SD Times December 2022

Page 1

DECEMBER 2022 • VOL. 2, ISSUE 66 • $9.95 • www.sdtimes.com

www.sdtimes.com

EDITORIAL

EDITOR IN CHIEF David Rubinstein drubinstein@d2emerge com

NEWS EDITOR Jenna Sargent Barron jsargent@d2emerge com

MULTIMEDIA EDITOR Jakub Lewkowicz jlewkowicz@d2emerge com

SOCIAL MEDIA AND ONLINE EDITOR Katie Dee kdee@d2emerge com

ART DIRECTOR Mara Leonardi mleonardi@d2emerge com

CONTRIBUTING WRITERS Jacqueline Emigh, Elliot Luber, Caryn Eve Murray, George Tillmann

CONTRIBUTING ANALYSTS Enderle Group, Gartner, IDC, Intellyx

CUSTOMER SERVICE

SUBSCRIPTIONS subscriptions@d2emerge com

ADVERTISING TRAFFIC Mara Leonardi mleonardi@d2emerge com

LIST SERVICES Jessica Carroll jcarroll@d2emerge com

REPRINTS reprints@d2emerge com

ACCOUNTING accounting@d2emerge com

ADVERTISING SALES

PUBLISHER David Lyman 978 465 2351 dlyman@d2emerge com

MARKETING AND DIGITAL MEDIA SPECIALIST Andrew Rockefeller arockefeller@d2emerge com

PRESIDENT & CEO David Lyman

D2 EMERGE LLC www d2emerge com

CHIEF OPERATING OFFICER David Rubinstein

dtSearch.com 1-800-IT-FINDS The Smart Choice for Text Retrieval® since 1991 dtSearch’s document filters support: popular file types emails with multilevel attachments a wide variety of databases web data Developers: and recent .NET (through .NET 6) Visit dtSearch.com for developer evaluations efficient multithreaded search forensics options like credit card search Instantly Search Terabytes ®
NEWS 4 News Watch 19 Atlassian updates Open DevOps solution 28 Automation: The next evolutionary step toward elite performance Contents page 6 page 10 page 16 Software Development Times (ISSN 1528 1965) is published 12 times per year by D2 Emerge LLC, 2 Roberts Lane, Newburyport, MA 01950 Periodicals postage paid at Newburyport, MA, and additional offices SD Times is a registered trademark of D2 Emerge LLC All contents © 2022 D2 Emerge LLC All rights reserved The price of a one year subscription is US$179 for subscribers in the U S , $189 in Canada, $229 elsewhere POSTMASTER: Send address changes to SD Times, 2 Roberts Lane, Newburyport, MA 01950 SD Times subscriber services may be reached at subscriptions@d2emerge com FEATURES Brilliant Black Minds Program trains aspiring engineers with interview, job skills page 20 While automated testing has rebounded this year, it still has a long way to go VOLUME 2, ISSUE 66 • DECEMBER 2022 BUYERS GUIDE COLUMNS 30 GUEST VIEW by Matias Madou How dev friendly is your security program? 31 ANALYST VIEW by Manjunath Bhat 3 actions for better dev experiences The Year in Review 2022 5 new data privacy laws coming into effect in the U.S. next year

CompTIA’s new tech job posting optimizer

The new tool, optimize comp tia org, will help employers expand their pipelines and seek out overlooked or untapped talent

The free, web based plat form offers a range of tech job te m p l a tes a n d d a ta to o l s intended to optimize postings for skills, qualifications, and inclusivity oriented to the U.S. labor market

According to the company, of the over 500,000 job post ings for entry level tech posi tions in 2022, 57% of employ e rs l i m i te d t h e i r sea rc h to candidates with a four year degree or higher Additionally, for employers l o o k i n g to f i l l e n t r y l eve l cybersecurity roles the num ber one listed industry recog nized certification is a mana g e r i a l l eve l c re d e n t i a l t h a t requires advanced experience

The company stated that while this over spec’ing among job postings does not negative ly impact employers, it does have a downside for candi dates as 55% reported some level of a “confidence gap” when looking for a new role CompTIA’s Tech Job Post ing Optimizer platform offers a c h e c k of b i a s l a n g u a g e, salary curves, and a job post ing best practices guide. The p l a tfo r m i s a l so ba c ke d by labor market data from Light cast and Infogr8.

Privacy Sandbox to be in Android 13 early next year

Google has been attempting to provide better ways to pro tect user privacy while also still providing advertisers with

Copilot gets updates; Codespaces goes GA

GitHub Copilot will soon bring its AI pair programmer to businesses with added admin controls and the ability to manage licenses Copilot uses OpenAI Codex to suggest code and functions in real time right in the editor

“Hey GitHub” also makes Copilot accessible to develop ers who can’t use a keyboard everyday through voice based interaction, but the GitHub Next team behind the functionality hopes to expand its capabilities through fur ther research and testing

Also, Codespaces is now generally available for all GitHub users and everyone will receive up to 60 hours of Codespaces for free every month

The new code search and code view offers a new search engine that can access the world’s code easily, a new search interface, powerful queries with suggestions completions, and a redesigned code view that integrates search browsing and code navigation

ways to serve relevant content to users Its solution to reduc ing third party tracking is the Privacy Sandbox

Ea r l i e r t h i s ye a r, i t announced it was bringing Pri vacy Sandbox to Android and since then it has released a few developer previews Now it is announcing that the Pri vacy Sandbox Beta will rollout to Android 13 devices starting e a r l y i n 2023, a n d to g e t developers ready it is sharing some information about the upcoming beta

First, in order to get access to P r i va cy P rese r v i n g A P I S, such as Topics, FLEDGE, and Attribution Reporting, devel opers will need to go through an enrollment process to veri fy their identity and gather developer specific data that the API may need.

Anyone wishing to partici pate in the beta program can request access on a limited number of Android 13 devices, and can register apps that uti lize the Sandbox APIs

There will be a closed beta for developers to test the SDK Runtime It will be limited to a small group of developers due to the coordination required in testing it on production devices, the Android team explained.

On the advertiser side, the te a m re co m m e n d s wo r k i n g with ad providers to under stand testing roadmaps and ways to participate in testing of the Privacy Sandbox

Cloudflare announces developer templates

C l o u d fl a re i s a tte m pt i n g to make it easier for developers to build applications on their developer platform To do so, it has announced Cloudflare Workers Templates.

C l o u d f l a re Wo r ke rs i s a capability for building applica tions, and this new set of tem plates being released will give developers ideas of what they can build on the platform

For example, there are tem plates for building image shar ing websites with Pages Func tions, direct creator upload to Cloudflare Stream, a Durable Object powered request sched uler, and applications that accept payment for video con tent.

Alongside these new tem plates, Cloudflare also added a Deploy with Workers button so that templates can be easily and quickly deployed

To s u p p o r t test d r i ve n development, a number of the

templates support integration tests against a local server This can be used to help devel opers set up tests in their own projects

Snyk Cloud offers DevSec platform

The company announced the general availability of Snyk Cloud, which offers tools to help fix software vulnerabili ties such as a vulnerability scanner and a patch manage m e n t syste m t h a t wa s launched in July 2022 with limited availability

Th e i n n ova t i o n s a l so include capabilities that can secure the software supply chain such as the ability to s i m p l i fy e m e rg i n g re q u i re m e n t s a ro u n d S B O M s a n d improved reporting features that allow for greater visibility and governance for developer security programs

The new SBOM features include an API and CLI that generates SBOMs, scans stan dard SBOMs to identify security vulnerabilities for free, and also scans SBOMs with the open source application Bomber and then tests the Snyk Vulnerabili ty Database

“Snyk was founded on the

4
N E W S WATC H N E W S WATC H SD Times December 2022 www sdtimes com

b e l i e f t h a t t h e d eve l o p e rs building our collective future s h o u l d a l so b e e m p owe re d and equipped to secure it,” said Adi Sharabani, the chief te c h n o l o g y offi ce r a t S ny k “We’re proud to share today’s l a test s i g n i f i ca n t d eve l o p ments to help our global cus tomers continue their pace of innovation securely ”

Snyk also announced that it i s co m m i tte d to d r i v i n g DevSecOps success and intro duced two new offerings as part of the asset collection Snyk Learn: Snyk Accelerate as a 90 day installation and best practice review and Snyk Premium, a high touch service bundle

Neo4j 5 adds simpler scaling

This release of the graph data base is designed to expand t h e p e r fo r m a n ce of n a t i ve graphs over traditional data bases while also offering sim p l e r sca l e o u t a n d sca l e u p across deployments

According to the company, Neo4j 5 will allow organiza tions to accelerate the cre

People on the move

ation and deployment of intel ligent applications at a larger scale as well as achieve more value from their data

“Graph technology adop tion is accelerating as organi zations seek better ways to leverage connections in data to solve complex problems at scale,” said Emil Eifrem, CEO and co founder of Neo4j “We designed Neo4j 5 to deliver the type of scalability, agility, and performance that enable o rg a n i za t i o n s to p u s h t h e envelope on what’s possible for their data and their busi ness ”

With this, users gain access to multiple benefits such as q u e r y l a n g u a g e i m p rove m e n t s w i t h a n ew sy n ta x aimed at simplifying the way they write complex, pattern matching queries and auto mated scale out across sever al machines to allow for the growth of self managed cus tomers

Ad d i t i o n a l l y, t h i s re l ea se offe rs co n t i n u o u s u p d a tes a c ross a l l d e p l oy m e n t s, regardless of whether they are in the cloud, multi cloud, hy b r i d , o r o n p re m i se Th i s

works to ensure ongoing com patibility between self man aged and Aura workloads

Octopus Deploy integrates with GitHub Actions

This update is intended to sup por t the company’s deploy ment automation for GitHub Action workflows

With this, users gain the a b i l i ty to i n co r p o ra te b u i l d information into deployment pipelines with GitHub’s intro duction of a new push build information action This lets users provide commit, build, and issue tracking information to Octopus

According to the company, GitHub Actions for Octopus Deploy v2 also makes it easier for users to reference release ta g s w i t h i n wo r kf l ows A ny alterations made to actions will now automatically update release tags and will be incor porated into workflows

Ad d i t i o n a l l y, t h i s u p d a te offers improved visibility, mak ing GitHub Actions for Octo pus Deploy easier to use for deployment automations

It has reduced the number of requirements as well as added output to the execution logs It also added support for e nv i ro n m e n t va r i a b l es fo r sensitive values

Lastly, users can now see job summaries generated through GitHub flavored Mark down when creating a release or pushing a package to Octo pus The company stated that this makes it simpler to aggre gate and group these actions

Next.js 13 takes redesigned approach

Next js 13 provides developers with heightened levels of flex ibility and customization with out the restrictions of techni cal limits

With this, users gain access to a redesigned approach to website layouts, data fetching, and server rendering Accord ing to Vercel, Next js 13 works to ship less JavaScript while also making ambitious updates possible and simplified

This release also provides developers with a component to o l k i t t h a t i s i n te n d e d to address common artifacts of the web such as images, font, scripts, and social cards

This toolkit includes a new <image> component to opti mize images on demand for better performance as well as a new <font> module to opti mize fonts and remove exter nal network requests by doing away with connection setup times to third party hosts

n

n

Next js 13 also includes Tur bopack, the successor to Web pack Turbopack is a Rust based incremental bundler that draws on the lessons of build systems like Turborepo

The goal of this is to enable enterprise businesses and developers to operate their

5
www sdtimes com December 2022 SD Times
sites more efficiently z n Suhail Ansari is joining Tricentis as the com pany’s new CTO He previously was senior vice p res i d e n t of e n g i n e e r i n g a n d o p e ra t i o n s a t McAfee He has also held executive roles at Real tor com, Pivotal Software, and eBay The company also recently announced Jen Lucas as chief people officer, Amanda Borichevsky as chief legal officer and general counsel, and Darren Beck as chief marketing officer Bugcrowd has appointed Dave Gerry as its new CEO. Gerry was previously chief oper ating officer at the company, and prior to that he was chief revenue officer and head of global operations at WhiteHat Security. He has also held roles at Veracode and Sumo Logic. Contrast Security has announced three new hires as part of its Partner Alliance Team: Tracey Mead as vice president of strategic alliances for systems integrators, Rachael Mott, senior director of strategic alliances for technology partners, and Frank Gasparovic, principal solution architect. The three new hires will report to Ben Goodman, senior vice president of corporate development and strategic alliances.

n the summer of 2018, Darius Faison was an incoming sophomore Computer Science major at Morehouse College. Unfortunately, due to a lack of experience with the technical interviewing process, Faison found himself stuck without an internship.

