37 minute read
News Watch
by d2emerge
NEWSNEWS WATCHWATCH
CompTIA’s new tech job posting optimizer
The new tool, optimize.comptia.org, will help employers expand their pipelines and seek out overlooked or untapped talent.
The free, web-based platform offers a range of tech job templates and data tools intended to optimize postings for skills, qualifications, and inclusivity oriented to the U.S. labor market.
According to the company, of the over 500,000 job postings for entry-level tech positions in 2022, 57% of employers limited their search to candidates with a four-year degree or higher.
Additionally, for employers looking to fill entry-level cybersecurity roles the number one listed industry-recognized certification is a managerial-level credential that requires advanced experience.
The company stated that while this over-spec’ing among job postings does not negatively impact employers, it does have a downside for candidates as 55% reported some level of a “confidence gap” when looking for a new role.
CompTIA’s Tech Job Posting Optimizer platform offers a check of bias language, salary curves, and a job posting best practices guide. The platform is also backed by labor market data from Lightcast and Infogr8.
Privacy Sandbox to be in Android 13 early next year
Google has been attempting to provide better ways to protect user privacy while also still providing advertisers with ways to serve relevant content to users. Its solution to reducing third-party tracking is the Privacy Sandbox.
Earlier this year, it announced it was bringing Privacy Sandbox to Android and since then it has released a few developer previews. Now it is announcing that the Privacy Sandbox Beta will rollout to Android 13 devices starting early in 2023, and to get developers ready it is sharing some information about the upcoming beta.
First, in order to get access to Privacy-Preserving APIS, such as Topics, FLEDGE, and Attribution Reporting, developers will need to go through an enrollment process to verify their identity and gather developer-specific data that the API may need.
Anyone wishing to participate in the beta program can request access on a limited number of Android 13 devices, and can register apps that utilize the Sandbox APIs.
There will be a closed beta for developers to test the SDK Runtime. It will be limited to a small group of developers due to the coordination required in testing it on production devices, the Android team explained.
On the advertiser side, the team recommends working with ad providers to understand testing roadmaps and ways to participate in testing of the Privacy Sandbox.
Copilot gets updates; Codespaces goes GA
GitHub Copilot will soon bring its AI pair programmer to businesses with added admin controls and the ability to manage licenses. Copilot uses OpenAI Codex to suggest code and functions in real time right in the editor.
“Hey GitHub” also makes Copilot accessible to developers who can’t use a keyboard everyday through voicebased interaction, but the GitHub Next team behind the functionality hopes to expand its capabilities through further research and testing.
Also, Codespaces is now generally available for all GitHub users and everyone will receive up to 60 hours of Codespaces for free every month.
The new code search and code view offers a new search engine that can access the world’s code easily, a new search interface, powerful queries with suggestions completions, and a redesigned code view that integrates search browsing and code navigation.
Cloudflare announces developer templates
Cloudflare is attempting to make it easier for developers to build applications on their developer platform. To do so, it has announced Cloudflare Workers Templates.
Cloudflare Workers is a capability for building applications, and this new set of templates being released will give developers ideas of what they can build on the platform.
For example, there are templates for building image sharing websites with Pages Functions, direct creator upload to Cloudflare Stream, a Durable Object-powered request scheduler, and applications that accept payment for video content.
Alongside these new templates, Cloudflare also added a Deploy with Workers button so that templates can be easily and quickly deployed.
To support test driven development, a number of the templates support integration tests against a local server. This can be used to help developers set up tests in their own projects.
Snyk Cloud offers DevSec platform
The company announced the general availability of Snyk Cloud, which offers tools to help fix software vulnerabilities such as a vulnerability scanner and a patch management system that was launched in July 2022 with limited availability.
The innovations also include capabilities that can secure the software supply chain such as the ability to simplify emerging requirements around SBOMs and improved reporting features that allow for greater visibility and governance for developer security programs.
The new SBOM features include an API and CLI that generates SBOMs, scans standard SBOMs to identify security vulnerabilities for free, and also scans SBOMs with the opensource application Bomber and then tests the Snyk Vulnerability Database.
“Snyk was founded on the
belief that the developers building our collective future should also be empowered and equipped to secure it, ” said Adi Sharabani, the chief technology officer at Snyk. “We’re proud to share today’s latest significant developments to help our global customers continue their pace of innovation securely. ”
Snyk also announced that it is committed to driving DevSecOps success and introduced two new offerings as part of the asset collection Snyk Learn: Snyk Accelerate as a 90-day installation and best practice review and Snyk Premium, a high-touch service bundle.
