[ad_1]
It’s always nice to have sophisticated cybersecurity tools to detect vulnerabilities. But code security must always start with developers following the rules.
For Mike Hanley, head of security at GitHub, this focus on the foundations of code means adhering to the fundamentals. Which ? Enabling two-factor authentication (2FA) and adopting industry standards and best practices.
The software development platform now owned by Microsoft has more than 100 million users and suffers its share of targeted cyberattacks. However, the form of these attacks has not changed much over the past decade. The majority of these attempts are phishing and social engineering attacks, which aim to take over the credentials and accounts of software makers, as well as exploit vulnerabilities in web applications.
Avoiding a new SolarWinds
“You can buy tools to prevent and detect vulnerabilities, but the first thing you need to do is help developers make sure they’re building secure applications,” Hanley told ZDNET.
And this is especially important as major software tools, including those that power video conferencing calls and self-driving cars, are made available on GitHub. So if the GitHub accounts of the people who maintain these apps are not properly secured, hackers can take over these accounts.
The damage can be considerable, as in the case of SolarWinds and Log4j, notes Hanley. He knows this well since he joined GitHub in 2021, taking on the role of CISO when the colossal SolarWinds attack became widespread.
Start with 2FA
“We continue to tell people to enable 2FA…the basics are a priority,” he says. It highlights GitHub’s efforts to mandate the use of 2FA for all users. The process has been underway for a year and a half, and will be completed early this year.
In terms of best practices, GitHub uses references published by the Cloud Security Alliance.
Redefining development with AI
Artificial intelligence (AI), including generative AI, is also becoming an important companion for software developers, particularly in identifying potential vulnerabilities as they write their code, according to Hanley.
AI helps prevent developers from writing vulnerabilities into their code, he says. Because software vulnerabilities are often discovered after the codes have been made public – and it sometimes takes years before they are discovered, as in the case of Log4j – the ability of AI to identify and provide suggestions to close potential vulnerabilities before the software is released is a game changer for developers.
According to a study by GitClear, which examined 153 million lines of modified code written between 2020 and 2023, the proportion of code that is reviewed or updated within two weeks of being written is expected to double this year compared to 2021.
GitHub Copilot: more than 3 billion lines of code accepted
Discussing GitHub Copilot, GitHub’s AI-powered software development tool, Hanley says the technology should help developers not only write code, but also review and fix it.
GitHub Copilot is supposed to provide code suggestions that are aligned with a project’s context and style conventions, giving developers the ability to decide what to accept, reject, or change. The tool can be integrated with other editors, such as Visual Studio and Neovim, and can suggest syntax and code in multiple languages, including Python, JavaScript, Ruby, and C#.
Launched in October 2021, GitHub Copilot is currently used by more than 1 million developers and 20,000 organizations, GitHub CEO Thomas Dohmke said in a June 2023 blog post. The AI-powered tool has generated more than three billion accepted lines of code.
Co-pilots are most effective when working with their human counterparts
On average, its users accepted nearly 30% of code suggestions, with that number increasing as developers become more familiar with the tool, Dohmke said, citing an analysis of a sample of 934,533 GitHub users. Copilot.
Based on a 30% productivity rate and a forecast of 45 million developers in 2030, he said generative AI tools for developers can potentially add 15 million “effective developers” to the global capacity by 2030, which would increase GDP by more than $1.5 trillion.
GitHub Copilot users also report coding 55% faster with the tool, he noted, adding that 46% of codes were completed by the AI-powered technology in files where it was enabled.
However, like self-driving cars, AI-assisted development tools do not replace human developers and code review processes, Hanley said. They are complementary tools and, as the name suggests, software developer co-pilots are most effective when working with their human counterparts.
Source: “ZDNet.com”
[ad_2]
Source link -97