In order to ensure this would be the last time that he faced this problem, Faison dedicated his time that summer and fall to preparing for future technical interviews and improving his coding skills in order to build confidence and expand his resume

However, Faison did not do this on his own In the Fall of 2018, a professor introduced him to Karat, a cloud native interview company that focuses on preparing candidates for technical interviews

Through Karat, Faison found the Brilliant Black Minds movement, the company ’ s flagship purpose program, created to empower the next generation of Black software engineers

“I signed up to do some of their mock technical interviews over video chat and it was super helpful and really let me know what I need to work on, ” Fai son said “But it also instilled me with the confidence to say ‘okay, I can do this, I can get these internships and I can ace these interviews ' ”

Since completing the program, Faison has been able to land software engineering internships at Google, McKinsey & Company, and at Microsoft,

where he now works as a full time software engineer

According to Karat, Black software engineers are currently the most underrepresented group in the industry, with only 5% of software engineers in the United States being Black.

The company is working to change this through the Brilliant Black Minds movement, which has already helped roughly 2,500 Black software engi neers in the U.S. over the last year and a half. As Karat is just now starting to track hiring metrics, the company could not provide numbers as to how many participants who have gone through the program found internships or landed jobs

Systemic obstacles

“Even if we eliminate all the bias out of the inter view, there are still systemic obstacles that a lot of populations are facing,” said Jeffrey Spector, co founder and president of Karat “If you look at the challenges that the Black community is facing It all translates into less familiarity with the interview ing process ”

Faison explained that, in his experience, the only way to get better at technical interviews is through rigorous practice with this specific interview type, and that is exactly what Brilliant Black Minds offers to aspiring Black engineers.

He said, “Even if you know how to solve the

SD Times December 2022 www.sdtimes.com 6
I

The movement working to double the number of black software engineers in the United States

question that is asked, it’s about being able to really communicate your thoughts and recognize your own mistakes and then communicate the thought process behind those mistakes and how to rectify them Brilliant Black Minds helps you to polish that and gives you that edge on the competition ”

A c c o r d i n g t o K a r a t ’ s r e s e a r c h , B l a c k s o f t w a r e e n g i n e e r s l a c k a c c e s s t o s e v e r a l o f t h e r e s o u r c e s a n d c o n n e c t i o n s t h a t a i d i n a n e n g i n e e r ' s s u c c e s s S p e c t o r e x p l a i n e d t h a t t h e s e i n c l u d e a l a c k o f a c c e s s t o c o m p u t e r s c i e n c e c l a s s e s a s w e l l a s t h e a b s e n c e o f a c o n n e c t i o n w i t h e n g i n e e r s a l r e a d y i n t h e i n d u s t r y

He explained that this has historically created a barrier that works against Black engineers trying to break into the industry

Faison emphasized this, saying, “I don’t think that Black engineers necessarily get the same opportuni

ties and also a lot of the time we ’ re even given harder questions There has been anecdotal evidence that some interviewers purposely give harder questions to Black interviewees Brilliant Black Minds is invalu able to prepare you for this ”

According to Spector, the motive behind the Bril liant Black Minds movement is to undo the pervasive systemic issues that act as a roadblock for Black engi neers

Karat is attempting to bridge this gap with the interviewing cloud, an always on, scalable, and con sistent human and tech solution for conducting tech nical interviews Through the interviewing cloud, candidates are connected with Karat’s global network of interview engineers whose role is to facilitate tech nical interviews with software developers using Karat questions and the Karat Platform.

www sdtimes com December 2022 SD Times 7
continued on page 8 >

Additionally, participants gain access to market intelligence and purpose built interviewing infra structure This gives Black software engineers the ability to participate in as many practice interviews as they wish in order to help kickstart their career

“They get feedback in the interview and after wards, we have a series of workshops they can attend that range from technical workshops but also look at what the hiring process is like,” Spector explained

On top of these resources, he said that Brilliant Black Minds also includes a Discord server for par ticipants where they can connect with the communi ty, benefit from their shared knowledge, and provide continued support to each other as they advance in the industry.

Faison explained that Anthony Mays, public speaker, DEI consultant, writer, tech career coach, and software engineer, plays an active and helpful role in the Brilliant Black Minds Discord

“ H e h a s b e e n s u p e r i n v a l u a b l e w i t h t h e a d v i c e t h a t h e g i v e s a n d w e a l s o d o o f f i c e h o u r s i n t h e D i s c o r d w h e r e w e w o r k t h r o u g h d i f f e r e n t p r o b l e m s a n d h e a r o t h e r p e o p l e ’ s s u g g e s t i o n s s o i t ’ s a v e r y a c t i v e , c a r i n g , a n d n u r t u r i n g c o m m u n i t y, ” s a i d F a i s o n

Spector went on to say that technology has become prevalent in the lives of every person, mak ing inclusivity even more essential

He expanded on this, saying that when a product is created from a limited perspective, more often than not, it misses the mark with the larger audi ence, limiting an organization's customer base This further emphasizes the need for diversity in the tech industry

Spector also spoke about the growth that Brilliant Black Minds has seen in recent months. Back in

F o l l o w i n g Wi l l i a m s ’ i n v e s t m e n t , K a r a t announced the Partners of Brilliance, consisting of Amazon Prime Video, Citi, Duolingo, Indeed, and Flatiron Health as the first major corporations to join the Brilliant Black Minds movement

“We initially started the program purely for prac tice, but what we found out was that a lot of the par ticipants were doing really well,” Spector said “So, we started the Partners of Brilliance and now we have these five major companies who are now com mitted to supporting and hiring the engineers as they come out of this program. ”

According to Spector, with the launch of the Partners of Brilliance, several job offers have already been extended to participants of the program.

He went on to say that his hope for the program is to catalyze other companies to join the Brilliant Black Minds and actively seek to hire more Black engineers coming out of the program

Spector also explained that Karat has partnered with other organizations working towards this same goal in order to be sure that the reach of Brilliant Black Minds is as comprehensive as possible

T h e s e p a r t n e r s i n c l u d e H o w a r d U n i v e r s i t y, INROADS, Inc , Morehouse College, The National Society of Black Engineers (NSBE), /dev/color, Blacks In Technology Foundation, CodeHouse, CodePath, Rewriting the Code, and Tribaja

“One thing that we ’ re seeing also is that the pro gram is working,” Spector said “We found that par ticipants that completed three practice interviews were six times more likely to get a job or internship and they felt twice as confident in their ability to interview coming out of it so hopefully this is the first wave of a number of other companies

8
April, tennis great Serena Williams made a strategic investment in the program in order to support its growth
SD Times December 2022 www sdtimes com
[joining the movement].” z
< continued from page 7
“I signed up to do some of their mock technical inter views over video chat and it was super helpful and really let me know what I need to work on... but it also instilled me with the confidence to say ‘okay, I can do this, I can get these internships and I can ace these inter views.’ ”
Darius Faison
sparxsystems.com R E NGA M A E GE O L SH DE Modeling and Design Tools for Changing Worlds Enterprise Architect Version 16 NEW UML ® | BPMN ® | BPSim | BPEL | DMN ™ | Google ® & AWS ® Icon Sets | TOGAF ® | Zachman ® XSD | ArchiMate ® | MARTE | SysML | NIEM ™ | BABOK ® | BIZBOK ® | BMM ™ | CMMN ™ | Code | DataBase | IFML ™ | GML ODM ™ | Schema | SoaML ™ |SOMF ™ | SPEM ™ | UAF | UBL | UPMC | VDML ™ | *More

2022: The New Normal

Office closures and people starting to work from home became the new nor mal in 2022, creating both logistical problems and big opportunities for many software development organizations

In the fall of 2021, a Google study found that more than 75% of respon dents said they expect hybrid work splitting time between an office and working from home would become a standard practice within the next three years

It hasn’t taken that long Much of the year was spent by work ers and companies trying to regain

work, and reconnect with coworkers in a meaningful way (My take: when you work from home, you ’ re never really working, and you ’ re never really home)

The stress of all this on workers has taken its toll, with many developers say ing they’re burned out, in what the World Health Organization’s Interna tional Classification of Diseases has called an “occupational phenomenon ”

Characteristics of burnout include fatigue or exhaustion, increased mental distance or negativity towards one ’ s job, and reduced efficiency at work Yet d e t e c t i n g b u r n o u t i s m o r e d i f f i c u l t

when the worker is remote, since man agers and coworkers don’t have visibili ty into how that worker is feeling and actually working

B u t o n e o f t h e k e y s t o m a k i n g remote work, uh, work is improved communication and collaboration. And this is done by fully transitioning their work and the tools they use into the oud.

T h e C O V I D 1 9 p a n d e m i c w a s t h e i v i n g f a c t o r, a n d o r g a n i z a t i o n s h a d m o v e q u i c k l y f o r b u s i n e s s c o n t i n u

D a v i d Wi l l i a m s , V P o f p r o d u c t s t r a t e g y a t D e v O p s a u t o m a t i o n c o m p a n y Q u a l i , t o l d S D Ti m e s i n O c t o b e r, “ T h e p a n d e m i c c a m e i n a n d w a s r e a l l y w h a t p u t a n e m p h a s i s o n l e v e r a g i n g t h e c l o u d I t h a d m u l t i p l e i m p a c t s a n d o n e o f t h e m w a s t h e h i g h e r p r i o r i t y g i v e n t o t h e l e g a c y a p p l i c a t i o n s t h a t w e r e o n t h e b a c k b u r n e r u n t i l a y e a r a n d a h a l f a g o ”

And Adam Preset, VP analyst at Gartner, said the volume of questions organizations had about cloud collabo r a t i o n t o o l s i n c r e a s e d e x p o n e n t i a l l y over that time He attributed that to companies realizing that on premises

Automation, AI transform testing

2022 has been a year of innovation and progress within the software testing space With a strong push towards automation and AI, testing has under gone a modernization of its practices in order to keep up with the demands of customers

Torsten Volk, managing research director at EMA, spoke about how test automation is imperative in order for organizations to meet the software quali ty standards of modern businesses

Volk explained that developers and testers should be embracing AI and automation because companies that still heavily rely on traditional testing meth ods are failing to keep up with their competitors due to an inability to scale and meet the needs of today’s digital demands.