Neo4j 5 adds simpler scaling
This release of the graph database is designed to expand the performance of native graphs over traditional databases while also offering simpler scale-out and scale-up across deployments.
According to the company, Neo4j 5 will allow organizations to accelerate the creation and deployment of intelligent applications at a larger scale as well as achieve more value from their data.
“Graph technology adoption is accelerating as organizations seek better ways to leverage connections in data to solve complex problems at scale, ” said Emil Eifrem, CEO and co-founder of Neo4j. “We designed Neo4j 5 to deliver the type of scalability, agility, and performance that enable organizations to push the envelope on what’s possible for their data and their business. ”
With this, users gain access to multiple benefits such as query language improvements with a new syntax aimed at simplifying the way they write complex, patternmatching queries and automated scale-out across several machines to allow for the growth of self-managed customers.
Additionally, this release offers continuous updates across all deployments, regardless of whether they are in the cloud, multi-cloud, hybrid, or on-premise. This works to ensure ongoing compatibility between self-managed and Aura workloads.
Octopus Deploy integrates with GitHub Actions
This update is intended to support the company’s deployment automation for GitHub Action workflows.
With this, users gain the ability to incorporate build information into deployment pipelines with GitHub’s introduction of a new push-buildinformation-action. This lets users provide commit, build, and issue tracking information to Octopus.
According to the company, GitHub Actions for Octopus Deploy v2 also makes it easier for users to reference release tags within workflows. Any alterations made to actions will now automatically update release tags and will be incorporated into workflows.
Additionally, this update offers improved visibility, making GitHub Actions for Octopus Deploy easier to use for deployment automations.
It has reduced the number of requirements as well as added output to the execution logs. It also added support for environment variables for sensitive values.
Lastly, users can now see job summaries generated through GitHub-flavored Markdown when creating a release or pushing a package to Octopus. The company stated that this makes it simpler to aggregate and group these actions.
People on the move
n Suhail Ansari is joining Tricentis as the company’s new CTO. He previously was senior vice president of engineering and operations at McAfee. He has also held executive roles at Realtor.com, Pivotal Software, and eBay. The company also recently announced Jen Lucas as chief people officer, Amanda Borichevsky as chief legal officer and general counsel, and Darren Beck as chief marketing officer.
n Bugcrowd has appointed Dave Gerry as its new CEO. Gerry was previously chief operating officer at the company, and prior to that he was chief revenue officer and head of global operations at WhiteHat Security. He has also held roles at Veracode and Sumo Logic.
n Contrast Security has announced three new hires as part of its Partner Alliance Team: Tracey Mead as vice president of strategic alliances for systems integrators, Rachael Mott, senior director of strategic alliances for technology partners, and Frank Gasparovic, principal solution architect. The three new hires will report to Ben Goodman, senior vice president of corporate development and strategic alliances.
Next.js 13 takes redesigned approach
Next.js 13 provides developers with heightened levels of flexibility and customization without the restrictions of technical limits.
With this, users gain access to a redesigned approach to website layouts, data-fetching, and server-rendering. According to Vercel, Next.js 13 works to ship less JavaScript while also making ambitious updates possible and simplified.
This release also provides developers with a component toolkit that is intended to address common artifacts of the web such as images, font, scripts, and social cards.
This toolkit includes a new <image> component to optimize images on-demand for better performance as well as a new <font> module to optimize fonts and remove external network requests by doing away with connection setup times to third-party hosts.
Next.js 13 also includes Turbopack, the successor to Webpack. Turbopack is a Rustbased incremental bundler that draws on the lessons of build systems like Turborepo
The goal of this is to enable enterprise businesses and developers to operate their sites more efficiently. z
BY KATIE DEE
n the summer of 2018, Darius Faison was an incoming sophomore Computer Science major at
Morehouse College. Unfortunately, due to a lack of experience with the technical interviewing process, Faison found himself stuck without an internship.
In order to ensure this would be the last time that he faced this problem, Faison dedicated his time that summer and fall to preparing for future technical interviews and improving his coding skills in order to build confidence and expand his resume.
However, Faison did not do this on his own. In the Fall of 2018, a professor introduced him to Karat, a cloud-native interview company that focuses on preparing candidates for technical interviews.
