The Silver Bullet That the Software Industry Has Been Waiting For

5

October

2022

5/5 (2)

Hardware is one of the fastest improving sectors in the technology industry. Over time, our computers are decreasing in price while their speed is increasing exponentially. This idea is otherwise referred to as Moore’s law. However, where technological hardware has seen six orders of magnitude price-performance gain in 30 years, software improvements are lacking behind (DBA lecture 1, 2022). It is not that software improvement is slow, but rather that hardware improvements happen relatively very fast. Fred Brooks (1987) emphasises that there is no silver bullet for software development that promises to deliver price-performance gains even slightly comparable to those seen in the hardware industry. Brooks writes that

“there is no single development, in either technology or in management technique, that by itself promises even one order-of-magnitude improvement within a decade in productivity, in reliability, in simplicity.

However, that silver bullet might have arrived after all with the arrival of a new software development technique. GitHub Copilot is an extension to your coding environment that serves as an AI pair programmer. There are two primary ways in which it supports software developers. Firstly, it makes suggestions on how to finish code whilst it is being written. An example is displayed in image 1. When a software developer starts typing a function to generate random numbers (the line of code marked in colour), Copilot will recognise what the developer is doing and do suggestions on how to finish the code (the line of code marked in light grey).

Image 1

Its second primary function is to generate code based on a request by a software developer. Image 2 shows the request of the developer (the line of code marked in light grey), and the suggestions done by Copilot that have been accepted by the developer (the line of code marked in colour).

Image 2

Copilot’s two primary functions can help to drastically improve the productivity of software development. Processes that require simple and repetitive coding will be done in the blink of an eye as Copilot will be able to do such coding for software developers on request. However, there is more. Whereas the examples that I just discussed are simple, more complex possibilities lie on the horizon. Imagine software developers being able to request entire software projects, and that Copilot offers them the relevant code. As software projects tend to vary it is not likely that Copilot will be able to deliver the exact code that the developers will need. Rather, the code offered by Copilot then functions as the foundations upon which the developers can build their software projects. Having the foundations of a software project quickly upon request can likely prove to be the order of magnitude improvement that the software industry has been waiting for. In that sense, Copilot promises to be software development’s silver bullet!

Please rate this

Cybersecurity by Design

17

September

2022

5/5 (2)

We are living in a continuously digitising world where increasingly more aspects of our life are governed by IT processes. The rapid adoption of IT means that cybersecurity incidents are on the rise (ENISA, 2022). Governments and organisations alike are investing in efforts to raise cybersecurity awareness. For example, people are being trained to treat emails carefully, especially if they contain a link or file. This increased cybersecurity awareness is expected to reduce the risk of cyber incidents happening. However, research calls the effectiveness of these awareness strategies into question. Studies show that long-term changes in the digital behaviour of individuals as a result of these awareness campaigns are little (Bada, et al. 2019). Given that awareness does not prevent the users of IT systems from compromising cybersecurity, another approach is required.

The cybersecurity by design (CSD) model changes the assumption from which the awareness model is operating. Instead of assuming that awareness will prevent people from making mistakes, the CSD model assumes that individuals will make mistakes, nevertheless. The question for software developers then becomes: how can I develop my software such that the risk of compromised cybersecurity is mitigated even if careless users utilise it? Major software companies like Microsoft and Google have already designed their software with this question in mind. In Outlook, emails from unverified senders are displayed in a protected mode where links, images, and files are disabled. This prevents users from mindlessly downloading a file or link, both of which could be potentially harmful. Naturally, the user has the option to mark the sender as verified thereby enabling the content. Another implementation of the CSD model can be found in Google Chrome. Google maintains a list of websites that might put users at risk for malware or phishing. So, when users try to navigate to a potentially harmful website, a warning message is displayed, and they are prevented from entering. Here too, users have the option of navigating to the website despite this warning.

Both examples show how software developers can aid their users in navigating the digital world more safely. The CSD model thereby shows great promise for making the digital world a safer place. However, it cannot do so all by itself. Despite the criticism that the awareness model has faced I am convinced that it can work well together with the CSD model. Being made aware of risks can always have added value, especially in a CSD proof environment. A CSD proof environment can shield users from potentially dangerous content, but it is up to the users themselves to make the final risk assessment. To be able to do so, awareness campaigns can be of help. Ultimately, it is a right balance of CSD proof software and user awareness that will add up to safe navigation of the digital world.  

Sources:

Bada, et al., 2019, ‘Cyber Security Awareness Campaigns: Why do they fail to change       behaviour?’, International Conference on Cyber Security for Sustainable Society,             accessed 10th of September 2022, https://arxiv.org/abs/1901.02672

ENISA, 2021, ‘ENISA Threat Landscape 2021’, accessed 10th of September 2022,             https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021

Please rate this