He said that automated testing can

help organizations keep up in areas such as smart scrawling/natural lan guage process driven test creation, self healing, coverage detection, anomaly detection, and visual inspection

The SD Times April Buyers Guide also focused on test automation emphasized the importance applying automated testing in the right areas and in the right way in order to minimize main tenance efforts while still gain ing the proper risk coverage

The guide also touched on tes ing at the API level, focusing on r user interactions, the role of service vir tualization, and how AI can help with both test creation and maintenance

Additionally, it dove into the impor tance of narrowing the focus of automa tion so that it is being used on exactly the right set of tests.

This works to help organizations determine which tests can be performed more efficiently through API level inte gration tests as well as identify bottle necks with dependencies that can be vir tualized for improved testing and omation

With such a strong push towards automation, it is essen tial for companies to learn which tests are performed more efficiently by actual testers rather than through utomation n November, SmartBear released its fifth annual State of Software Quality and Testing survey

The survey showed that the number of companies continuing to use manual testing is steadily declining, with 11% of last year ’ s respondents saying they still manually test and only 7% using

The Year in Review 2022 10

collaboration tools came with limi tations on where employees had to work and how they could access the technology they needed

Williams noted that in a hybrid e n v i r o n m e n t , c o m m u n i c a t i o n tends to be more intentional and meaningful and less “accidental” m e a n i n g j u s t b u m p i n g i n t o someone in the company kitchen to have a conversation doesn’t hap p e n w h e n p e o p l e a r e w o r k i n g remotely

So, as organizations settle into this new normal of hybrid work, the editors of SD Times are declar ing 2023 to be “The Year of Con tinuous Improvement ” Through o u t t h e y e a r, w e ’ l l b e w r i t i n g a r t i c l e s a n d s c h e d u l i n g e v e n t s around how, with the new routines b e c o m i n g c o m f o r t a b l e r o u t i n g s , individuals and organizations can work to get better

We wish our readers a very happy holiday season, and we look forward to continue bringing you the information you need to help in that quest for improvement z

manual techniques this year.

Also, 16% of companies sur veyed reported that 76 99% of all of their tests are automated, which is up over 10% from last year ’ s survey.

Furthermore, the results revealed that the frequency of releases is continuing to increase as half of the respondents stated that they spent over 70% of their week testing and three quarters reported spending more than 50%

It also showed that the most time consuming activity of the past year was performing manual and exploratory tests

26% of companies stated this, up from 18% last year, while just 8% of respondents said that learning new testing tools occupied the most of their time

Lastly, it was revealed that the biggest testing challenges that com panies faced this year varied based on the size of the company. z

Java 18 and 19 enhance language

There were two major Java releases in 2022: Java 18 and Java 19. Java 17, released in 2021, was the last Long Term Support release of the language, and the majority of developers tend to stick to LTS releases, according to various sur veys of the ecosystem over the years

But still, it’s important to go over the additions in these last two releases

J a v a 1 8 a d d e d n i n e new language enhance m e n t s , a n d J a v a 1 9 added seven

In Java 18, a new Simple Web Server was a d d e d t h a t d e v e l o p e r s can use for prototyping a n d t e s t i n g p u r p o s e s Chad Arimura, VP of developer relations at Oracle, explained that this addition continues on with the company ’ s efforts to make Java “ more approachable for students and educators and developers that are just getting started in their careers. ”

Developers can also add code snip pets within API documentation to be able to provide better examples when documenting things.

UTF 8 became the default charset for Java APIs, which means any APIs t h a t a r e d e p e n d e n t o n t h e d e f a u l t charset behave consistently on all imple mentations, operating systems, locales, and configurations

Other features in Java 18 included method handling being made the under lying mechanism for reflection to reduce maintenance and development costs, and a new service provider interface for h o s t n a m e a n d a d d r e s s r e s o l u t i o n , enabling developers to use resolvers oth er than the built in one Features released in beta included a vector API, foreign function and memo ry API, pattern matching for switch expressions, and finalization is being prepared for removal in a future release

and is currently deprecated.

Java 19 was the next major release, which came out in October.

In that release, the most significant improvements to the language itself were the ability to nest record patterns and pat tern matching for switch expressions, both of which are currently in preview The record patterns update extends pat tern matching and allows for more com posable data queries Pat tern matching for switch expressions allows an expression to be test ed against multiple pat terns

L i b r a r y t o o l u p d a t e s included an API for invok i n g f o r e i g n f u n c t i o n s a n d accessing foreign memory safely, and a new Vector API that allows applications to express vector computations that com pile at runtime to vector instructions

New features that came out of Proj ect Loom, which is an initiative to pro vide a lightweight concurrency model for Java, include virtual threads, which reduce the effort of writing, maintain ing, and observing high throughput con c u r r e n t a p p l i c a t i o n s , a n d s t r u c t u r e d c o n c u r r e n c y, w h i c h s i m p l i f i e s m u l t i threaded programming

T h e L i n u x / R I S C V P o r t w a s a l s o integrated into the JDK mainline repos itory in that release

“Our ongoing collaboration with the developer community is the lifeblood of Java As the steward of Java, Oracle is s t e a d f a s t l y c o m m i t t e d t o p r o v i d i n g developers and enterprises with the lat est tools to help them create innovative apps and services,” said Georges Saab, senior vice president of development for the Java Platform and chair of the Open JDK Governing Board at Oracle, at the time of the release “The powerful new enhancements in Java 19 are a testament to the monumental work across the glob al Java community.” z

11

M i c r o s o f t h a s h a d a b i t o f a y e a r i n t e r m s o f p r o v i d i n g d e v e l o p e r s w i t h t h e t o o l s t h e y n e e d t o s u c c e e d A l o t o f t h e u p d a t e s t h a t M i c r o s o f t h a s m a d e i n t h e l a s t 1 2 m o n t h s h a v e b e e n d e v e l o p e r f o c u s e d , i n c l u d i n g N E T 7 , N E T M A U I , a n d V i s u a l S t u d i o u p d a t e s

NET 7 was released just last month When the first preview was released earlier in the year, Microsoft had said .NET 7 was “the first step forward

towards the next 20 years of NET ”

K e y f o c u s a r e a s f o r t h e r e l e a s e i n c l u d e p r o v i d i n g d e v e l o p e r s w i t h r e s o u r c e s f o r u p g r a d i n g t h e i r l e g a c y p r o j e c t s , i m p r o v e d c l o u d n a t i v e s u p p o r t , a n d a s i m p l i f i e d e x p e r i e n c e f o r w o r k i n g w i t h c o n t a i n e r s

N E T 7 a l s o s h i p s w i t h N E T M A U I , w h i c h r e a c h e d g e n e r a l a v a i l a b i l i t y i n M a y N E T M A U I , o r “ M u l t i p l a t f o r m A p p U I , ” a l l o w s d e v e l o p e r s t o b u i l d a p p l i c a t i o n s f o r m u l t i p l e p l a t f o r m s f r o m a s i n g l e c o d e b a s e .

T h e c o m p a n y a l s o r e l e a s e d a n u m b e r o f u p d a t e s t o Vi s u a l S t u d i o i n t h e p a s t y e a r T h e s e u p d a t e s s p a n t h e a r e a s o f p r o d u c t i v i t y a n d p e r f o r m a n c e , e n t e r p r i s e s u c c e s s a n d s c a l e , s u p p o r t f o r m o d e r n w o r k l o a d s , a n d i n n o v a t i o n i n A I a s s i s t a n c e , c o l l a b o r a t i o n , a n d G i t t o o l s .

O n e s i g n i f i c a n t c h a n g e i s t h e a d d i t i o n o f a 6 4 b i t v e r s i o n , w h i c h e n a b l e s d e v e l o p e r s t o n o w u s e Vi s u a l S t u d i o f o r l a r g e r p r o j e c t s

O t h e r u p d a t e s i n c l u d e r e d u c t i o n s i n l o a d t i m e , n e w A I a s s i s t e d c a p a b i l i t i e s , a n d N E T H o t R e l o a d , w h i c h a l l o w s d e v e l o p e r s t o m o d i f y c o d e w h i l e t h e a p p l i c a t i o n i s r u n n i n g , r a t h e r t h a n h a v i n g t o p a u s e o r h i t a b r e a k p o i n t

A t M i c r o s o f t I g n i t e ‘ 2 2 , t h e c o m p a n y a n n o u n c e d a n u m b e r o f n e w c a p a b i l i t i e s f o r d e v e l o p e r s I t a n n o u n c e d s e v e r a l n e w f e a t u r e s a i m e d a t m a k i n g c o m p a n i e s m o r e d a t a d r i v e n , s u c h a s n e w u p d a t e s t o A z u r e A r c , s u p p o r t f o r P o s t g r e S Q L i n C o s m o s D B , a n d a n e w p i p e l i n e t e m p l a t e i n A z u r e S y n a p s e A n a l y t i c s t h a t m a k e s i t e a s i e r t o s e t u p M a p p i n g D a t a F l o w s .

N e w u p d a t e s t o t h e n o c o d e P o w e r P l a t f o r m i n c l u d e n e w n a t u r a l l a n g u a g e c a p a b i l i t i e s i n P o w e r A u t o m a t e , F e e d b a c k L o o p , s u p p o r t f o r u n s t r u c t u r e d d o c u m e n t s l i k e c o n t r a c t s o r s t a t e m e n t s o f w o r k , s u p p o r t f o r 1 6 4 l a n g u a g e s i n t e x t r e c o g n i t i o n , a n d M u l t i Ta b l e E x t r a c t i o n

E n h a n c e m e n t s t o Te a m s i n c l u d e d a n e w “ To g e t h e r m o d e , ” l i v e e d i t i n g o f E x c e l w o r k b o o k s , i m p r o v e d i n t e g r a t i o n w i t h P o w e r P o i n t , a n d a p r e v i e w f o r M e s h Av a t a r s w h i c h a r e i n t e n d e d a s a n a l t e r n a t i v e t o t u r n i n g o n y o u r c a m e r a d u r i n g m e e t i n g s

S e c u r i t y w a s a l s o a f o c u s t h a t M i c r o s o f t h i g h l i g h t e d d u r i n g t h e e v e n t M i c r o s o f t S e c u r i t y u p d a t e s i n c l u d e d n e w I d e n t i t y G o v e r n a n c e capabilities, a more unified DevOps security management ecosystem, auto matic attack disruption to limit lateral m o v e m e n t a n d s t o p r a n s o m w a r e before it can encrypt data, and more. z

The Year in Review 2022 12
.NET 7 released, .NET MAUI reaches GA, and Visual Studio 2022 continues to thrive
Microsoft:

Security in 2022:

Big improvements, but hurdles remain

T h i s y e a r w a s a b i g i m p r o v e m e n t o v e r t h e l a s t w h e n i t c a m e t o r e d u c i n g d a t a c o m p r o m i s e s a n d t h e n u m b e r o f p e o p l e a f f e c t e d b y t h e m M a n y m a j o r c o m p a n i e s a n d o r g a n i z a t i o n s e m b r a c e d n e w m e t h o d s o f a u t h e n t i c a t i o n a n d b o l s t e r e d s u p p l y c h a i n s e c u r i t y p r a c t i c e s .