Through Karat, Faison found the Brilliant Black Minds movement, the company ’ s flagship purpose program, created to empower the next generation of Black software engineers.
“I signed up to do some of their mock technical interviews over video chat and it was super helpful and really let me know what I need to work on, ” Faison said. “But it also instilled me with the confidence to say ‘ okay, I can do this, I can get these internships and I can ace these interviews. ' ”
Since completing the program, Faison has been able to land software engineering internships at Google, McKinsey & Company, and at Microsoft,
Iwhere he now works as a full-time software engineer. According to Karat, Black software engineers are currently the most underrepresented group in the industry, with only 5% of software engineers in the United States being Black. The company is working to change this through the Brilliant Black Minds movement, which has already helped roughly 2,500 Black software engineers in the U.S. over the last year and a half. As Karat is just now starting to track hiring metrics, the company could not provide numbers as to how many participants who have gone through the program found internships or landed jobs.
Systemic obstacles
“Even if we eliminate all the bias out of the interview, there are still systemic obstacles that a lot of populations are facing, ” said Jeffrey Spector, cofounder and president of Karat. “If you look at the challenges that the Black community is facing… It all translates into less familiarity with the interviewing process. ”
Faison explained that, in his experience, the only way to get better at technical interviews is through rigorous practice with this specific interview type, and that is exactly what Brilliant Black Minds offers to aspiring Black engineers.
He said,
The movement working to double the number of black software engineers in the United States
question that is asked, it’ s about being able to really communicate your thoughts and recognize your own mistakes and then communicate the thought process behind those mistakes and how to rectify them… Brilliant Black Minds helps you to polish that and gives you that edge on the competition. ”
According to Karat’ s research, Black software engineers lack access to several of the resources and connections that aid in an engineer's success. Spector explained that these include a lack of access to computer science classes as well as the absence of a connection with engineers already in the industry.
He explained that this has historically created a barrier that works against Black engineers trying to break into the industry.
Faison emphasized this, saying, ties and also a lot of the time we
’ re even given harder questions…There has been anecdotal evidence that some interviewers purposely give harder questions to Black interviewees… Brilliant Black Minds is invaluable to prepare you for this. ”
According to Spector, the motive behind the Brilliant Black Minds movement is to undo the pervasive systemic issues that act as a roadblock for Black engineers.
Karat is attempting to bridge this gap with the interviewing cloud, an always-on, scalable, and consistent human and tech solution for conducting technical interviews. Through the interviewing cloud, candidates are connected with Karat’ s global network of interview engineers whose role is to facilitate technical interviews with software developers using Karat questions and the Karat Platform.
— Darius Faison
< continued from page 7
Additionally, participants gain access to market intelligence and purpose-built interviewing infrastructure. This gives Black software engineers the ability to participate in as many practice interviews as they wish in order to help kickstart their career.
“They get feedback in the interview and afterwards, we have a series of workshops they can attend that range from technical workshops but also look at what the hiring process is like, ” Spector explained.
On top of these resources, he said that Brilliant Black Minds also includes a Discord server for participants where they can connect with the community, benefit from their shared knowledge, and provide continued support to each other as they advance in the industry.
Faison explained that Anthony Mays, public speaker, DEI consultant, writer, tech career coach, and software engineer, plays an active and helpful role in the Brilliant Black Minds Discord.
“He has been super invaluable with the advice that he gives and we also do office hours in the Discord where we work through different problems and hear other people ’ s suggestions so it’ s a very active, caring, and nurturing community, ” said Faison.
Spector went on to say that technology has become prevalent in the lives of every person, making inclusivity even more essential.
He expanded on this, saying that when a product is created from a limited perspective, more often than not, it misses the mark with the larger audience, limiting an organization's customer base. This further emphasizes the need for diversity in the tech industry.
Spector also spoke about the growth that Brilliant Black Minds has seen in recent months. Back in April, tennis great Serena Williams made a strategic investment in the program in order to support its growth.
Following Williams ’ investment, Karat announced the Partners of Brilliance, consisting of Amazon Prime Video, Citi, Duolingo, Indeed, and Flatiron Health as the first major corporations to join the Brilliant Black Minds movement.
“We initially started the program purely for practice, but what we found out was that a lot of the participants were doing really well, ” Spector said. “So, we started the Partners of Brilliance and now we have these five major companies who are now committed to supporting and hiring the engineers as they come out of this program. ”
According to Spector, with the launch of the Partners of Brilliance, several job offers have already been extended to participants of the program.
