Five Questions to Answer Before You Start Adopting AI-Generated Code Practices
In the digital age, the ability to ship code faster than your competitors creates an almost incalculable advantage. It allows companies to introduce new and improved features, better respond to customer needs and market trends, and reduces the resources required for each project. It’s no wonder, then, that the prospect of generative AI coding assistants taking a significant portion of the coding burden off your plate is creating so much excitement. When used effectively, these tools have the potential to halve the time required for the average software development project.
However, if deployed without due diligence, AI assistants could create more work, not less, for overstretched development teams. Every line of code must be rigorously tested, secured, and fixed before it goes into production. A sudden and dramatic increase in the amount of code being created therefore places an unmanageable burden on developers, especially since research shows that approximately 40% of code created by copilots contains bugs. As a result, poor implementation of generative AI can actually increase the workload of developers, leading to decreased productivity and burnout.
Check, test, verify
The problem for organizations looking to accelerate software development is that, even without accounting for increased code volume, developer labor in the downstream stages of delivery is already spiraling out of control. More than two-fifths (42%) say their processes for deploying code to production are neither fast nor efficient. A key reason for this is the time-consuming task of reviewing, testing, and verifying code, with two-thirds of developers (67%) saying such reviews take more than a week. In addition, developers face constant manual rollbacks of failed deployments, insufficient test coverage, and additional cybersecurity delays.
The implications of this overload are substantial, with research suggesting that poor quality software costs the US alone approximately $2.4 trillion per year, contributing to the rise in cybercrime and the proliferation of mega-vulnerabilities like MOVEit. In this context, if AI assistants ultimately double or even triple the volume of code reviews that developers need to complete, these costs and security vulnerabilities will become much more prevalent and impactful. As a result, organizations could face potentially serious economic, reputational, and regulatory consequences.
The five core questions
However, AI-generated code can be truly transformative for organizations, if the right protections are in place. The challenge, therefore, is to find a way to reduce developer efforts to the absolute minimum, so that teams can safely and effectively manage the increased volume of code. To that end, there are five key questions that every organization must answer before embarking on such an adoption project:
Is automated security integrated into every phase of delivery? By introducing secure, well-managed pipelines that automate the testing, review, and verification process, organizations can alleviate much of the manual code review effort that development teams currently take on.
Are development approaches aligned to support automated code creation and review? To gain the most benefit from automated pipelines, organizations need to have effective Agile development approaches in place. For example, using pair or mob programming approaches can help to radically reduce the need for manual code reviews in later stages of delivery, thereby streamlining automated testing, review, and fix processes.
Are controls being applied effectively? Security policies are only as effective as their level of compliance. Given the pressure development teams experience to get code into production quickly, there is often a temptation to cut corners and skip or rush security controls. Therefore, organizations should adopt a policy-as-code approach to prevent new code from being released until it meets stringent requirements for availability, performance, and security.
How is third-party code authenticated? Incidents like SolarWinds and MOVEit have shown how important it is for security measures to extend beyond the four walls of an organization. However, monitoring and verifying third-party open source software components and artifacts is an incredibly time-consuming task. As a result, organizations should automate as many of the processes they rely on to monitor and control these assets as possible, such as creating a Software Bill of Materials and performing SLSA attestations.
Where can Generative AI help in solving security issues? In addition to enabling development teams to create code faster, Generative AI can be invaluable in quickly analyzing and fixing vulnerabilities. Each issue that is automatically identified and fixed is a task that development teams no longer have to perform. Generative AI can be especially effective when discovering far-reaching mega vulnerabilities, such as Log4j, which require thousands of components to be checked and fixed. These tasks can take hundreds of hours if developers have to perform them manually.
Faster, better, happier
With the generative AI coding tools market expected to grow at a compound annual growth rate of approximately 22% over the next decade, it seems likely that a hybrid human/AI approach to software delivery will soon be the norm. While introducing these tools safely and effectively can be a tricky balancing act, there is significant reason for optimism about what it means for the future of the software development industry.
When done right, generative AI can provide immediate support to free up workers by helping them solve problems, democratizing the coding process, and dramatically increasing productivity. In short, organizations that get the transition right can look forward to development teams that burn out less, spend more time on interesting, valuable strategic work, and feel happier and healthier overall. As they continue this journey, companies will find it easier to become more agile and responsive to both customers and the market.
We provide an overview of the best IDEs for Python.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of Ny BreakingPro or Future plc. If you’re interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro