Month: January 2024

While ChatGPT helps developers save time and effort, using AI has important cybersecurity implications.

Once considered a laborious, complex, and highly skill requisite task, the world of coding has changed a lot today. Where previously there was a time when everything had to be written from scratch, and coding libraries didn’t exist, the modern day developer has a world of technology at their disposal to make the process easier. For businesses, it means that their developer teams can churn out code faster than ever before, allowing them to better meet the growing demands of consumers for quicker and better applications.

The latest technological development that’s further expediting coding speeds is AI, and more specifically ChatGPT. ChatGPT puts even more power into the hands of developers, with it now possible to auto-generate code in an instant in whatever programming language needed, all by using simple prompts. Whilst the adoption of ChatGPT and other AI tools in the coding space is already well under way, it’s important to stop and take stock of the cybersecurity implications it may bring with it. It is vital that developers are educated about cybersecurity best practices when using these tools to ensure that the code it produces is secure. For all the responsibility that ChatGPT can take on, the ultimate responsibility for making sure code is safe will always lie with humans. For that reason, precaution around how developers are using this technology is essential.

AI: the next step in the coding evolution

One of the aspects I find most enjoyable about software development is its constant evolution. As a developer, you are always seeking ways to enhance efficiency and avoid duplicating code, following the principle of “don’t repeat yourself.” Throughout history, humans have sought means to automate repetitive tasks. From a developer’s perspective, eliminating repetitive coding allows us to construct superior and more intricate applications.

AI bots are not the first technology to assist us in this endeavor. Instead, they represent the next phase in the advancement of application development, building upon previous achievements.

How much should developers trust ChatGPT?

Prior to AI-powered tools, developers would search on platforms like Google and Stack Overflow for code solutions, comparing multiple answers to find the most suitable one. With ChatGPT, developers specify the programming language and required functionality, receiving what the AI tool deems the best answer. This saves time by reducing the amount of code developers need to write. By automating repetitive tasks, ChatGPT enables developers to focus on higher-level concepts, resulting in advanced applications and faster development cycles.

However, there are caveats to using AI tools. They provide a single answer with no validation from other sources, unlike what you would see in a collective software development community, so developers need to validate any AI solution. In addition, because the tool is in beta stage, the code served by ChatGPT should still be evaluated and cross-checked before being used in any application.

There are plenty of examples of breaches that started thanks to someone copying over code and not checking it thoroughly. Think back to the Heartbleed exploit, a security bug in a popular library that led to the exposure of hundreds of thousands of websites, servers and other devices which used the code.

Because the library was so widely used, the thought was, of course, someone had checked it for vulnerabilities. But instead, the vulnerability persisted for years, quietly used by attackers to exploit vulnerable systems.

This is the darker side to ChatGPT; attackers also have access to the tool. While OpenAI has built some safeguards to prevent it from answering questions regarding problematic subjects like code injection, the CyberArk Labs team has already uncovered some ways in which the tool could be used for malicious reasons. Breaches have occurred due to blindly incorporating code without thorough verification. Attackers can exploit ChatGPT, using its capabilities to create polymorphic malware or produce malicious code more rapidly. Even with safeguards, developers must exercise caution.

The buck always stops with humans

With these potential security risks in mind, there are some important best practices to follow when using code generated by AI tools like ChatGPT. This involves checking the solution generated by ChatGPT against another source, like a community you trust, or friends. You should then make sure the code follows best practices for granting access to databases and other critical resources, following the principle of least privilege, secrets management, auditing and authenticating access to sensitive resources.

Make sure you double-check the code for any potential vulnerabilities and be aware of what you’re putting into ChatGPT as well. There is a question of how secure the information you put into ChatGPT is, so be careful when using highly sensitive inputs. Ensure you’re not accidentally exposing any personal identifying information that could run afoul of compliance regulations.

No matter how developers use ChatGPT in their work, when it comes to the safety of the code being produced the responsibility will always lie with humans. They cannot place blind faith in a machine that is ultimately just as liable to making mistakes as they are. To prevent potential issues, developers need to work closely with security teams to analyse how they’re using ChatGPT, and ensure that they’re adopting identity security best practices. Only then will they be able to reap the benefits of AI without putting security at risk.

We’ve featured the best AI writer.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More 

The skills required in this challenge are constantly evolving, too, thanks to the developments in areas such as cloud-native applications.

