In the digital age, the ability to ship code faster than competitors creates an almost incalculable advantage. It allows companies to introduce new and better features, better respond to customer needs and market trends, and reduce the resources required for each project. It’s no wonder, then, that the prospect of generative AI coding assistants taking on a significant portion of the coding burden generates so much excitement. When used effectively, these tools have the potential to halve the time required for an average software development project.
However, if AI assistants are deployed without due diligence, they can create more work, not less, for overburdened development teams. Every line of code must be rigorously tested, secured, and fixed before it goes into production. Therefore, a sudden, drastic increase in the amount of code being created puts an unmanageable burden on developers, especially since research has found that around 40% of code created by copilots contains bugs. As a result, a poor implementation of generative AI can end up increasing developers’ workload, leading to lower productivity and burnout.
Check, test, verify
The problem for organisations looking to speed up software development is that, even before accounting for the increased volume of code, developers’ work in the later stages of delivery is already spiralling out of control. More than two-fifths (42%) say their processes for deploying code to production are neither fast nor efficient. One of the main reasons for this is the time-consuming task of checking, testing and verifying code – two-thirds of developers (67%) say these reviews take more than a week. On top of this, developers constantly deal with manual rollbacks of failed deployments, insufficient test coverage and additional delays from cybersecurity.
The implications of this overload are substantial: research suggests that poor-quality software costs around $2.4 trillion a year in the US alone, contributing to rising cybercrime and the rise of mega-vulnerabilities like MOVEit. Against this backdrop, if AI assistants end up doubling, or even tripling, the volume of code reviews developers must complete, these costs and security issues will become much more frequent and impactful. Organizations could find themselves with potentially serious economic, reputational, and regulatory consequences as a result.
The five key questions
However, AI-generated code can be truly transformative for organizations, if the right steps are taken. The challenge, therefore, is to find a way to reduce developers’ workload to a minimum, so that teams can safely and effectively manage the increased volume of code. Therefore, before launching any such adoption project, there are five key questions that every organization should try to answer:
Has automated security been built into every phase of delivery? By introducing secure, well-governed pipelines that automate the testing, verification, and control process, organizations can alleviate a large portion of the manual code review effort currently performed by development teams.
Are development approaches ready to support automated code creation and review? To get the most benefit from automated pipelines, organizations must have effective agile development approaches in place. For example, employing pair or group programming approaches can help radically reduce the need for manual code reviews in later stages of delivery and therefore streamline automated testing, verification, and remediation processes.
Are controls being enforced effectively? Security policies are only as effective as they are in terms of compliance. Given the pressure on development teams to move code into production quickly, there is often a temptation to cut corners and bypass or rush security controls. Therefore, organizations should apply a policy-as-code approach to prevent new code from being released until it meets strict availability, performance, and security requirements.
How do you authenticate third-party code? Incidents like SolarWinds and MOVEit have shown how important it is for security measures to extend beyond the four walls of an organization. However, monitoring and verifying open source software components and third-party artifacts is an extremely time-consuming practice. Therefore, organizations should try to automate as many of the processes they rely on to monitor and control these assets as possible, such as creating software bills of materials and performing SLSA certifications.
How can generative AI help solve security problems? In addition to allowing development teams to create code faster, generative AI can be very useful in analyzing and fixing vulnerabilities quickly. Every problem identified and fixed automatically is one more task that development teams no longer need to manage. Generative AI can be especially effective when large-scale mega-vulnerabilities are discovered, such as Log4j, as they can require thousands of components to be checked and fixed. These tasks can take hundreds of hours if developers need to perform them manually.
Faster, better, happier
With the generative AI coding tools market projected to experience a compound annual growth rate of around 22% over the next decade, it seems likely that a hybrid human-AI approach to software delivery will soon be the norm. While safely and effectively introducing these tools can be a difficult balancing act, there are great reasons to be optimistic about what it will mean for the future of the software development industry.
If implemented correctly, generative AI can provide instant support to reduce developers’ workload, helping them solve problems, democratize the coding process, and dramatically increase productivity. In short, organizations that make the transition correctly can expect to have development teams that are less likely to burn out, spend more time on interesting, high-value strategic tasks, and are generally happier and healthier. As they continue down this path, companies will find that they find it easier to become more agile and responsive to both customers and the market.
We list the best IDEs for Python.
This article was produced as part of TechRadarPro's Expert Insights channel, where we showcase the brightest and brightest minds in the tech industry today. The views expressed here are those of the author, and not necessarily those of TechRadarPro or Future plc. If you're interested in contributing, find out more here:
