Are Software and DevOps engineers becoming dumber?
I recently saw a (on purpose) controversial post on Linkedin titled “Are Software engineers becoming dumber?” The idea was that 20 years ago, we didn’t have any AI or Stack Overflow. Back then, you needed a debugger and pen and paper to get your stuff working. But now in 2024 all you need is some AI engineer tool, a framework of your choice, a bit Stack Overflow and you Git push your code into the world without knowing how it even works under the hood.
While the post gave me the feeling of an old man yelling at clouds, there was something to it that made me think.
Many of these abstractions, libraries, frameworks, and tools allowed us to build more and cheaper. They helped us avoid constantly reinventing the wheel and instead have stable and well-engineered building blocks.
This made the landscape much more complex and difficult to understand. Many different domains and tools are mingled into a single project—have you seen your average NodeJS project? Expecting every engineer to be on top of all this is unreasonable, and the need to augment your working process is vital.
From a security perspective, this looks vastly different. Using generated code from AI without checking it can be dangerous. Even code on Stack Overflow has many vulnerabilities. This is being battled by AI to fix detected vulnerabilities automatically.
Will this lead to engineers becoming dumber over time? Or do they need to be better integrated into the company's business, security, and other aspects to orchestrate the development and generation of new products and software?
Interesting Links
GitHub's latest innovation, code scanning autofix, is now in public beta for GitHub Advanced Security customers and promises a monumental shift in handling code vulnerabilities. Leveraging the power of GitHub Copilot and CodeQL, it offers an automated solution that addresses over two-thirds of alerts with minimal manual intervention. This tool speeds up the remediation process and significantly cuts down on security debt by enabling developers to fix vulnerabilities as they occur.
The article delves into the complexities and pitfalls of modern software development, highlighting how excessive reliance on external libraries and bloated code bases compromise software security and efficiency. He critiques the industry's approach to software development, emphasizing the risks posed by the sheer volume of code and dependencies. The text advocates for a shift towards leaner, more secure software practices and discusses regulatory efforts aimed at improving software quality.
Node.js Secure Coding: Defending Against Command Injection Vulnerabilities
My friend and long-time personal hero published a book on writing NodeJS Defending Against Command Injection Vulnerabilities. This book is innovative in teaching secure coding, using real-world CVE vulnerabilities in popular open-source npm packages. Through hands-on exercises and code review, you'll learn how to avoid common security pitfalls and adopt a security-first mindset. It's worth getting when you are a backend JS developer or security Engineer.
Kubernetes 1.30 a security overview
Kubernetes 1.30 introduces significant security enhancements and improvements in the developer experience. This update focuses on strengthening secrets management, node and cluster management, and data security. It features advancements like improved handling of secret images, reduction of secret-based service account tokens, and bound service account token improvements. Additionally, Kubernetes 1.30 offers new measures to safeguard data integrity within volumes and enhances container isolation and authorization controls. This release represents a comprehensive effort to bolster the security and usability of Kubernetes, reflecting the community's commitment to advancing the platform's capabilities.
Working Together?
Thank you for reading along. If you have feedback or questions, message me anytime at andy@occamslabs.com. If you want to work together, here are a few different ways
I can help you:
Security audit of your systems
Improving the security of your current systems
Designing secure systems from the ground up