He went on to say that his hope for the program is to catalyze other companies to join the Brilliant Black Minds and actively seek to hire more Black engineers coming out of the program.
Spector also explained that Karat has partnered with other organizations working towards this same goal in order to be sure that the reach of Brilliant Black Minds is as comprehensive as possible.
These partners include Howard University, INROADS, Inc., Morehouse College, The National Society of Black Engineers (NSBE), /dev/color, Blacks In Technology Foundation, CodeHouse, CodePath, Rewriting the Code, and Tribaja.
“One thing that we ’ re seeing also is that the program is working, ” Spector said. “We found that participants that completed three practice interviews were six times more likely to get a job or internship and they felt twice as confident in their ability to interview coming out of it… so hopefully this is the first wave of a number of other companies [joining the movement]. ” z
2022: The New Normal
BY DAVID RUBINSTEIN Office closures and people starting to work from home became the new normal in 2022, creating both logistical problems and big opportunities for many software development organizations.
In the fall of 2021, a Google study found that more than 75% of respondents said they expect hybrid work — splitting time between an office and working from home — would become a standard practice within the next three
years.
It hasn ’t taken that long.
Much of the year was spent by workers and companies trying to regain some normalcy, balance their life and work, and reconnect with coworkers in a meaningful way. (My take: when you work from home, you ’ re never really working, and you ’ re never really home).
The stress of all this on workers has taken its toll, with many developers saying they ’ re burned out, in what the World Health Organization ’ s International Classification of Diseases has called an “ occupational phenomenon. ”
Characteristics of burnout include fatigue or exhaustion, increased mental distance or negativity towards one ’ s job, and reduced efficiency at work. Yet detecting burnout is more difficult when the worker is remote, since managers and coworkers don ’t have visibility into how that worker is feeling and actually working.
But one of the keys to making remote work, uh, work is improved communication and collaboration. And this is done by fully transitioning their work and the tools they use into the cloud.
The COVID-19 pandemic was the driving factor, and organizations had to move quickly for business continuity. David Williams, VP of product strategy at DevOps automation company Quali, told SD Times in October, “The pandemic came in and was really what put an emphasis on leveraging the cloud… It had multiple impacts and one of them was the higher priority given to the legacy applications that were on the back burner until a year and a half ago. ”
And Adam Preset, VP analyst at Gartner, said the volume of questions organizations had about cloud collaboration tools increased exponentially over that time. He attributed that to companies realizing that on-premises
Automation, AI transform testing
BY KATIE DEE 2022 has been a year of innovation and progress within the software testing space. With a strong push towards automation and AI, testing has undergone a modernization of its practices in order to keep up with the demands of customers.
Torsten Volk, managing research director at EMA, spoke about how test automation is imperative in order for organizations to meet the software quality standards of modern businesses.
Volk explained that developers and testers should be embracing AI and automation because companies that still heavily rely on traditional testing methods are failing to keep up with their competitors due to an inability to scale and meet the needs of today ’ s digital demands.
He said that automated testing can help organizations keep up in areas such as smart scrawling/natural language process-driven test creation, self healing, coverage detection, anomaly detection, and visual inspection.
The SD Times April Buyers Guide also focused on test automation. It emphasized the importance of applying automated testing in the right areas and in the right way in order to minimize maintenance efforts while still gaining the proper risk coverage.
The guide also touched on testing at the API level, focusing on realuser interactions, the role of service virtualization, and how AI can help with both test creation and maintenance.
Additionally, it dove into the importance of narrowing the focus of automation so that it is being used on exactly the right set of tests.
This works to help organizations determine which tests can be performed more efficiently through API-level integration tests as well as identify bottlenecks with dependencies that can be virtualized for improved testing and automation. With such a strong push towards automation, it is essential for companies to learn which tests are performed more efficiently by actual testers rather than through automation. In November, SmartBear released its fifth annual State of Software Quality and Testing survey.
The survey showed that the number of companies continuing to use manual testing is steadily declining, with 11% of last year ’ s respondents saying they still manually test and only 7% using
collaboration tools came with limitations on where employees had to work and how they could access the technology they needed.
Williams noted that in a hybrid environment, communication tends to be more intentional and meaningful and less “ accidental” — meaning just bumping into someone in the company kitchen to have a conversation doesn ’t happen when people are working remotely.
