes to software development, baking it in from the start rather than being bolted on in runtime. Log4j, SolarWinds and other high-profile software supply-chain attacks only solidify this point, and the next 'big one' is inevitably around the corner.
A more optimistic view is that far from highlighting the failings of today's development security, metaverse may be yet another reckoning for DevSecOps, accelerating the adoption of automated tools and better security coordination. If so, that would be a huge blessing to make up for all the hard work.
As we continue to watch the rise of the metaverse, supply chain security should take centre stage, and organisations will rally to democratise security testing and scanning, implement software bill of materials (SBOM) requirements, and increasingly leverage DevSecOps solutions to create a full chain of custody for software releases to keep the metaverse running smoothly and securely.
Currently, according to Facebook, the metaverse feels like a hybrid of today's online collaboration experiences, sometimes expanded into three dimensions or projected into the physical world. But, eventually, the goal is to have it evolve into a virtual universe where you can share immersive experiences with other people even when you can't be together, and do things together you couldn't do in the physical world.
While we've had online collaboration tools for decades, the pandemic supercharged our use and almost crippling reliance on them to connect, communicate, teach, learn and bring products and services to market. The promise of the metaverse suggests a desire to bring remote collaboration platforms up to speed for an age where more complex work patterns demand more sophisticated communications systems. While this could usher exciting new levels of collaboration for developers, it will also create a whole lot more work for them.
Developers drive the majority of digital innovations we see today. The metaverse will be no exception. It will be big in terms of the code needed to support its advanced virtual worlds, potentially generating the need for a lot more software updates than any mainstream business application in use today. More code means more DevOps complexity, leading to an even greater need for DevSecOps.
Whether the allure of the social gaming metaverse being touted today will ultimately help businesses collaborate and communicate more effectively remains to be seen. But three things are irrefutable: one, the metaverse is coming; two, it will be largely software; three, it will require comprehensive tools to help developers release updates faster, more securely and continuously.
The writer is general manager and India head, JFrog India