Jump to content
Facebook Twitter Youtube

[software] Will AI delete your app sec job? 5 lessons for software teams


_Happy boy
 Share

Recommended Posts

delete-key-ai-app-sec-rob-lemos.jpg?itok

In 2020, the OpenAI team granted access to what many consider "artificial intelligence": the third version of the generative pre-trained transformer, or GPT-3. The AI model is an exercise in scale, with 175 billion parameters, or 10 times more than the previous largest model, and can quickly learn a task with a few examples. GPT-3 can create passages of prose that both make sense and sound human.

But several AI enthusiasts also discovered that it can generate code. In a demonstration on YouTube, GPT-3 takes requests for specific web page features—"a black button and an orange button," for example—and converts them into valid CSS.

I response, a collective shudder has gone through the developer community. ID Software's founder, John Carmack, said in a July 2020 tweet that has sparked a lively discussion, "I used to say that AI research seemed to have an odd blind spot towards automation of programming work, and I suspected a subconscious self-preservation bias. The recent, almost accidental, discovery that GPT-3 can sort of write code does generate a slight shiver."

One response to the post captures the fear that life as developers and app sec teams as they know it is about to change:

"Prepared to be deprecated."

How much should software teams worry? Here are five lessons from top experts for a reality check.

1. Whom the robots are coming for
Unlike earlier waves of automation, such as robotic process automation, that primarily affected low- and middle-income occupations, applied machine-learning and AI technologies will have a greater impact on high-income occupations—including developers.

While analysts consider high-creativity occupations, such as application programmers, to be safe from automation, AI promises creative and error-free programming. Yet, in many cases, humans will move into complementary jobs, said Beena Ammanath, executive director of the Deloitte AI Institute.

"In the future, you can imagine or describe what you want the code to do, and it will get auto-generated. Does that mean the software engineer role or developer role with vanish? I don't think so."
—Beena Ammanath

Software development is already in the target of machine learning and AI. While past assessments of the changes that AI would work on employment concluded that the tasks that are easiest to automate—often of lower-paid workers—would be affected most, economists and AI experts are increasingly reassessing their assumptions.

AI will largely affect higher-level jobs. Market analysts, sales managers, and programmers are facing the largest exposure to the impact of AI, analysts say. 

"Where the robotics and software that dominate the automation field seem mostly to involve 'routine' or 'rule-based' tasks—and thus lower- or middle- pay roles—AI’s distinctive capacities suggest that higher-wage occupations will be some of the most exposed," the Brookings Institute concluded in a report.

Much of the analysis is based on the work of Michael Webb, a PhD candidate in economics at Stanford University, who used machine learning to compare job descriptions and the text of patents to figure out "the exposure of tasks to automation." Validating the findings on previous emerging technologies—robotics and software—he found that technology patents can be used to predict future technology impacts and that those patents that focus on AI are set to impact higher-paid work than previously estimated, he stated in a January 2020 technical paper.

The Brookings Institute combined his work with specific occupations, finding that developers—specifically, computer programmers—will face high exposure to the disruption of AI technology.

2. Developer and app sec teams will remain in demand
Despite those impacts, there are many reasons not to immediately worry if you are a developer or on an application security team.

First, the impact of AI will not immediately change the market for developers. In a study that analyzed job postings for certain skills and the existence of AI technology in those same areas, a group of economists from the Massachusetts Institute of Technology, Princeton University, and Boston University found that the "AI exposure is associated with both a significant decline in some of the skills previously demanded in vacancies and the emergence of new skills."

Yet, even more than a decade after postings for AI-knowledgeable researchers started to take off, the overall impact on the job market is still minor.

Moreover, software developers continue to be in demand. Rather than replace developers, technologies such as software automation have made developers' jobs more efficient. While low-code and no-code technologies also threaten to upend developers' lives, so far the technologies have expanded the ranks of those professionals, said Chris Wysopal, CTO and co-founder of the application security firm Veracode.