W h i l e 2 0 2 1 s t a r t e d o u t w i t h o v e r 9 5 m i l l i o n r e c o r d s e x p o s e d w o r l d w i d e i n Q 1 2 0 2 1 , t h e n u m b e r w a s d o w n t o j u s t o v e r 3 m i l l i o n r e c o r d s i n Q 1 2 0 2 2 . Q 2 a n d Q 3 l a s t y e a r s a w 1 9 . 4 m i l l i o n a n d 1 4 . 1 m i l l i o n r e c o r d s e x p o s e d , r e s p e c t i v e l y, w h i l e t h o s e n u m b e r s w e r e 5 5 a n d 1 4 8 f o r t h e s a m e q u a r t e r s t h i s y e a r, a c c o r d i n g t o a r e p o r t b y S t a t i s t a

T h i s y e a r s t a r t e d o f f w i t h t h e O p e n S S F a n n o u n c i n g t h e A l p h a Omega Project to improve global open source software supply chain security by working with project maintainers to s y s t e m a t i c a l l y l o o k f o r n e w, a s y e t undiscovered vulnerabilities in open source code with a $5 million invest m e n t B o t h M i c r o s o f t a n d G o o g l e signed on to support the project

Then, Google, Microsoft, and Apple announced plans to expand support for a common passwordless sign in stan dard with the FIDO Alliance The Alliance’s core technology is the FIDO Authentication Framework, a set of

o p e n , i n t e r o p e r a b l e s t a n d a r d s t h a t enable strong authentication using a range of methods, including biometrics, phones, and other devices

As a result of the expanded support, users of the companies’ platforms now have the ability to access their FIDO sign in credentials on different devices w i t h o u t h a v i n g t o r e e n r o l l e v e r y account and can use FIDO authentica tion on mobile devices to sign in to an app or website on a nearby device.

Standardization in security was fur ther improved by the World Wide Web C o n s o r t i u m ( W 3 C ) , w h i c h i n J u l y announced that Decentralized Identi fiers (DIDs) v1 0 are now an official web standard The new type of verifi able identifier doesn’t require a central ized registry and it enables individuals and organizations to take better control of their online information while pro v i d i n g g r e a t e r s e c u r i t y a n d p r i v a c y, according to W3C

During WWDC 2022 in June, Apple announced passkeys for iOS, iPadOS, and macOS Passkeys are an end to end encrypted sign in method that is s a f e f r o m p h i s h i n g a n d d a t a l e a k s A c c o r d i n g t o A p p l e , p a s s k e y s a r e stronger than two factor authentication types Google followed suit in October b y a d d i n g s u p p o r t f o r p a s s k e y s o n Android and Chrome Also, Google’s Identity Service (GIS)

update made it easier to implement a u t h e n t i c a t i o n G o o g l e a d d e d a n authorization feature to GIS to bolster the offerings of the SDK and make it e a s y f o r d e v e l o p e r s t o i m p l e m e n t secure authentication into their apps

The government also advanced its security posture by requiring agencies to inventory all software in 90 days in a September memorandum. As part of the new guidance, federal agencies must only use software provided by software producers who can attest to complying with the government speci fied secure software development prac tices.

However, not everything in 2022 was constructive toward improving security In September, Sephora became the first company fined for violating the C a l i f o r n i a C o n s u m e r P r i v a c y A c t (CCPA) by California Attorney General Rob Bonta

The case determined that Sephora failed to disclose to customers that the c o m p a n y w a s s e l l i n g t h e i r p e r s o n a l information, that it failed to process user requests to opt out of sale via user enabled global privacy controls in viola tion of CCPA, and that it did not reme diate these violations within the 30 day window allowed by CCPA The settle ment required Sephora to pay $1 2 mil lion in penalties as well as comply with several injunctive items. z

13

DevOps in 2022: Success and struggles

Security and value emerged as two important aspects of DevOps as 2022 unfolded Yet, with as much success as o r g a n i z a t i o n s h a v e a c h i e v e d i m p l e menting their own DevOps strategies, many others struggled to make it work for them

Part of the struggle is an outgrowth of the “shift left” strategy advocated in the DevOps space, leaving developers overwhelmed by tasks such as testing and security that they haven’t been trained for. This has led to a growing sense of developer dissatisfaction as they have less time to write the code for innovative solutions they love to create.

Further, with the rise of cloud native computing, developers in many cases are having to create infrastructure envi ronments for testing, staging and pre production, which further erodes the time they have to be creative

When DevOps first came into being, it was thought that these practices could bring developers and operations teams together In many ways, though, organizations simply shifted a lot of operations functions onto developers Today, we ’ re seeing what D2iQ’s VP of Product Dan Ciruli called a “recentral i z a t i o n o f c o n t r o l , ” a s t h e r e c e n t l y n a m e d p l a t f o r m e n g i n e e r i n g t e a m s (which used to be called infrastructure teams) work to make developers more productive by standing up and running infrastructure for them.

Another trend seen in DevOps this

year was around automation Compa nies began implementing automation in their CI/CD pipelines, in testing and in i d e n t i f y i n g a n d r e m e d i a t i n g i s s u e s throughout the development life cycle

On the security side of things, a big trend in 2022 saw organizations creat i n g s o f t w a r e b i l l s o f m a t e r i a l s ( S B O M s ) T h e s e h e l p o r g a n i z a t i o n s understand what’s going into the soft ware they’re creating, whether it’s code written in house or an open source or third party component.

DevOps news items making head lines this year include the CD Founda tion announcing CDEvents, a vendor neutral specification for defining the format of event data; the partnership of Opsera and Octopus Deploy to create a no code DevOps orchestration layer, and a Tasktop Broadcom partnership to enable companies to better measure their business value

Also, in March, Codefresh launched its Software Delivery Platform that brings the Argo toolset into a single platform, which the company described as “enterprise class tooling for Argo, built on GitOps best practices ”

In July, Broadcom announced its plan to acquire VMware for $61 billion, though the deal had yet to be finalized as of late November And in June, Git Lab 15 0 was released with capabilities for container scanning and speeding up workflows in the WYSIWYG Mark down editor for wikis

In the fall, the DevOps Institute,

under the direction of Jayne Groll, announced SKILup IT Learning, a sub scription based online education web site. The top tier subscription comes w i t h c e r t i f i c a t i o n p r e p a r a t i o n v i d e o training courses.

Also this year, SD Times published a four part series from EPAM consultant Jack Maher and V.S. Optima co founder P a v e l A z a l e t s k y e x p l a i n i n g D e v O p s feedback loops. The first, which exam ines delayed feedback, and the full series can be read at sdtimes com

Increasing interest in VSM

This year also saw the increase in both interest and offerings around value stream management

Value stream management is being touted as a solution above Agile and DevOps that will finally bring the IT side and the business side together, working toward the same goals of deliv ering value to customers while continu ously improving their operations

According to a Forrester report earli er this year, the number of vendors offering products in this space has about quadrupled from its first report in 2017, when few people had heard of VSM. Now we ’ re seeing companies entering the space such as Broadcom, Servi ceNow and Atlassian creating solutions, to go along with early players Connec tALL, digital.ai, HCL and Plutora.

In July of this year, portfolio man agement company Planview acquired early leader Tasktop to implement its Flow Framework into its products

Also this year, SD Times produced its fourth {virtual} VSMcon event One of the highlights was this talk using events from the film “Ferris Bueller’s Day Off” titled, “If you don’t stop to secure DevOps as part of your VSM, you could miss it ”

And, in September, the OASIS open source standards consortium created a Value Stream Management Interoper ability (VSMI) Technical Committee to develop standards for how tools within the DevOps organization can share data b e t w e e n t h e m , a l l o w i n g f o r b e t t e r insights and decisions. z

The Year in Review 2022 14

Help You Keep It Clean

Melissa.com 800.MELISSA (635-4772) Trust the Address Experts to deliver high-quality address verification, identity resolution, and data hygiene. We’ll
Dealing with bad data is a task no developer needs on their checklist. Inaccurate, outdated, and duplicate records can build up in your database, affecting business decisions, the customer experience, and your bottom line. As the Address Experts, Melissa helps our customers improve operational ef ciency with the best Address Veri cation, Identity Veri cation and Data Enrichment solutions available. We validated 30 billion records last year alone, which is why thousands of businesses worldwide have trusted us with their data quality needs for 37+ years. Test our APIs Today! Visit www.melissa.com/developer/ to get started with 1,000 Free Credits. BAD DATA BUILDUP Money Laundering & Fraud Returned Mail & Packages Decreased Customer Insight Real-time Address Veri cation Identity Resolution & Watchlist Screening Geographic & Demographic Data Appends DATA CLEANLINESS

Privacy will be top of mind next year for many organizations, as five U S states will have new data protection laws going into effect

These include Virginia, Colorado, Connecticut, and Utah, as well as a new California law that is expected to be more rigorous than the already existing CCPA law

Companies who handle customer data will need to be in the know as to what these regulations require in order to ensure they are able to comply with the new laws; otherwise, they may face hefty fines.

E a r l i e r t h i s y e a r, S e p h o r a m a d e headlines for being the first company to be fined under the CCPA law. It failed to disclose to customers that it was selling their personal information, then failed to fix the issue within the 30 day window allowed under the law It was required to pay $1 2 million as a result

According to Brian Hengesbaugh, data privacy expert at the law firm Bak er McKenzie, these new laws are very well written and more clear than ones in the past, but the tradeoff is some people feel they’re too simple

“ F o r e x a m p l e , t h e y d o n ’t r e a l l y clearly articulate as many exceptions or provide as many ways for companies to think about how they actually can do the compliance,” he said

As an example, the Virginia law includes a general provision that com

panies shouldn’t process sensitive per sonal information without obtaining consent, and there are no exceptions given to that The GDPR includes clear limitations on the consent requirement, such as if you need the information to perform a transaction or comply with the law, he explained

Commonality between the laws

W h i l e t h e r e a r e s o m e d i f f e r e n c e s between the different laws, there are also a lot of similarities.

