This time of year, organizations take stock of the year that’s ending and then strategize about what they want to accomplish in the year ahead.

Forrester research director for software development Chris Gardner spoke with SD Times editor-in-chief David Rubinstein to talk about what they’re seeing for 2023. This is a transcript of that conversation, edited for length and clarity.

SD Times: We’re here to kind of get a sense of what you folks are seeing coming up in 2023 for software development.

Gardner: There’s a couple different things that we’re expecting. We’re predicting five different things happening. The first prediction is that, since the development’s taken off in a huge way, we’re getting a tremendous number of questions around low code and no code, particularly from folks that are building applications for the first time. We are seeing a significant number of traditional developers also use low code, no code, and they’re running into their own challenges.

[Non-traditional developers] within organizations are given the access to the tools they need in order to do that development. And they are traditionally not given too much governance or too many constraints as to what they can use. What ends up happening is we’re seeing a number of folks that are building applications and aren’t really thinking about the security ramifications of them. They don’t really talk with their security team; they don’t really ask questions around application security or secure coding or data sensitivity. And what we’re seeing is the potential for a breach. So our prediction is that there will be a headline security breach coming out of citizen development in 2023. Most likely, it’ll be sensitive data that gets out that’s not supposed to get out. And to try to battle this, security teams need to set proper guardrails and review roles instead of proper governance. Those pieces will prevent them from necessarily having that breach. 

SD Times: Yes, that certainly mirrors what we’ve been reporting. So, what’s the second prediction?

Gardner: The second prediction is, API strategies traditionally have been brought about by IT. And that’s not going to stop. IT is big on building out API’s for connecting things like infrastructure and applications to one another. But what we’re seeing is increased interest in this from business leaders, specifically from folks at the C-level. Over 40% of API strategy is coming from the CEO, as opposed to coming from the CIO, possibly coming from boards of directors saying that they need business agility, they need to be able to manufacture, they need to be able to create connections between manufacturing systems, retail systems, automotive systems, so that ecosystem will be required to be created, or will be requested to be created by the C-level folks that are not necessarily in IT. And we’re expecting 40% of strategies will be led by those folks. So those are the people who are actually going to be working to set up the policies, run API’s, and they’ll be building out the ecosystems involved with them. So they’ll go back to the developers and say, here’s what I’m trying to do and trying to connect in terms of my workforce or in terms of my manufacturing, what I’m trying to build out. But it won’t be a situation where it comes up with these API’s on their own.

SD Times: There’s been a lot of talk about API’s now becoming the most vulnerable attack area for bad actors. 

Gardner: And that’s all the more reason why security needs to be involved in this conversation as well. Whenever we talk about API’s and to API taxonomies, and Forrester, we always bring the security and risk management folks into the conversation because it’s critical for them to own that and to shift that process of making sure the API’s are secured as far left as possible.

SD Times: And the third prediction?

Gardner: The third prediction is around the metaverse. So metaverse isn’t here yet, but everyone thinks it’s going to be here eventually. But there’s a lot of precursors, and there’s a metaverse standards forum that was started up this year that includes members across a wide variety of companies. However, they’re not necessarily in the business of implementing standards, they’re in the business of letting their member organizations come up with standards that the group itself can adopt. So what we predict is there’s going to be a number of competing API standards for the metaverse next year to connect between different worlds, almost as akin to how hyperlinks work to connect you around the web. But there will not be one standard. 

SD Times: Interesting. All right. And number four.

Gardner: Number four is value stream management. So we’ve found that since we started looking at this space around 2020, that value stream management has started to explode. There’s been a number of platforms and players that have come into fruition that are allowing folks to look at the entire software delivery life cycle from beginning to end and find places to remove bottlenecks and improve flow, and identify areas that would be great at contributing to business value. We’re expecting that 20% of enterprises will purchase a VSM solution in 2023. The enterprises that do adopt it, we expected to see a 50% improvement in release cadence and better alignment, delivering on core business goals. 

But it’s one of those things that up until recently, value stream management has been thought of mostly at the kind of strategy level; it’s not really been thought of at the developer level. And we’re seeing more and more folks adopted as a critical component of the developer life cycle and getting the most value out of it.

SD Times: And finally, number five.

Gardner: The final prediction is around WebAssembly. And WebAssembly is traditionally thought of to be used in web applications, like BBC’s iPlayer. And libraries like TensorFlow use WebAssembly for high speeds in the browser. What we’re going to find is WebAssembly is going to move to the edge in a big way, we’re already starting to see folks leverage WebAssembly to avoid runtime parsing that bogs down JavaScript at the edge. And at the edge, speed matters. Edge computing requires microseconds, not milliseconds. So we’re expecting that 30% of folks will use WebAssembly at the edge as opposed to web components. And of the compilers that are leveraged for it, which Rust is probably the strongest, it’s going to bring non-JavaScript developers to the edge. Rust itself is going to grow about 10%, in part because of its use of the edge. So edge is going to push development of WebAssembly and Rust in a big way in 2023.