Skip to main content

Posts

Report: AI and security governance remain top priorities for 2025

Companies are planning to invest more heavily in AI skills and security governance, risk, and compliance initiatives this upcoming year, according to new research from O’Reilly. The company’s Technology Trends for 2025 report analyzed data from 2.8 million users on its learning platform. The research shows significant increases in interest in various AI skills, including prompt engineering with a 456% increase, AI principles with a 386% increase, and generative AI with a 289% increase. O’Reilly also noted that there was a 471% increase in interest in content about GitHub Copilot. Some AI topics experienced a decrease in interest, however. GPT saw a 13% drop in usage and a downward trend in searches. According to O’Reilly, this may indicate that “developers are prioritizing foundational AI knowledge over platform-specific skills to effectively navigate across various AI models such as Claude, Google’s Gemini, and Llama.” Security also saw increased interest, with interest in govern...

Best practices for CI/CD migration: The GitHub Enterprise example

Continuous Integration/Continuous Delivery (CI/CD) software – meaning solutions that teams use to build, test and deploy applications – has come a long way over the past decade. Whereas organizations once cobbled together CI/CD pipelines using disparate open source tools, they now have a plethora of end-to-end, vendor-supported enterprise CI/CD platforms that they can use instead. Because these solutions offer everything teams need to deliver software, they are simpler to deploy and manage. Yet, while there are clear benefits to adopting an enterprise CI/CD platform, migrating to one can be difficult. It poses a number of challenges, such as the risk of CI/CD pipeline downtime and security and compliance challenges. That’s why businesses migrating to newer CI/CD solutions should approach the process with a detailed, step-by-step plan. Here’s a look at the challenges to navigate, along with tips on how to make CI/CD migration as smooth as possible. To ground the discussion, I’ll focu...

Podcast: The negative long-term impacts of AI on software development pipelines

AI has the potential to speed up the software development process, but is it possible that it’s adding additional time to the process when it comes to the long-term maintenance of that code?  In a recent episode of the podcast, What the Dev?, we spoke with Tanner Burson, vice president of engineering at Prismatic, to get his thoughts on the matter. Here is an edited and abridged version of that conversation: You had written that 2025, is going to be the year organizations grapple with maintaining and expanding their AI co-created systems, exposing the limits of their understanding and the gap between development ease and long term sustainability. The notion of AI possibly destabilizing the modern development pipeline caught my eye. Can you dive into that a little bit and explain what you mean by that and what developers should be wary of? I don’t think it’s any secret or surprise that generative AI and LLMs have changed the way a lot of people are approaching software develo...

Cognitive computing: Blending AI with software engineering

Artificial intelligence is very effective at answering questions, based on the data upon which it was trained. It is, however, still quite limited in what it can do. For instance, you could ask AI to book a flight reservation to Paris, with a seat in economy plus, and to give you an itinerary once you arrive. AI will list out all the steps to get those things done, but cannot yet of itself carry out those steps. This is where cognitive computing comes in, with the ability to mimic human-like behavior. Cognitive computing is not a new term or practice, having been coined in the 2010s, but the advances in technology since then have moved it to the foreground. These platforms bring together such things as AI and ML as well as speech and object recognition and natural language processing. “You can start to stitch the natural language understanding that these [AI] models bring to the table with the traditional programming that we are able to carry out workflows and actions based on those...

December 2024: People on the Move

A number of companies have announced major changes to their executive leadership last month. Here are a couple of the moves across the industry this past month. Intel names two interim co-CEOs after ousting of Pat Gelsinger It was reported that Intel’s board was unhappy with the results Gelsinger was bringing for the company, such as an inability to compete with NVIDIA.  David Zinsner and Michelle (MJ) Johnston Holthaus have been brought in as co-CEOs in the meantime while a permanent replacement is founded.  Both were already leaders in the company, with Zinsner as executive vice president and CFO and Holthaus as executive vice president and general manager of the Client Computing Group.  Frank Yeary will step in as interim executive chair of the board during the transition period. The board has already formed a search committee to find a successor.  GitLab appoints Bill Staples as CEO Staples will replace Sid Sijbrandij, who also co-founded the company in ...

Report: Data is a barrier to AI project success

High-quality data is the key to a successful AI project, but it appears that many IT leaders aren’t taking the necessary steps to ensure data quality. This is according to a new report from Hitachi Vantara, the State of Data Infrastructure Survey , which includes responses from 1,200 IT decision makers from 15 countries.  The report found that 37% of respondents said that data was their top concern, with 41% of U.S. respondents agreeing that “‘using high-quality data’ was the most common reason provided for why AI projects were successful both in the U.S. and globally.” Hitachi Vantara also predicts that the amount of storage needed for data will increase by 122% by 2026, indicating that storing, managing, and tagging data is becoming more difficult.  Challenges are already presenting themselves, and 38% of respondents say data is available to them the majority of the time. Only 33% said that the majority of their AI outputs are accurate 80% said that the majority of their...

Tackling cloud native turbulence with platform engineering

Platform engineering involves creating and managing a set of tools, services, and processes that enable developers to focus on building applications without worrying about the underlying infrastructure. The specific definition of a platform can vary depending on the needs and goals of an organization. The Cloud Native Computing Foundation (CNCF) has played a significant role in shaping the platform engineering landscape. The CNCF ecosystem offers a wide range of tools and projects, including Kubernetes, Prometheus, Envoy, and many more. However, the complexity of the CNCF landscape can make it challenging for teams to select the right tools and build a cohesive platform. An opinionated platform approach involves making deliberate choices about the tools and technologies to be used, providing a more streamlined and predictable experience for developers. By adopting an opinionated platform, organizations can reduce complexity, improve consistency, and accelerate development cycles. Th...