According to Himanshu Shukla, co founder and CEO at privacy automa tion company LightBeam, the new laws all follow five primary tenets:

• Are you providing notice to the user?

• Do you have consent on how to use the data?

• Are you providing access to the end user?

• How are you securing the data?

• Do you have the necessary work flows in place to implement the first four tenets?

“All the privacy laws, if you look at them, the nuances of A versus B are very minimalistic, as long as you have got a necessary framework to track the five points,” said Shukla “Now, one can very well say that there are different data elements, people call it data ele ments, we call it attributes in terms of what constitutes your privacy informa tion, that might be different for each r e g u l a t i o n , s o m e s m a l l e r m i n o r

changes, which come up, like saying y o u h a v e t h e c a p a b i l i t y t o h a n d l e employee data versus customer data versus vendor data separately ”

According to Hengesbaugh, Califor nia’s new CPRA law is different from the other four states in that it applies to any data about a natural person, which extends the scope beyond consumers to employees, job applications, or busi ness to business contacts

He says that in many ways, this puts California on the level of Europe with its General Data Protection Regulation (GDPR) in terms of the broad scope.

T h e o t h e r f o u r s t a t e l a w s a p p l y o n l y t o c o n s u m e r s , w h i c h H e n g e s b a u g h d e f i n e d a s “ i n d i v i d u a l s p u r c h a s i n g f o r p e r s o n a l f a m i l y o r h o u s e h o l d p u r p o s e s ”

This difference in scope in Califor nia is forcing B2B companies to really have to figure out how they’re going to get ready and have a comprehensive privacy program to meet the require ments, Hengesbaugh explained

Impact on sof tware development

Shukla noted that in his experience talking with different companies, many treat privacy as a checkbox item, which is not the right way to approach it

“If you ’ re gathering data from your customer, you ’ re truly a trustee of the data and you should handle it responsi bly,” said Shukla. “And for that, you have to have the necessary checks and

SD Times December 2022 www.sdtimes.com 16

balances or processes in place within the organization.”

Hengesbaugh added that these pri vacy regulations should have an impact on how we develop software. For exam ple, what happens when a consumer asks for access to a copy or their data or wants their data deleted entirely?

“And so these, these are all activities, maybe particularly the deletion, one t h a t I t h i n k h a s c a u s e d a l o t o f headaches over the years, as companies have tried to grapple with various priva cy laws,” said Hengesbaugh “But you really almost need to embed privacy by design throughout the product devel opment lifecycle As a result, you really have to think about it kind of every step of the way ”

There are also data minimization obli gations, which impacts the development process, because it’ll force developers to really think about what data they actually need to capture and how much data they’re setting themselves up to capture.

Federal law

According to Hengesbaugh, many peo p l e w e r e h o p i n g t h a t s o m e o f t h e emerging state laws would be preempt ed by a federal law, but nothing is in the works at the moment.

“I think we ’ re probably going to be left with this kind of mess for several years to come at least And the states will probably fill in a lot more laws of different shapes and sizes as we go, just b e c a u s e , y o u k n o w, t h e s t a t e s a r e unregulated on how they regulate this stuff,” said Hengesbaugh

Four other states already have their own new privacy laws in the committee stage: Michigan, New Jersey, Ohio, and Pennsylvania

Hengesbaugh predicts that a high percentage of legislators maybe 80% would agree that this should be reg ulated at the federal level

The problem is that there are lots of questions as to where to get started with that sort of wide scale effort. Plus

there are questions like how much should it cover? Should it preempt state laws or not?

“And then suddenly, you don’t have anywhere to go to get enough of a m a j o r i t y t o a c t u a l l y g e t s o m e t h i n g adopted,” he said.

Hengesbaugh argues that people feel like if there is no preemption, then w h a t ’ s t h e p o i n t ? “ Yo u j u s t a d d e d another set of rules we have to deal with, without solving, all the underly ing issues? So I think that’s where we are, ” he said

Shukla compared our current situa tion to back in 1996 when HIPAA was passed, which is a federal regulation around medical records that applies to the whole country He explained that when that was passed we were in the right place as a country to get some thing passed universally

“For privacy, Europe has been way more advanced while the US has been lagging behind by a big degree and hopefully something universal kicks in. That would be awesome, ” said Shukla. z

www sdtimes com December 2022 SD Times 17

A recent survey of SD Times print and digital subscribers revealed that their number one choice for receiving marketing information from software providers is from advertising in SD Times.

Software, DevOps and application development managers at large companies need a wide angle view of industry trends and what they mean to them.

That’s why they read and rely on SD Times.

Isn’t it time you revisited SD Times as part of your

Reach software development managers the way they prefer to be reached
marketing campaigns?
For advertising opportunities, contact SD Times Publisher David Lyman +1 978 465 2351 • dlyman@d2emerge.com

Atlassian updates Open DevOps solution

Atlassian announced updates to its Open DevOps solution within Jira Software designed to bring better communication across teams and more visibility into the software development life cycle

Open DevOps was designed to help organizations deal with the ever growing number of tools their teams use by bringing into a central location that allows them to use the tools they want, and then feed the actions from those tools into Jira, Atlassian’s proj ect management solution

“We see that those teams on average are using 25 different tools inside their software development tool chain And what this really means is t h a t t h e y a r e s t r u g g l i n g w i t h t o o l sprawl And they’re spending a lot of time, some estimates are 10% of their development team time, just like creat ing and maintaining this tool chain,” Suzie Prince, head of product for the DevOps organization at Atlassian, told SD Times in an interview. “And one of the knee jerk reactions to combat that is to lock their teams in place with a sin gle all in one solution, which can be rigid and create these kinds of one dimensional cultures We really see that the best teams create their own tool chains, they use the best of breed tools that are right for them We want to pro vide visibility, remove the challenges, but not limit teams in their approach And so we take a different approach to that, which balances flexibility with structure, autonomy with alignment ” Open DevOps integrates Atlassian’s own tools with the third party tools teams prefer to use for their tasks An admin page within Open DevOps lets organizations discover, visualize and connect tool chains both Atlassian and third party tools to get the single

insights into how work is going These capabilities are specifically available to Atlassian’s cloud products, Prince said, though on premises tools such as Git Lab Enterprise can be connected in Prince explained there are five spe cific areas that the new features deliver on. The first is automation, which can be leveraged across the life cycle to remove the burden of communication from developers. “An example of that would be if a developer is moving a piece of code, they’re merging it back into their mainline, we can update Jira Software when that has happened The developer doesn’t need to go from their source control back into Jira Software, we can automate those updates and provide that kind of communication and visibility to other team members ”

The second area is around issue insights According to Prince, if different teams in an organization are using differ ent code repositories, such as Bitbucket, GitLab, or GitHub, that can all be pulled into a single code view And with that information across the tools, Atlass ian can provide insights to teams as they’re planning their work “So for example, if I know how long it usually takes my developers to code and deliver something, when more scope gets added

into a sprint, in Jira Software, I can provide insights and translate those to real time impact. So I can warn teams, ‘Hey, you ’ re gonna miss your project deadlines because you just added more scope ’ And I know based on your previous behavior that that takes a certain amount of time So we call those scope creep insights We can provide information about scope creep and warn teams if they’re about to fall into that trap We can also share information about blockers So is a particular issue tak ing a very long time?”

Further, Atlassian announced a new release tab that allows teams to c o o r d i n a t e r e l e a s e m a n a g e m e n t B y pulling information from source control management tools, CI/CD and feature flags, software teams can see what’s needed to deliver unreleased software “This is really important,” Prince said, “because we recognize that software d e v e l o p m e n t i s a m u l t i d i s c i p l i n a r y craft. It’s not just developers, there are marketers, there are designers. And so by bringing all of this information into Jira Software, all of those personas and crafts get visibility across the life cycle ”

After code is released into produc tion, a developer hub called Compass, announced in April at Atlassian’s user conference and still in beta today, pro vides insights into the health of the soft ware through a process inside Compass called CheckOps “Is it reliable? Is it performant? Has it broken its SLAs recently,” Prince asked She described CheckOps as like a retrospective to look at components in production to assess their health

Finally, the fifth area involves dark mode, which Prince said will be coming “in the new year ” This, Atlassian said in i t s a n n o u n c e m e n t , a l l o w s s o f t w a r e teams to work in comfort and ship fea tures feeling more relaxed. z

www sdtimes com December 2022 SD Times 19
v i e w o f v i s i b
i l i t y i n t o p r o j e c t s a n d
D E V O P S WATC H D E V O P S WATC H
Open DevOps integrates Atlassian’s own tools with the third party tools teams prefer to use for their tasks.

While automated testing has rebounded this year, it still has a long way to go

Despite all the changes automat ed software testing has under gone in recent years, data shows that it still has some way to go to accel erate delivery of value and quality to the business, according to Forrester

However, while test automation cov erage saw a notable dip during the pan demic, it has since rebounded last year, according to SmartBear’s State of Qual ity Testing 2022 report.

Last year saw the amount of compa nies performing just manual tests at 11%, while that number dwindled to 7% this year, almost returning to pre pandemic levels of 5% of all tests being performed completely manually

When looking at the different types of tests and how they are performed, over half of respondents reported using manual testing for usability and user acceptance tests

Unit tests, performance tests, and BDD framework tests were highest among all automated testing

This year, the most time consuming activity was performing manual and exploratory tests, jumping to 26% from 18% last year as the most time consum ing task In the same time period, learn ing how to use test tools as the most time consuming challenge with testing fell from 22% to just 8%.

In the Agile and DevOps realm, there are higher levels of automation versus those companies that are still in the waterfall stages, Diego Lo Giudice, VP, principal analyst at Forrester said This is inherent to DevOps because if most of the testing is manual, it’s just going to slow down the rest of the team.

“With DevOps and all the automa tion going on around it, testing needs to be very high, it needs to be above 80%. You kind of see that only for a few com panies or specific projects inside an organization, but if you look at the rest of the market, probably it's less than 30%,” Lo Giudice said “I would say we ’ ve made some progress, but there’s more automation that’s needed ”

In fact, some of the companies that are adopting agile or DevOps methods find that testing sometimes becomes the bottleneck to rapid delivery, accord ing to Darrel Farris, manager of solu tions engineering at mabl Testing in DevOps must be integrated into the pipeline so developers aren’t throwing code over to QA that hasn’t been tested especially if teams are deploying multiple times per week or month

Some of the big challenges to imple menting automated testing are that

there’s a lack of skills and because test automation requires change within the organization

“So there are a number of changes regarding people, processes, and tech nology, it’s not just getting a tool And automating tests, this is about organiz ing, testing completely in a different way, ” Lo Giudice added.