So, as organizations settle into this new normal of hybrid work, the editors of SD Times are declaring 2023 to be “The Year of Continuous Improvement. ” Throughout the year, we ’ll be writing articles and scheduling events around how, with the new routines becoming comfortable routings, individuals and organizations can work to get better.
We wish our readers a very happy holiday season, and we look forward to continue bringing you the information you need to help in that quest for improvement. z manual techniques this year.
Also, 16% of companies surveyed reported that 76-99% of all of their tests are automated, which is up over 10% from last year ’ s survey.
Furthermore, the results revealed that the frequency of releases is continuing to increase as half of the respondents stated that they spent over 70% of their week testing and three quarters reported spending more than 50%.
It also showed that the most time-consuming activity of the past year was performing manual and exploratory tests. 26% of companies stated this, up from 18% last year, while just 8% of respondents said that learning new testing tools occupied the most of their time.
Lastly, it was revealed that the biggest testing challenges that companies faced this year varied based on the size of the company. z
Java 18 and 19 enhance language
BY JENNA SARGENT BARRON There were two major Java releases in 2022: Java 18 and Java 19. Java 17, released in 2021, was the last Long-Term Support release of the language, and the majority of developers tend to stick to LTS releases, according to various surveys of the ecosystem over the years.
But still, it’ s important to go over the additions in these last two releases.
Java 18 added nine new language enhancements, and Java 19 added seven.
In Java 18, a new Simple Web Server was added that developers can use for prototyping and testing purposes. Chad Arimura, VP of developer relations at Oracle, explained that this addition continues on with the company ’ s efforts to make Java “ more approachable for students and educators and developers that are just getting started in their careers. ”
Developers can also add code snippets within API documentation to be able to provide better examples when documenting things.
UTF-8 became the default charset for Java APIs, which means any APIs that are dependent on the default charset behave consistently on all implementations, operating systems, locales, and configurations.
Other features in Java 18 included method handling being made the underlying mechanism for reflection to reduce maintenance and development costs, and a new service-provider interface for host name and address resolution, enabling developers to use resolvers other than the built-in one.
Features released in beta included a vector API, foreign function and memory API, pattern matching for switch expressions, and finalization is being prepared for removal in a future release and is currently deprecated.
Java 19 was the next major release, which came out in October.
In that release, the most significant improvements to the language itself were the ability to nest record patterns and pattern matching for switch expressions, both of which are currently in preview. The record patterns update extends pattern matching and allows for more composable data queries. Pattern matching for switch expressions allows an expression to be tested against multiple patterns. Library tool updates included an API for invoking foreign functions and accessing foreign memory safely, and a new Vector API that allows applications to express vector computations that compile at runtime to vector instructions.
New features that came out of Project Loom, which is an initiative to provide a lightweight concurrency model for Java, include virtual threads, which reduce the effort of writing, maintaining, and observing high-throughput concurrent applications, and structured concurrency, which simplifies multithreaded programming.
The Linux/RISC-V Port was also integrated into the JDK mainline repository in that release.
“Our ongoing collaboration with the developer community is the lifeblood of Java. As the steward of Java, Oracle is steadfastly committed to providing developers and enterprises with the latest tools to help them create innovative apps and services, ” said Georges Saab, senior vice president of development for the Java Platform and chair of the OpenJDK Governing Board at Oracle, at the time of the release. “The powerful new enhancements in Java 19 are a testament to the monumental work across the global Java community. ” z
Microsoft: .NET 7 released, .NET MAUI reaches GA, and Visual Studio 2022 continues to thrive
BY JENNA SARGENT BARRON Microsoft has had a bit of a year in terms of providing developers with the tools they need to succeed. A lot of the updates that Microsoft has made in the last 12 months have been developer-focused, including .NET 7, .NET MAUI, and Visual Studio updates. .NET 7 was released just last month. When the first preview was released earlier in the year, Microsoft had said .NET 7 was towards the next 20 years of .NET. ”
Key focus areas for the release include providing developers with resources for upgrading their legacy projects, improved cloud-native support, and a simplified experience for working with containers. .NET 7 also ships with .NET MAUI, which reached general availability in May. .NET MAUI, or “Multi-platform App UI, ” allows developers to build applications for multiple platforms from a single codebase.
The company also released a number of updates to Visual Studio in the past year. These updates span the areas of productivity and performance, enterprise success and scale, support for modern workloads, and innovation in AI-assistance, collaboration, and Git tools.
One significant change is the addition of a 64-bit version, which enables developers to now use Visual Studio for larger projects.