Shift left security — Good intentions, poor execution, and ways to fix it

The concept of “shift left” is fundamentally sound. Integrating security earlier into the software development life cycle (SDLC) seems like the obvious move. Instead of leaving security as an afterthought, why not address it before it becomes a problem? It sounds ideal: Faster remediation, fewer vulnerabilities slipping through the cracks, and developers becoming security heroes. Hooray! However, despite the appeal, shift left hasn’t quite lived up to its promise. The intention is clear, but the execution leaves much to be desired. While our industry has tried to move security earlier in the process, the way it has been done isn’t working for developers. I’ve experienced this firsthand, and I believe there’s a better way to fulfill the original promise of shift left. Where Shift Left Falls Short The whole premise of shift left is to put security into the hands of developers, empowering us to manage the risks associated with the code we write. In theory, this decentralizes security,...

Top misconceptions about platform engineering (and what to do about them)

While it’s often said that “time is money” when it comes to business, that phrase is now applicable to software development. Staying competitive in today’s world means staying current. Whether large or small, organizations need the ability to respond quickly to changing marketing conditions, business needs, security requirements, and more. And they can’t do that with a software development and deployment infrastructure that is slow to respond. At the same time, many organizations are adopting multiple cloud environments as well as edge use cases which create a more complex management requirement. This is making it harder than ever to streamline application development and deployment. Choices for software development, deployment, management, optimization and security tools have never been broader, and technology workers are dispersed across the globe. In short, modern operating patterns require teams to support an increasingly complex technology landscape across clouds – all of which ...

Predictions for software development in 2025

As we do every year, we’ve heard from folks around the software development industry who share their thoughts on which areas will thrive and which might not survive in 2025 and beyond. Here are some of their predictions for next year. Derek Holt, CEO of Digital.ai While Value Stream Management continued to lose steam in 2024, we also saw the fast emergence of Software Engineering Intelligence (SEI) to take its place. SEI will have a breakout year in 2025 as more and more businesses realize they need to measure the end-to-end business process of software development and delivery in order to drive continuous improvement, truly deliver improved developer experiences and ultimately realize the potential gains for an AI-powered Software Development and Delivery capabilities. SEI is the key to each.      Emily Nakashima, VP of engineering at Honeycomb While the current AI hype shows no signs of slowing, so much of the focus in 2024 was on AI code authorship rather than co...

Techniques to secure open source software

Attackers are increasingly targeting open source projects, seeking to exploit holes in software that millions of organizations rely on as the foundation of their technology stacks. The staggering 280% year-over-year increase in software supply chain attacks in 2023 serves as a stark warning: open source projects and their leadership must elevate security to their highest priority. Reported incidents targeting JavaScript, Java, .NET, Python, and other ecosystems reached 245,000 attacks in 2023 alone—more than double the total incidents from 2019 to 2022 combined. These attacks have grown not only in frequency but in sophistication. The Log4j vulnerability that emerged in March 2022 illustrates this evolution, demonstrating the complex and mature threats that open source projects must now defend against. Complacency creates risk While open source leaders largely recognize the importance of security, development pressures often push security concerns aside. Organizations need...

New InstallAware X17: Future-Proof, Azure Trusted, Dongle-Free Code Signing

InstallAware Software, the technology leader in software installation, repackaging, and virtualization solutions for app developers and enterprises, today launched InstallAware X17. InstallAware X17 confers instant trust on packages it signs via its implementation of Azure Trusted Signing, which grants complete trust with purely electronic signing. This separates it from ordinary verification certificates, which are easy to obtain but require weeks to months of use before being trusted by Windows, and also unlike Extended Verification certificates, which do confer the benefit of instant trust but at the great inconvenience of physical dongle requirements (destroying build automation/cloud capabilities). InstallAware X17 also future-proofs its code signing process by implementing new Code Signing Hooks, so that any time the IDE would sign a binary, the hooks trigger and execute any number of custom command lines. This makes it a triviality to integrate with any present or future ven...

The rise of “soft” skills: How GenAI is reshaping developer roles

The software development landscape is undergoing a profound transformation as generative AI (GenAI) reshapes traditional coding practices. This technological revolution isn’t just changing how code is written—it’s fundamentally altering the skill set developers need to succeed in their careers. As development teams across the industry integrate GenAI into their workflows, a new paradigm is emerging that demands both enhanced technical expertise and stronger interpersonal skills. It’s an opportunity for senior management to rethink how teams are trained and structured to maximize productivity and code quality with AI and human coders working together.  The Shifting Nature of Development Work As GenAI takes on more routine coding tasks, developers are finding that, instead of simply writing code, their focus has shifted to three core responsibilities: translating business requirements into technical solutions, reviewing and validating AI-generated code, and collaborating on complex...

The top software development news of 2024

As 2024 comes to a close, SD Times is looking back at the top software development news stories of the year across the industry. Here are 10 of what we believe to be the biggest stories we covered throughout the year: Microsoft releases .NET 9 .NET 9 was released in November , adding a number of performance improvements and new functionality to support developers building with AI.  According to Microsoft, this release featured more than 1,000 performance updates, one of which was that the Server GC was altered to adapt to application memory requirements instead of the resources available in the environment. This change resulted in a 15% increase in requests per second compared to .NET 8 and a 93% reduction in memory usage, Microsoft claimed. .NET capabilities were also expanded for building AI into applications. For this release, Microsoft collaborated with Semantic Kernel to provide a set of C# abstractions for the .NET ecosystem for interacting with AI services. This will ma...