Challenges with getting automated testing just right

“One of the challenges we see from people is that they're fundamentally approaching this wrong We've had some of our customers talk about this, how they had to change the way they were thinking and so that the kind of common obvious symptom that you see about this today is people saying ‘ we had a whole bunch of manual testers and so we'll build a whole strategy on recording what they do and playing it back and building from there And this i s j u s t f u n d a m e n t a l l y t h e w r o n g approach,” said Arthur Hicken, chief evangelist at Parasoft

Another challenge is that automated tests can become incredibly time con suming to maintain due to the sheer number of tests that are generated

“The largest issue is that once a per son builds 300 tests, it becomes a full

20 SD Times December 2022 www sdtimes com

Buyers Guide

such a pain to maintain, and there would be a lot of end to end tests where you have people working on them full time

While the integration test value is to make sure that the system integrates properly, it doesn’t matter if you enter and the system doesn’t work properly, Golubev continued. End to end tests are actually the ones covering integra tion because those tests are the test which will prove that your system is usable by your end users

time job to maintain those tests and you hit the ceiling,” Artem Golubev, CEO at testRigor said “Coupled with the fact that budgets are limited, peo ple just can’t build more automations ”

Golubev added that this difficulty to maintain all automated tests is the main reason why the majority of tests are still executed manually today. Automating tests can also be futile if it’s focused on the wrong areas.

“QA teams are spending 80% of their weeks maintaining scripts due to rapidly changing UIs, instead of focus ing on growing functional test coverage or expanding the types of testing they are doing on their application, such as accessibility or performance testing,” mabl’s Farris said

“I believe the testing pyramid is built on false assumptions that have never been correct in the first place,” Golubev said “In a perfect vacuum, of course this is how things work and there are maybe one or two companies which have done it that way In a real scenario, it’s always been more of an hourglass shape of testing ”

He explained that this is because engineers who mostly write unit tests are very unlikely to contribute to end to end tests, very few engineers would write integration tests since they are

“Let’s say you ’ re logging into a bank ing application and they can't transfer money from account A to account B, then it does not matter Even if all your integration tests are green and all your unit tests pass through it, it’s completely useless,” Golubev said “So the most important tests are end to end tests, only then can that system function as intended And therefore end to end tests should be the bulk of the tests that are done ”

The best way to then optimize end to end tests to make them run faster is to prioritize because end to end tests will inherently be much slower than unit tests

“With every type of testing in the organization, people need to assess whether they need to really leverage automation? Is it worth it? Is it some thing that will be repeated over and over that changes continuously? If you have to run a test, the same test more than three, four times you start asking yourself, well, maybe I should automate this,” Forrester’s Lo Giudice said “So I don't think 100% is what customers will achieve and will keep it more towards 80% as I said ”

One of the most efficient ways to make sure that all testing resources are aligned correctly is to align as a team on a testing strategy by starting with the most critical test cases that will ensure a high quality application experience for users, according to mabl’s Farris This can be done by taking on a few test cas es at first, then layering in additional test cases over time

One way to do this is to create a quality center of excellence or a “quali ty champion” in an organization. This

person or group is a testing expert who can advise and coach everyone from developers to product owners on test ing best practices, Farris explained Some of the manual testing is changing too because of the increasing use of e x p l o r a t o r y t e s t i n g , L o G i u d i c e explained. This type of manual testing is where the tester sits down with the developer and they work out the issues together. The tester puts the applica t i o n t h r o u g h c e r t a i n s c e n a r i o s , t h e developer sees the problems and tries to fix them, and they take about two hours a day like that

The structure around automated testing is shif ting

Both companies’ attitudes towards test ing and who gets involved have shifted As testing becomes more federated, you no longer have a centralized team that does all the testing as an after thought, according to Lo Giudice

Now, there are testers that are mov ing into the development teams and the product teams to get all of the testing done together And so what remains in the central team is specialized testing resources that maybe choose the tools that define what the new practices would look like, whether that’s shifting testing to the left or suggesting test dri ven development or behavior driven development.

The test center is now much smaller working in consulting with the teams but testers move into the team itself, Lo Giudice explained

“So the typical manual tester that used to put a test case in an Excel sheet and run it through the application look ing at what the test case told him to do suddenly now finds himself with a tool that is quite technical where he needs to write code to automate what he was doing manually,” Lo Giudice said To solve this, there’s a trend among ven dors to raise the level of abstraction of the tools so that a manual tester or even a person on the business side can test using a low code testing tool

Then come the technologies, plat forms, and tools because after all, an organization needs testing tools that are

21 www sdtimes com December 2022 SD Times
continued on page 27 >

How these companies can help with your automated testing initiatives

Darrel Farris, manager of solutions engineering at mabl

Software development teams are realizing that automated testing is key to accelerating product velocity and reaching the full potential of DevOps. When fully integrated into a company’s development pipeline, testing becomes an early alert system for short term defects as well as long term performance issues. The key to realizing this potential: simple test creation and rich reporting features.

Mabl is low code, intelligent test software that allows every one to create automated tests covering web UIs, APIs, and mobile browsers with 80% less effort. Quality teams can extend the value of end to end tests even further with auto mated accessibility checks that help ensure every user has a delightful experience, regardless of access needs. Machine learning and AI features like auto healing and Intelligent Wait help teams create more reliable tests and reduce test mainte nance. Results from every test are tracked within mabl’s com prehensive suite of reporting features, making it easy to under stand product quality trends. With test creation simplified and quality data at their fingertips, everyone can focus on resolving defects quickly and improving product quality.

Mabl also includes native integrations with tools like Microsoft Teams, Slack, and Jira, so that testing information can be seamlessly integrated into workflows and everyone can benefit from mabl’s rich diagnostic data. Teams can monitor performance with speed indexes for all web pages, and manage API quality with data on the response time for each API end point. This allows teams to shift from reacting to failed tests and customer complaints to proactively managing product quality, improving the customer experience.

Arthur Hicken, chief evangelist at P

At Parasoft, we have various AI compon and capabilities that augment the tes work at every layer of the testing pyram

Our AI improves the static ana experience with fewer false positives, better prio tion and understanding of risk models, and it h necessary standards such as ISO 26262, PC OWASP, and CWE for compliance in certain indust

On top of that, we have advanced test creation w the generation of mocks and stubs to follow the b practices of unit testing in isolation and we have th tools that can help you determine how you ca expand a test to provide additional code coverage

Test impact analysis helps you understand what tests you need to run when there are changes in code, tests, or requirements.

ft

tests, or load and performance tests

Further, we can use AI to capture a manual test and use it to create a test that can be run automatically because it can be automated and integrated in regression, have AI based self healing capabilities and perform security tests without addi tional tester effort or special training

Parasoft’s solution can perform deep code analysis, which provides users with the ability to find structural problems It also helps in functional testing, whether API testing, UI testing, or automated testing We have a unique position in testing because our solutions cover both a white box view at the code level as well as a black box view at the functional and applica tion level Because we have both views, it enables us to make inferences that wouldn’t be possible otherwise So, we can start to correlate literally what’s going on at the code analysis level and the unit and functional test level with what the external tests are doing and use this to provide better advice on where a problem exists in the code and how to repair it

Parasoft’s capability of using AI to automate testing and having a full understanding from deep code analysis all the way through the external testing lets us provide a better experience to the end user

Artem Golubev, CEO at testRigor testRigor empowers manual testers to build func tional end to end test automation at any degree of complexity, without the need for engineering knowledge in the mix If a user can express manual test case steps in English, they’ll be able to build tests on the plat form testRigor will then execute the test for you from a human’s standpoint, interacting with a web, native, or mobile application

Any person, including those that don’t necessarily have cod i kills, will be able to edit, maintain, upgrade, in addi to creating those tests Also, our tests were meas ed to be 200 times more stable than Selenium tests, d our customers are typically spending 95% less e managing these tests he QA teams can then be freed from click through nual regression testing and maintaining automated ipts because the issue of maintenance with testRig s eliminated for good

We also have AI for API testing to record manual tester behavior and automatically convert that into API tests that are highly maintainable and execute quickly. We can apply AI to create test assets that not only perform functional testing, but you can automatically apply additional testing like security

Just ask Keith Powe, VP of Engineering at IDT Cor oration His team could automate only four test cas s a week per person, but with testRigor, they have ncreased their testing coverage from less than 34% to more than 91% in under 9 months Spending a maximum of 0 1% of the time in test maintenance, IDT has a 90% reduction in bugs and a more effec tive CI/CD Many other companies such as Upgrade, DataHerald, and others have cited drastic improvements in their testing strategy with the benefits that testRigor offers

Be sure to visit our site https://testrigor com/ to learn more about how testRigor can help solve the biggest challenges that you’re facing with automated testing today z

23 www sdtimes com December 2022 SD Times

A guide to automated testing tools

n FEATURED PROVIDERS n

n mabl is the enterprise SaaS leader of intelligent, low code test automation that empowers high velocity software teams to embed automated end to end tests into the entire development lifecycle Customer centric brands rely on mabl’s uni fied platform for creating, managing, and running automated tests that result in faster delivery of high quality, business critical applications Learn more at https://www mabl com; follow @mablhq on Twitter and @mabl on LinkedIn

n Parasoft helps organizations continuously deliver quality software with its market proven automated software testing solutions Parasoft’s AI enhanced technologies reduce the time, effort, and cost of delivering secure, reliable, compliant software with everything from deep code analysis and unit testing to web UI and API testing, plus service virtualization and merged code coverage Bringing all this together, Parasoft’s award winning reporting and analytics dashboard delivers a cen tralized view of application quality, enabling organizations to deliver with confidence

n testRigor helps organizations dramatically reduce time spent on test maintenance, improve test stability, and dramatically improve the speed of test cre ation. This is achieved through its support of “plain English” language that allows users to describe how to find elements on the screen and what to do with those ele ments from the end user’s perspective. People creating tests on their system build 2,000+ tests per year per person. On top of it, testRigor helps teams deploy their analytics library in production that will make systems automatically produce tests reflecting the most frequently used end to end flows from production.

n Applitools is built to test all the ele ments that appear on a screen with just one line of code. Using Visual AI, you can automatically verify that your web or mobile app functions and appears correct ly across all devices, all browsers and all screen sizes. It is designed to integrate with your existing tests rather than requir ing you to create new tests or learn a new test automation language.

n Appvance IQ can generate its own tests, surfacing critical bugs in minutes with limited human involvement in web and mobile applications. AIQ empowers enterprises to improve the quality, per formance and security of their most criti cal applications, while transforming the efficiency and output of their testing teams and lowering QA costs.

n Digital.ai Continuous Testing provides expansive test coverage across 2000+ real mobile devices and web browsers, and seamlessly integrates with best in class tools throughout the DevOps/DevSecOps pipeline so developers can get test results faster and fix defects earlier in the process, allowing them to deliver secure, high qual ity applications at speed and at scale

n HCL Software develops, markets, sells, and supports over 20 product families with particular focus on Customer Experience, Digital Solutions, Secure DevOps, and Security & Automation. Its mission is to drive ultimate customer success of their IT investments through relentless innovation of our software products.

n Keys i g ht Te c h n o l o g i es D i g i ta l Automation Intelligence (DAI) platform is the first AI driven test automation solu tion with unique capabilities that make the testing process faster and easier. With DAI, yo u ca n a u to m a te 95% of a c t i v i t i es, including test case design, test execution, and results analysis. This enables teams to rapidly accelerate testing, improve the quality of software and integrate with DevOps at speed.