Other updates include reductions in load time, new AI-assisted capabilities, and .NET Hot Reload, which allows developers to modify code while the application is running, rather than having to pause or hit a breakpoint.
At Microsoft Ignite ‘22, the company announced a number of new capabilities for developers. It announced several new features aimed at making companies more data-driven, such as new updates to Azure Arc, support for PostgreSQL in Cosmos DB, and a new pipeline template in Azure Synapse Analytics that makes it easier to set up Mapping Data Flows.
New updates to the no-code Power Platform include new natural language capabilities in Power Automate, Feedback Loop, support for unstructured documents like contracts or statements of work, support for 164 languages in text recognition, and Multi-Table Extraction.
Enhancements to Teams included a new “Together mode, ” live editing of Excel workbooks, improved integration with PowerPoint, and a preview for Mesh Avatars which are intended as an alternative to turning on your camera during meetings.
Security was also a focus that Microsoft highlighted during the event. Microsoft Security updates included new Identity Governance capabilities, a more unified DevOps security management ecosystem, automatic attack disruption to limit lateral movement and stop ransomware before it can encrypt data, and more. z
Security in 2022: Big improvements, but hurdles remain
BY JAKUB LEWKOWICZ
This year was a big improvement over the last when it came to reducing data compromises and the number of people affected by them. Many major companies and organizations embraced new methods of authentication and bolstered supply chain security practices.
While 2021 started out with over 95 million records exposed worldwide in Q1 2021, the number was down to just over 3 million records in Q1 2022. Q2 and Q3 last year saw 19.4 million and 14.1 million records exposed, respectively, while those numbers were 5.5 and 14.8 for the same quarters this year, according to a report by Statista.
This year started off with the OpenSSF announcing the AlphaOmega Project to improve global open source software supply chain security by working with project maintainers to systematically look for new, as-yetundiscovered vulnerabilities in open source code with a $5 million investment. Both Microsoft and Google signed on to support the project.
Then, Google, Microsoft, and Apple announced plans to expand support for a common passwordless sign-in standard with the FIDO Alliance. The Alliance open, interoperable standards that enable strong authentication using a range of methods, including biometrics, phones, and other devices.
As a result of the expanded support, users of the companies ’ platforms now have the ability to access their FIDO sign-in credentials on different devices without having to re-enroll every account and can use FIDO authentication on mobile devices to sign in to an app or website on a nearby device.
Standardization in security was further improved by the World Wide Web Consortium (W3C), which in July announced that Decentralized Identifiers (DIDs) v1.0 are now an official web standard. The new type of verifiable identifier doesn ’t require a centralized registry and it enables individuals and organizations to take better control of their online information while providing greater security and privacy, according to W3C.
During WWDC 2022 in June, Apple announced passkeys for iOS, iPadOS, and macOS. Passkeys are an end-toend encrypted sign-in method that is safe from phishing and data leaks. According to Apple, passkeys are stronger than two-factor authentication types. Google followed suit in October by adding support for passkeys on Android and Chrome.
Also, Google update made it easier to implement authentication. Google added an authorization feature to GIS to bolster the offerings of the SDK and make it easy for developers to implement secure authentication into their apps.
The government also advanced its security posture by requiring agencies to inventory all software in 90 days in a September memorandum. As part of the new guidance, federal agencies must only use software provided by software producers who can attest to complying with the government-specified secure software development practices.
However, not everything in 2022 was constructive toward improving security. In September, Sephora became the first company fined for violating the California Consumer Privacy Act (CCPA) by California Attorney General Rob Bonta.
The case determined that Sephora failed to disclose to customers that the company was selling their personal information, that it failed to process user requests to opt out of sale via userenabled global privacy controls in violation of CCPA, and that it did not remediate these violations within the 30-day window allowed by CCPA. The settlement required Sephora to pay $1.2 million in penalties as well as comply with several injunctive items. z
DevOps in 2022: Success and struggles
BY DAVID RUBINSTEIN Security and value emerged as two important aspects of DevOps as 2022 unfolded. Yet, with as much success as organizations have achieved implementing their own DevOps strategies, many others struggled to make it work for them.
Part of the struggle is an outgrowth of the “ shift left” strategy advocated in the DevOps space, leaving developers overwhelmed by tasks such as testing and security that they haven ’t been trained for. This has led to a growing sense of developer dissatisfaction as they have less time to write the code for innovative solutions they love to create.