"More and more applications are being built than ever before with the whole digital transformation, which the pandemic is accelerating, and the question continues to be, 'Are there enough developers to go around?' Some of those applications that might not have been built are instead being built by low-code and no-code. It expands the pool of applications, not shrinks the pool of developers."
—Chris Wysopal

3. AI will change how your teams work
For most development teams, AI tools will help to smooth development, to create defect-free code, and to identify bottlenecks. Game-maker Ubisoft, for example, has created a tool called Commit Assistant, that uses a combination of machine learning and automation to learn from bug fixes and create signatures to identify future bugs. The tool can recognize six in 10 software errors, with an accuracy of 70%.

In 2019, the Mozilla Foundation adopted the Commit Assistant, also known as Clever-Commit, to aid its software development.

While automation and AI have had an increasing impact on software development, the demand for software developers will grow an average of 21% per year for the next decade, according to an analysis by Deloitte. Rather than doing a search of Google or StackOverflow for correct code, developers will have AI assistants to help them create better code, using big data and machine learning to pinpoint the best and most efficient samples.

"The software engineer role or the software developer role is going to move to a higher level, where you are more connected on the design side or the creative side, and focus on being able to try out different ways of designing the same solution."
—Beena Ammanath

4. Security benefits from more AI
A variety of companies have already started using machine-learning algorithms and pattern recognition to analyze vulnerability reports and the subsequent code changes to determine what program patterns are bug-free.

In May, the research firm Altran and Microsoft teamed up to release Code Defect AI, which uses a variety of machine-learning techniques to determine whether software follows good practices and determines whether the latest commit is likely to have bugs. Software security firm Snyk acquired DeepCode.ai, which scans open-source repositories and commits to create a model of what mistakes coders are making.

The increased abstraction of low-code and no-code development will likely also feed into the AI trend, especially if AI adoption results in more companies using higher-concept development and low-code application creation, said John Bratinecevic, senior analyst for application development and delivery at Forrester Research. Because such technologies add significant rails to development, security will benefit, he said.

"At a technical level, it is more secure, because you can't make as many technical fumbles."
—John Bratinecevic

5. Lifelong learning will serve you well
Overall, the increase in AI adoptions means that developers will have to learn new coding frameworks, understand machine-learning concepts, and adapt to working with AI-powered tools. The economists from MIT, Princeton, and BU discovered that, as AI demonstrated capabilities to take on certain tasks such as code review, those skills declined in job postings, indicating less demand.

Developers should expect changes ahead and focus on life-long learning to stay relevant, said Deloitte's Ammanath.

"Because this space has seen such rapid changes, developers who can thrive in that environment will be able to adapt to the future. Developers may not need to know AI, but they need to be able to use the tools that AI is follow up to make their development job work."
—Beena Ammanath

Go with the flow: It's what development teams do
If any class of workers can rise to the challenge that AI poses for future employment, it is developers, Ammanath added. Developers are constantly learning new frameworks, new programming approaches, and new languages.

"Developers who focus on learning will find that as AI closes one door, another will open."
—Beena Ammanath

Keep learning
Learn how to build an app sec strategy for the next decade in this Jan 21 Webinar.

Get up to speed on modern app sec with this Jan 27 Webinar about the day in the life of an application security developer.

See TechBeacon's Guide to App Sec Testing and Gartner's 2020 Magic Quadrant for AST.

Discover how a SAST-DAST combo can boost your security in this Webinar.

Build app sec into your software with TechBeacon's Guide.

Take a deep-dive into the tools landscape with our Application Security Trends and Tools Guide.

  • I love it 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

WHO WE ARE?

CsBlackDevil Community [www.csblackdevil.com], a virtual world from May 1, 2012, which continues to grow in the gaming world. CSBD has over 70k members in continuous expansion, coming from different parts of the world.

 

 

Important Links