n Micro Focus enables customers to accelerate test automation with one intelli gent functional testing tool for web, mobile, API and enterprise apps AI pow ered intelligent test automation reduces functional test creation time and mainte nance while boosting test coverage and resiliency Users can test both the front end functionality and back end service

parts of an application

n Microsoft’s Visual Studio helps devel opers create, manage, and run unit tests by offering the Microsoft unit test framework or one of several third party and open source frameworks. The company provides a specialized tool set for testers that deliv ers an integrated experience starting from Agile planning to test and release manage ment, on premises or in the cloud.

n Kobiton remains the leading supplier of in house mobile device clouds that con nect remote, shared devices to Global 2000 mobile web, gaming, and app engi neering teams. Its patented GigaFox is offered on premises or hosted, and solves mobile device sharing and management challenges during development, debug ging, manual testing, and automated test ing. A pre installed and pre configured Appium server provides “instant on” Appi um test automation.

n NowSecure is the mobile app security software company trusted by the world’s most demanding organizations Through the industry’s most advanced static, dynamic, behavioral and interactive mobile app security testing on real Android and iOS devices

n Orasi is a leading provider of software testing services, utilizing test management, test automation, enterprise testing, Contin uous Delivery, monitoring, and mobile test ing technology

n Perfecto users can pair their favorite frameworks with Perfecto to automate advanced testing capabilities, like GPS, device conditions, audio injection, and more It also includes full integration into the CI/CD pipeline, continuous testing improves efficiencies across all of DevOps

n ProdPerfect is an autonomous, end to end (E2E) regression testing solution that continuously identifies, builds and evolves E2E test suites via data driven, machine led analysis of live user behavior data. It addresses critical test coverage gaps, eliminates long test suite runtimes a n d cost l y b u g s i n p ro d u c t i o n , a n d removes the QA burden that consumes

24 SD Times December 2022 www sdtimes com
Mabl: Parasoft: testRigor: continued on page 27 >

Intelligent Test Automation

TODAY , software development teams across the globe are facing the challenge of delivering high-quality web applications while keeping pace with business and customer demands. The risk of releasing bugs into production, impeded product velocity, and a diminished customer experience is too great.

Built for high-velocity teams, mabl is the leading intelligent, low-code test automation solution. Mabl’s SaaS solution tightly integrates automated end-to-end testing into the entire development lifecycle. That way, test creation, execution, and maintenance across browsers, APIs, and mobile web tests is easier and accelerates the delivery of high-quality, businesscritical applications.

90% Avg. increase in test coverage 3x Faster test creation 40% Fewer bugs in production START YOUR FREE TRIAL: mabl.com/trial-registration Contribute to quality and velocity with easy test creation Reduce maintenance with reliable execution and insights Increase test coverage across devices and browsers Integrate testing directly into your development pipeline

Automated testing tools

massive engineering resources

n Progress Software’s Telerik Test Stu dio is a test automation solution that helps teams be more efficient in function al, performance and load testing, improv ing test coverage and reducing the num ber of bugs that slip into production

n Sauce Labs provides the world’s largest cloud based platform for automat ed testing of web and mobile applications Optimized for use in CI and CD environ ments, and built with an emphasis on security, reliability and scalability, users can run tests written in any language or framework using Selenium or Appium

integrated into CI/CD pipelines with the rest of the development and deliv ery tools that integrate with CI servers effectively on the cloud

“The point really is that testing takes a village and it takes all these different personas in an organization: business tester, and a subject matter expert in testing who is technical but not a coder, and developers that also may be doing API testing, lower level infrastructure testing within their IDE at a very tech nical level,” Lo Guidice said.

According to testRigor’s Golubev, the directors of QA will benefit the m o s t f r o m a u t o m a t e d t e s t i n g s i n c e they’ll be able to cover far more func tionality faster than they ever could before However, engineers, manual testers, and product management will also be able to benefit from automated testing tooling since they’ll be able to collaborate together on the same tool

Previously, it was companies in the banking and health sectors that have been getting automated testing right but now it’s organizations like Lenovo or Volkswagen that have these h i g h l y c o m p l e x s o f t w a r e t e s t , b u i l d , a n d d e p l o y s y s t e m s t h a t a r e t h e e n v y o f a n y b o d y, P a r a s o f t ’ s H i c k e n s a i d U l t i m a t e l y, i t ' s o n e o f t h e t h i n g s c o m p a n i e s a r e g o i n g t o d o b e c a u s e t h a t i s w h a t t h e y ’ r e c o m p e t i t o r s a r e m o v i n g t o w a r d .

n SmartBear tools are built to stream line your process while seamlessly work ing with your existing products. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span test automation, API life cycle, collaboration, performance testing, test management, and more.

n Synopsys offers a powerful and highly configurable test automation flow that provides seamless integration of all Syn opsys TestMAX capabilities Early valida tion of complex DFT logic is supported through full RTL integration while main taining physical, timing and power aware ness through direct links into the Synop sys Fusion Design Platform

AI helps with various levels of testing

When you send data of all the tests that passed: the log files, the bugs and feed them to AI it can start telling you what you need to test and how when there’s a change coming It also helps to tell whether to run all of the tests or just to select the few ones that will be impact ed by the change

T h e r e h a v e b e e n i m p r e s s i v e improvements in the vision and com puter vision space to enable visual test ing, Lo Giudice said. There’s a tool out there that sees what the human eye does when looking at the application and will notice things that are going wrong. It can also do it on types of applications that move very fast that the human eye can't capture

One can also teach AI to not fail tests in certain scenarios to help with self healing For example, tests can sometimes fail simply because an object moved on the screen differently on the same application on a browser, and then on a mobile device because the layout might change and it’s not neces sarily a bug And so one can now teach the algorithm to not fail the test even though it's not in the same position because it can find the locator of that object in some other place, Lo Giudice explained

There are also AI models that help minimize tests to solve the mainte nance problem.

n SOASTA’s Digital Performance Man agement (DPM) Platform includes five technologies: TouchTest mobile functional test automation; mPulse real user moni toring (RUM); the CloudTest platform for continuous load testing; Digital Operation Center (DOC) for a unified view of contex tual intelligence accessible from any device; and Data Science Workbench, sim plifying analysis of current and historical web and mobile user performance data.

n Tricentis Tosca accelerates testing with a script less, AI based, no code approach for end to end test automa tion. With support for over 160+ tech nologies and enterprise applications, Tosca provides resilient test automation for any use case. z

“This is the idea of the AI guiding a person to create tests that are more sta ble The Holy Grail is that you create a set of tests that maximize coverage, but minimize the number of tests so that you have less to maintain, and that they're not brittle,” Hicken said “You want tests that have proper levels of abstraction, so that you aren't spending more on keep ing them alive than you were in creating them in the first place.”

Also with error clustering, AI can help find and classify bugs in a way that a tester can quickly recognize the bug and can suggest the right developer to fix the bug to reduce mean time to repair. It can use data from production to find out what are the most frequently used features within that application There’s even a tool that generates unit t e s t s a s y o u c o d e , w h i c h F o r r e s t e r refers to as the tester Turing bot

“AI can also support the execution of more stable tests For example, tests running in the cloud can execute almost too fast, before your application is in a loaded state,” mabl’s Farris said “It applies intelligence that can slow down or speed up the execution of your tests by automatically adjusting wait times ”

“So AI is infusing along the entire software development lifecycle And testing is one of the stages where it's actually more mature than any other stage of the development lifecycle,” Forrester’s Lo Giudice said. z

27 www sdtimes com December 2022 SD Times
< continued from page 21
< continued from page 24

Automation: The next evolutionary

Over the last few years, AI and automation have been slowly but surely changing the landscape of the s o f t w a r e d e v e l o p m e n t i n d u s t r y. Whether it is applied to testing, securi ty, or reducing wait times for tasks that had previously been done manually, this technology has proven to be essen tial in order for organizations to keep up with competitors

The main goal of these use cases, and several others, is to support devel opers while they work to accelerate the delivery of new products

Automation is no longer just an option

Suzie Prince, head of product, DevOps, at the software development tool com p a n y A t l a s s i a n , e x p l a i n e d t h a t w i t h today’s developers being tasked with so many different jobs, AI and automation work to simplify complexities as well as control tool sprawl

“Automation is really the only way for developers, specifically, to keep up, ” Prince said. “But also we know that the best organizations use automation all over the place inside their software development life cycle…Unless a team has automated test speeds and auto mated deployments, there is no way that they can move to continuous deliv ery and therefore, they can’t really become these elite performers ”

Knowing this, adopting automation is no longer optional Rather, it has become the next necessary, evolution ary step for every company

“All companies have to become AI companies in order to remain competi tive,” said David DeSanto, VP of prod uct at GitLab “It’s not just about lever a g i n g t h e i r o w n m a c h i n e l e a r n i n g products, but leveraging products that use AI to be more effective and deliver software both faster and more securely ”

Rajesh Raheja, chief engineering officer at the intelligent connectivity and automation company Boomi, built on this, saying that automated code

scanning tools that can identify bottle necks or errors in code are a way that many organizations are currently utiliz ing AI to speed up development.

“There are tools out there that can use algorithms to try and determine if what you have put into the code is cor rect in terms of legal implications with open source software,” he explained “But then it goes even deeper into prod uct quality ” Raheja explained that man ually performing these product qual ity tasks would take a tremendous amount of time By bringing in this automation, the developer gets that time back and the process is accelerat ed

Anand Rao, global artificial intelligence lead at the business advisory firm PwC, went on to say that he is seeing AI and automation being applied to three different areas to accel erate development: data life cycles, soft ware life cycles, and the model develop ment life cycle.

“AI and automation really plays across all of that,” Rao said. “Not just to auto mate the software engineering process but also to automate the pipelines that connect the data to the AI ”

Where is automation most useful?

In Raheja’s experience, automation has had the highest impact on velocity when it is applied to quality

“First, you have the automation in the pipelines that ensures that bad qual ity code does not get into production, so that already helps the team to not spend time fixing defects and retesting,” said Raheja “Secondly, this can help compa nies fix tech debt Quality automation allows developers to make much bigger and more inclusive changes than they otherwise would without the fear of breaking the system ”

F u r t h e r m o r e , D e S a n t o e x p l a i n e d t h a t G i t L a b i s c u r r e n t l y u t i l i z i n g

automation in several other areas to provide for faster development speeds.

T h e s e i n c l u d e i d e n t i f y i n g t h e r i g h t code reviewer, actual code creation, and intelligent code security.

He expanded on this, saying that

intro ducing AI into c o d e s e c u r i t y c a n h e l p t o s p e e d u p development because its main purpose is ensuring that the first time code is committed to a proj ect, it is already secure.