Further, with the rise of cloud native computing, developers in many cases are having to create infrastructure environments for testing, staging and preproduction, which further erodes the time they have to be creative.
When DevOps first came into being, it was thought that these practices could bring developers and operations teams together. In many ways, though, organizations simply shifted a lot of operations functions onto developers. Today, we ’ re seeing what D2iQ’ s VP of Product Dan Ciruli called a “ recentralization of control, ” as the recently named platform engineering teams (which used to be called infrastructure teams) work to make developers more productive by standing up and running infrastructure for them.
Another trend seen in DevOps this year was around automation. Companies began implementing automation in their CI/CD pipelines, in testing and in identifying and remediating issues throughout the development life cycle.
On the security side of things, a big trend in 2022 saw organizations creating software bills of materials (SBOMs). These help organizations understand what’ s going into the software they ’ re creating, whether it’ s code written in-house or an open-source or third-party component.
DevOps news items making headlines this year include the CD Foundation announcing CDEvents, a vendorneutral specification for defining the format of event data; the partnership of Opsera and Octopus Deploy to create a no-code DevOps orchestration layer, and a Tasktop-Broadcom partnership to enable companies to better measure their business value.
Also, in March, Codefresh launched its Software Delivery Platform that brings the Argo toolset into a single platform, which the company described as
“ enterprise-class tooling for Argo, built on GitOps best practices. ”
In July, Broadcom announced its plan to acquire VMware for $61 billion, though the deal had yet to be finalized as of late November. And in June, GitLab 15.0 was released with capabilities for container scanning and speeding up workflows in the WYSIWYG Markdown editor for wikis.
In the fall, the DevOps Institute, under the direction of Jayne Groll, announced SKILup IT Learning, a subscription-based online education website. The top tier subscription comes with certification preparation video training courses.
Also this year, SD Times published a four-part series from EPAM consultant Jack Maher and V.S. Optima co-founder Pavel Azaletsky explaining DevOps feedback loops. The first, which examines delayed feedback, and the full series can be read at sdtimes.com.
Increasing interest in VSM
This year also saw the increase in both interest and offerings around value stream management.
Value stream management is being touted as a solution above Agile and DevOps that will finally bring the IT side and the business side together, working toward the same goals of delivering value to customers while continuously improving their operations.
According to a Forrester report earlier this year, the number of vendors offering products in this space has about quadrupled from its first report in 2017, when few people had heard of VSM. Now we ’ re seeing companies entering the space such as Broadcom, ServiceNow and Atlassian creating solutions, to go along with early players ConnectALL, digital.ai, HCL and Plutora.
In July of this year, portfolio management company Planview acquired early leader Tasktop to implement its Flow Framework into its products.
Also this year, SD Times produced its fourth {virtual} VSMcon event. One of the highlights was this talk — using events from the film “Ferris Bueller ’ s Day Off” — titled, “If you don ’t stop to secure DevOps as part of your VSM, you could miss it. ”
And, in September, the OASIS opensource standards consortium created a Value Stream Management Interoperability (VSMI) Technical Committee to develop standards for how tools within the DevOps organization can share data between them, allowing for better insights and decisions. z
We’ll Help You Keep It Clean
Dealing with bad data is a task no developer needs on their checklist. Inaccurate, outdated, and duplicate records can build up in your database, affecting business decisions, the customer experience, and your bottom line. As the Address Experts, Melissa helps our customers improve operational ef ciency with the best Address Veri cation, Identity Veri cation and Data Enrichment solutions available. We validated 30 billion records last year alone, which is why thousands of businesses worldwide have trusted us with their data quality needs for 37+ years.
BAD DATA BUILDUP
Returned Mail & Packages
Money Laundering & Fraud
Decreased Customer Insight DATA CLEANLINESS
Real-time Address Veri cation
Identity Resolution & Watchlist Screening
Geographic & Demographic Data Appends
Test our APIs Today! Visit www.melissa.com/developer/ to get started with 1,000 Free Credits.
BY JENNA SARGENT BARRON
Privacy will be top of mind next year for many organizations, as five U.S. states will have new data protection laws going into effect.
These include Virginia, Colorado, Connecticut, and Utah, as well as a new California law that is expected to be more rigorous than the already existing CCPA law.
Companies who handle customer data will need to be in the know as to what these regulations require in order to ensure they are able to comply with the new laws; otherwise, they may face hefty fines.