As an industry underpinned by innovation, the technology sector can be its own worst enemy when it comes to skills. Cloud technologies are evolving more rapidly than previous generations, but workers aren’t being trained or upskilled quickly enough to meet this demand. As a result, the industry continues to face a widening skills gap, with just over half of UK businesses (57%) ranking hiring the right tech talent as their biggest challenge, according to TechUK’s latest Digital Economy Monitor Survey.

The skills required in this challenge are constantly evolving, too, thanks to the developments in areas such as cloud-native applications, microservices, Kubernetes, containers, and hybrid and multi-cloud environments. The World Economic Forum predicts that by 2027, 44% of workers will see their core skills disrupted because technology is moving too fast, and only half of workers will have access to adequate training. In a world where we rely heavily on our phones, the data they need and their underlying cloud infrastructure – addressing the cloud skills gap is vital for success – particularly within the likes of financial services, telecoms and manufacturing.

Looking beyond degrees to gain quality talent

When it comes to finding the talent, more are looking outside of university-educated candidates in order to fill the demand. One of the main reasons for this is that school and university curriculums are also struggling to keep up with the rate of change. As a result, what students are learning is often out of date by the time they can put it into practice. The future lies in cloud computing, but the industry will continue to suffer if the school curriculum isn’t continually reviewed and updated.

For anyone to develop their cloud skills and enter the industry, there are a number of training and certification courses available. Many businesses view these as reputable qualifications, enabling prospective employees to elevate their skills and expertise to gain a competitive edge. Importantly, beginner cloud computing courses provide a broad introduction to all aspects of the industry, helping people to learn the fundamentals. Once a candidate has completed an introductory course, they can then look to more advanced training programs that delve further into specific areas of the field, dependent on what their interest is and the career path they want to take.

The key skills to invest in

Which skills are needed will depend on the organization, but knowledge of the basics including cloud service platforms, programming languages such as Python, and application programming interfaces (APIs) will always help. Hybrid cloud skills are also worth investing in, with recent Canonical research finding that 83% of respondents are now using hybrid or multi-cloud architecture, and too few organizations currently invest in these skills.

Kubernetes, the open source system for managing containerized applications, is another important skill: it is rapidly crossing into the mainstream and enables business leaders to deliver microservices in a way that cuts costs. DevOps models, where development and operations teams work closely together, can help to manage cloud infrastructure, particularly among organizations that choose to manage cloud infrastructure on their own rather than opting for a managed service.

Whether a business is hiring new talent or developing and upskilling its existing talent, there is one key attribute to look out for that’s far more important than any skill – a willingness to learn. Candidates who are already masters of multiple frameworks, skills and languages may be able to learn new skills more easily, but the willingness to engage with new technologies often cannot be taught. Having contributed to open source projects is usually good evidence of this crucial ability to learn. Generally speaking, it also pays to hire people who can build applications, rather than dozens of project managers, as any program to upskill talent will be built around hands-on experience.

Developing a skills program

As the newest generation of technology is created, developers, engineers, security professionals, DevOps team members, operations teams, and more must continually learn and master how to work with them. To support this, businesses must implement a skills program. This can be done in many ways and can be as simple as encouraging teams to watch tutorials on YouTube. There are also external experts that can be brought in to lead training sessions and workshops. If a small team within an organization works on using new technology to solve an existing problem, excitement will spread throughout the organization. It’s down to leaders to create opportunities for their teams to apply new technologies to new projects.

Another approach is to partner with a vendor. An organization should choose one that is familiar with cloud-native technology and open source communities. The right vendor can help to manage infrastructure and applications as a workforce upskills, targeting training to the right people as well as overseeing the open source software required.

A changing world

The cloud computing market is ripe with technological advancements, but to ensure they can reap the benefits, businesses need to have the right team in place. To do so, they need to attract the right talent. Companies should look to apply a degree of science to their hiring process – such as using advanced analytics to provide hiring teams with data they can use to help identify suitable talent. This is something we have implemented at Canonical, with our talent acquisition teams taking a full 360 approach. For example, it isn’t just a candidate’s qualifications that are taken into consideration; their behaviors are also analyzed to ensure they are the right person for the role.

Attracting the right talent also comes down to students being taught the skills needed to succeed in today’s world of modern work. In the longer term, businesses need to work with the education sector to ensure these skills are being developed. In the near future, organizations need to focus on self-teaching, online courses, and spreading enthusiasm for these exciting technologies within their organizations. Getting hands-on is the best way to learn.

We’ve featured the best online learning platform.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More