D e S a n t o n o t e d t h a t b y b u i l d i n g automation into security early in the process, code can be pushed to produc tion quicker since it cuts down on the number of times developers will have to go back to earlier stages to fix a vul nerability

Additionally, when looking to add a u t o m a t i o n i n t o s e c u r i t y p r a c t i c e s , A t l a s s i a n ’ s P r i n c e e m p h a s i z e d t h a t organizations will get the most out of this automation if it does not fall on the developer alone

She said the expectation that the average developer or operations team member will be able to double as a security expert is unrealistic and can end up having a negative impact on delivery speeds

“You have to really look for expert skills in your teams and also look for best of breed security tools These are expert skills and this is a very specific area, so find the best tools and use their

SD Times December 2022 www.sdtimes.com 28

step toward elite performance

automation either in the coding or in your test automation suite,” Prince said.

Empower developers, don’t replace them Rao said that in order to get the most out of security automation there has to be an established way for a human to take control if the automation fails.

That being said, it is important to note that even with the usefulness of AI and automation, organizations should be wary of losing that essential human aspect of software development

“I am a very strong proponent of ‘human in the loop’ systems,” Rao said “So, essentially the AI is making the rec ommendations to the human, but the human makes the final choice and that choice is then implemented by the AI ”

According to Rao, this allows for automation to still play a major role in development without the potential for it to make decisions that the developer wouldn’t have made, thereby making the life cycle more efficient

Automated testing

Boomi’s Raheja also touched on this, explaining that AI and automation can not think critically, so it cannot operate effectively without a human there to make those decisions.

“A business might have the goal of growing 50% year over year, or that they want their revenue to be a billion dollars, and how do you translate that into automation? The automation does n’t really know what that means, so you d e f i n i t e l y s t i l l n e e d t h a t p a r t i c u l a r human thinking,” he said

DeSanto went on to explain that when human developers work with automation, it can help to accelerate development because it works to get ahead of problems

“There is a style or a nuance that could potentially be lost in generating code without context, and so we really see [security automation] as a way to empower developers,” he said “This helps the developer from the beginning as opposed to giving them a writeup of

problems after they’re done with the project.”

Rather, DeSanto believes automa tion has the potential to fight against developer burnout and result in an even more engaged team.

“I see AI as a way to help make the existing staff more effective,” he said. “When you look at it from that point of view, you don’t lose that human aspect anymore, in fact it kind of becomes the most important thing ”

Prince went on to explain that in her experience, security automation is the best example of human developers and AI needing to work in tandem

“There are circumstances where a new vulnerability becomes available or a new way of exploiting software reveals itself, and that is where you would need that human expert,” she said “They would then have to dive really deep into the software and do what we call black box testing or penetration testing, ”

The future of automation

An important area in which AI can accelerate development is in the testing process. David DeSanto, VP of product at GitLab, explained that AI/ML tools can reduce the amount of noise devel opers see when working on unit tests.

Automation in testing, he said, can help developers go right to the unit or quality tests that are causing problems, while automati cally getting rid of false positives.

“Early in my career, cutting through all the noise and all the alerts developers get was essentially the challenge of the job for me,” DeSanto said. “If we can leverage AI to make that easier, you’re going to find better uptime, better engagement, and less stressed ops engineers.”

According to DeSanto, several organizations have already brought automation into their testing practices in order to accelerate development and make the lives of team members easier.

He cited GitLab’s most recent DevSecOps survey, noting that “37% of teams said that they use AI/ML today as a part of their software testing. That is up from 25%, with another 20% wanting to do it within the next year and the remainder wanting to roll it out in the next couple of years.”

With this, DeSanto explained that a company’s ability to automate and their abil ity to maintain a competitive edge are not just correlated, but causal.

“App transformation, cloud migration, digital transformation, they’re all about how to get value from what my developer is building from when they start writing it through to when it is in the hands of the user,” he said. “A growing percentage of organizations are having to ship software continuously to really do that… that’s because they have to deliver the value faster and you can only do that if you automate.” z

Even with the strides that have been made with AI and automation, Raheja believes there is still room for improve ment in the future.

He said that the areas in which automation has the most potential for growth is standardization and m a t u r i t y H e e x p l a i n e d t h a t f o r a n organization to reap all of the benefits of AI, it needs to be both consistent and repeatable

Raheja said that some of this stan dardization has already been applied to automation in low code tools, but gen erally, AI and automation still has a way to go before it reaches the optimal level of maturity

Prince also touched on this, saying that she believes development teams are still just scratching the surface of what this technology can offer

She said, “We really have a long way to go with most organizations Ulti mately, I think that we are at the very beginning of businesses taking advantage of the power of automation and AI.” z

www sdtimes com December 2022 SD Times 29

Guest View

How dev-friendly is your security program?

How developer friendly is your organization’s security program?

The answer is as important as ever in today’s digital economy. High performing organizations e m p o w e r d e v e l o p e r s w i t h t o o l s , t r a i n i n g a n d resources to do high quality work, with security front of mind This results in the ability to build secure applications quickly that consistently meet expectations and mitigate risk

As we see too often, though, many organizations struggle to create a positive environment for devel opers We see these results in the notoriously high job turnover statistics for developers who quickly move from employer to employer from burnout

There are fundamental challenges that business leaders must address to improve software develop ment, in particular a developer’s ability to contribute to software security Doing so can further engage developers in the security process and contribute to the larger securi ty maturity of the organization

Let’s look more at developer enablement and what organiza tions can do to make an impact.

Create an environment for developers to thrive

Organizations must first understand the state of their environment to create significant change. Companies should analyze their security maturity and discover how to encourage developers to sup plement and further strengthen it

Developers want to understand the impact they have on a project and do quality work that makes a tangible difference Often, though, they find them selves battling unrealistic timelines that result in an inferior product Managers want the same thing, but they need to communicate better on how to reach these goals

Organizations should communicate the impor tance of a security centric culture and how devel opers can make an impact on a large scale It is up to company leaders to find innovative ways to high light this impact and, most importantly, create a structure where this work is rewarded and valued

Security as a shared responsibility

Security is not just for individuals with the word “security” in their title, but an organizational effort.

Developer enablement creates opportunities to embed developers into larger corporate practices and goals, not just assigning them seemingly free s t a n d i n g d e v e l o p m e n t t a s k s . M a k e t h e m f e e l invested in the organization’s overall success by creating an environment where CISOs, security teams and developers work together to improve security posture

Outline practical steps that can make incremen tal changes Organizations too often try to take on too much at once (the boil the ocean approach), ultimately leading to failure Instead, make security a teamwide responsibility that leverages the skills of each part Developers want to feel valued in their work and should feel empowered to refine security protocols during the development process

Encourage ongoing education

Education is integral to the improvement of devel opers ’ security prowess Organizations often do not provide developers with the upskilling opportuni ties needed to further enhance their skills with tight deadlines, project demands, and other more immediate needs taking precedence.

If developers receive training, it often takes place during a single day, and rarely features valu able long term information that makes sense in the context of their day to day work. Organizations must move past this approach and look to create upskilling incentives to create well rounded devel opers They need to leverage scaffolded learning techniques that allow developers to follow individ ual programs that build on top of one another Organizations that emphasize continuous learn ing, knowledge and upskilling will create well rounded developers who create better programs, stay loyal to their company, and help build a strong security posture

A look at what’s next

The future of developer enablement is creating an environment where developers can thrive, provid ing opportunities for developers to collaborate across the security organization and ensuring they have access to the appropriate education and train ing opportunities

As a company leader, this is a chance to make real change. z

30
B Y M AT I A S M A D O U
SD Times December 2022 www sdtimes com
Education is integral to the improvement of developers’ security prowess.

Analyst View

3 actions for better dev experiences

When it comes to succeeding with digital ini tiatives and building high performing soft ware teams, it is important to deliver top notch developer experience. A superior developer expe rience helps attract and retain talented developers Gartner’s 2021 Software Engineering Leader Sur vey shows that hiring, developing, and retaining talent ranks in the top three challenges for 38% of software engineering leaders

Developer experience refers to all aspects of interactions between developers and the tools, plat forms, processes and people they work with, to develop and deliver software products and services

In order to create a superior developer experience, software engineering leaders must provide an envi ronment in which developers can do their best work with minimal friction and maximum flow

Software engineering leaders working towards i m p r o v i n g t h e i r t e a m ' s d e v e l o p e r e x p e r i e n c e should follow these three actions

Improve developer journeys

Developer experience extends beyond developer tools and technologies. Building and retaining a high performance development team starts with a positive onboarding experience. A streamlined onboarding process enables developers to make meaningful contributions much faster, which in turn makes the entire team more productive.

Creating a frictionless developer onboarding experience will improve overall developer experi ence For software engineering leaders, it is impor tant to ensure that developers are equipped to get started on day one Be sure to provide a fail safe environment that is immune to accidental errors Create a sense of belonging and camaraderie

Developer self service can also improve devel oper journeys by reducing process inefficiencies a n d , i n s o m e c a s e s , e l i m i n a t i n g u n n e c e s s a r y processes entirely Self service development work flows can be streamlined through the use of inter nal developer portals Developers benefit from accelerated feedback loops, as they enable devel opers to continually improve code quality and understand what is working and what is not By establishing feedback loops, developers are able to experiment, measure progress and continuously improve.

Optimize for creative work

To improve developer experience, software engi neering leaders must go beyond optimizing devel opment workflows and provide focus time for deep, creative work along with the freedom to fail and experiment

A collaborative work environment is a crucial ingredient of developer experience, since software engineering is a team sport and involves multiple team members and teams Teamwork and collabora tion amplify original ideas and shorten the cycle time from idea to production Collaboration between team members lends emergent properties to the team

Fostering communities of practice can help cre ate an open and collaborative work environment Practitioner led communities are fundamental to open, collaborative and effective learning People own what they help create and work together to address challenges Software engineering leaders must encourage their teams to create communities of practice through active engagement, reg ular activities, member focus, collaborative problem solving and a powerful strategic vision.

Be a connector manager who enables cross pol lination of ideas and skills. Connector Managers create a trusting and transparent team environ ment that supports peer to peer coaching

Finally, leverage automation for repetitive tasks to free up time for creative work Automating away the routine and repetitive aspects of software engi neering enables developers to focus on applying their creativity to solving problems Developers should indulge in ideation, build new solutions, collaborate and communicate with their peers, partners and customers rather than maximizing the time available for writing code

Make a meaningful impact

D e v e l o p e r e x p e r i e n c e i n t h e l o n g t e r m g o e s b e y o n d s o f t w a r e d e v e l o p m e n t w o r k f l o w s I t involves giving developers the opportunity to make a meaningful impact

A number of organizations have reported that psychological safety is a key characteristic of a high performing team. z

31
B Y M A N J U N
AT
AT H B H
Manjunath Bhat is a VP Analyst at Gartner, Inc
www sdtimes com December 2022 SD Times
Building and retaining a high-performance development team starts with a positive onboarding experience.
enterprise developers • Reports on the newest technologies a deliv The latest news, n ffecting vered to your inbox! news analysis and commentary consortia, open • News from soft reshaping softw • Insights into the deve n source projects and m tware providers, indust ware development e practices and innova elopers more ry tions . velopment industry up with Y! AY! n the software dev mes Daily to keep BSCRIBE TODA everything happening i im Read SD T SUB

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.