Earlier this year, Sephora made headlines for being the first company to be fined under the CCPA law. It failed to disclose to customers that it was selling their personal information, then failed to fix the issue within the 30-day window allowed under the law. It was required to pay $1.2 million as a result.
According to Brian Hengesbaugh, data privacy expert at the law firm Baker McKenzie, these new laws are very well-written and more clear than ones in the past, but the tradeoff is some people feel they ’ re too simple.
“For example, they don ’t really clearly articulate as many exceptions or provide as many ways for companies to think about how they actually can do the compliance, ” he said.
As an example, the Virginia law includes a general provision that companies shouldn ’t process sensitive personal information without obtaining consent, and there are no exceptions given to that. The GDPR includes clear limitations on the consent requirement, such as if you need the information to perform a transaction or comply with the law, he explained.
Commonality between the laws
While there are some differences between the different laws, there are also a lot of similarities.
According to Himanshu Shukla, cofounder and CEO at privacy automation company LightBeam, the new laws all follow five primary tenets: • Are you providing notice to the user? • Do you have consent on how to use the data? • Are you providing access to the end user? • How are you securing the data? • Do you have the necessary workflows in place to implement the first four tenets?
“All the privacy laws, if you look at them, the nuances of A versus B are very minimalistic, as long as you have got a necessary framework to track the five points, ” said Shukla. “Now, one can very well say that there are different data elements, people call it data elements, we call it attributes in terms of what constitutes your privacy information, that might be different for each regulation, some smaller minor changes, which come up, like saying you have the capability to handle employee data versus customer data versus vendor data separately. ”
According to Hengesbaugh, California ’ s new CPRA law is different from the other four states in that it applies to any data about a natural person, which extends the scope beyond consumers to employees, job applications, or business-to-business contacts.
He says that in many ways, this puts California on the level of Europe with its General Data Protection Regulation (GDPR) in terms of the broad scope.
The other four state laws apply only to consumers, which Hengesbaugh defined as “individuals purchasing for personal family or household purposes. ”
This difference in scope in California is forcing B2B companies to really have to figure out how they ’ re going to get ready and have a comprehensive privacy program to meet the requirements, Hengesbaugh explained.
Impact on software development
Shukla noted that in his experience talking with different companies, many treat privacy as a checkbox item, which is not the right way to approach it.
“If you ’ re gathering data from your customer, you ’ re truly a trustee of the data and you should handle it responsibly, ” said Shukla.
balances or processes in place within the organization. ”
Hengesbaugh added that these privacy regulations should have an impact on how we develop software. For example, what happens when a consumer asks for access to a copy or their data or wants their data deleted entirely?
“And so these, these are all activities, maybe particularly the deletion, one that I think has caused a lot of headaches over the years, as companies have tried to grapple with various privacy laws, ” said Hengesbaugh. “But you really almost need to embed privacy by design throughout the product development lifecycle. As a result, you really have to think about it kind of every step of the way. ”
There are also data minimization obligations, which impacts the development process, because it’ll force developers to really think about what data they actually need to capture and how much data they ’ re setting themselves up to capture.
Federal law
According to Hengesbaugh, many people were hoping that some of the emerging state laws would be preempted by a federal law, but nothing is in the works at the moment.
“I think we ’ re probably going to be left with this kind of mess for several years to come at least. And the states will probably fill in a lot more laws of different shapes and sizes as we go, just because, you know, the states are unregulated on how they regulate this stuff, ” said Hengesbaugh.
Four other states already have their own new privacy laws in the committee stage: Michigan, New Jersey, Ohio, and Pennsylvania.
Hengesbaugh predicts that a high percentage of legislators — maybe 80% — would agree that this should be regulated at the federal level.
The problem is that there are lots of questions as to where to get started with that sort of wide-scale effort. Plus there are questions like how much should it cover? Should it preempt state laws or not?
“And then suddenly, you don ’t have anywhere to go to get enough of a majority to actually get something adopted, ” he said.
Hengesbaugh argues that people feel like if there is no preemption, then what’ s the point? “You just added another set of rules we have to deal with, without solving, all the underlying issues? So I think that’ s where we are, ” he said.
Shukla compared our current situation to back in 1996 when HIPAA was passed, which is a federal regulation around medical records that applies to the whole country. He explained that when that was passed we were in the right place as a country to get something passed universally.
“For privacy, Europe has been way more advanced while the US has been lagging behind by a big degree and hopefully something universal kicks in. That would be awesome, ” said Shukla. z
