New Black Duck Research Finds Majority of DevSecOps Teams Not Confident About Securing AI-Generated Code

The survey analyzes the tug-of-war that AI-assisted coding tools present in the software development process

Black Duck Software, Inc.  today announced the publication of the “Global State of DevSecOps 2024” report examining the trends, challenges, and opportunities impacting software security. According to the data, a wave of AI adoption is radically shifting how software goes from ideation to deployment. Nearly all survey respondents – over 90% – said that they are using AI in some capacity for their software development process, demonstrating just how crucial it is for organizations to take the proper security measures throughout the entire development lifecycle. And yet, 67% of respondents were concerned about securing AI-generated code.

Also Read: Unisense Launches Next-Gen AI Solution, Redefining the Shopping Experience

Industries across the Technology, Cybersecurity, Fintech, Education, Banking/Financial, Healthcare, Media, Insurance, Transportation, and Utilities sectors reported similar high adoption, underscoring the importance of having seamless security mechanisms in place. In the Nonprofit sector, which is traditionally slower to technological advancements due to constrained resources, at least half of organizations surveyed reported that they were using AI. Unsurprisingly, the larger the organization, the more likely it has significantly adopted some facet of AI in its software development.

“AI is a technology enabler that should be invested in, not feared, so long as the proper guardrails are being prioritized,” said Jason Schmitt, CEO of Black Duck. “For DevSecOps teams, that means finding sensible uses to implement AI into the software development process and layering the proper governance strategy on top of it to protect the heart and soul of an organization – its data.”

The new report from Black Duck is based on a survey conducted by Censuswide, which polled more than 1,000 IT professionals around the world – including software developers, AppSec professionals, CISOs, and DevOps engineers across multiple countries and industries. Key findings from the report include:

• AI is the standard, but security pros aren’t fully convinced. A large majority (85%) of survey respondents noted that they have at least some measures in place to address the challenges posed by AI-generated code, such as potential IP, copyright, and license issues that an AI tool may introduce into proprietary software. However, less than a quarter (24%) are “very confident” in their policies and processes for testing this code.
• Security is still a barrier to speed. More than half of respondents (61%) said that security testing moderately or severely slows down development. Fifty percent of those that feel this way also say that most projects are still being added manually.
• A broad proliferation of tools is leading to high levels of testing inconsistencies. A whopping 82% of organizations are using between 6 and 20 different security testing tools, making it challenging to effectively integrate and correlate results across platforms and pipelines, leading to difficulty in distinguishing between genuine issues and false positives.

Also Read: AiThority Interview with Jie Yang, Co-founder and CTO of Cybever

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]