AI-driven software testing gains more champions but worries persist
"There is a clear need to align quality engineering metrics with business
outcomes and showcase the strategic value of quality initiatives to drive
meaningful change," the survey's team of authors, led by Jeff Spevacek of
OpenText, stated. "On the technology front, the adoption of newer, smarter test
automation tools has driven the average level of test automation to 44%.
However, the most transformative trend this year is the rapid adoption of AI,
particularly Gen AI, which is set to make a huge impact." ... While AI offers
great promise as a quality and testing tool, the study said there are
"significant challenges in validating protocols, AI models, and the complexity
of validation of all integrations. Currently, many organizations are struggling
to implement comprehensive test strategies that ensure optimized coverage of
critical areas. However, looking ahead, there is a strong expectation that AI
will play a pivotal role in addressing these challenges and enhancing the
effectiveness of testing activities in this domain." The key takeaway point from
the research is that software quality engineering is rapidly evolving: "Once
defined as testing human-written software, it has now evolved with AI-generated
code."
How IAM Missteps Cause Data Breaches
Here’s where it gets complicated. Implementing least privilege requires an
application’s requirements specifications to be available on demand with
details of the hierarchy and context behind every interconnected resource.
Developers rarely know exactly which permissions each service needs. For
example to perform a read on an S3 bucket, we also need permissions to list
contents of the S3 bucket. ... This is where we begin to be reactive and apply
tools that scan for misconfigurations. Tools like AWS IAM Access Analyzer or
Google Cloud’s IAM recommender are valuable for identifying risky permissions
or potential overreach. However, if these tools become the primary line of
defense, they can create a false sense of security. Most permission-checking
tools are designed to analyze permissions at a point in time, often flagging
issues after permissions are already in place. This reactive approach means
that misconfigurations are only addressed after they occur, leaving systems
vulnerable until the next scan. ... The solution lies in rethinking the way in
which we wire up these relationships in the first place. Let’s take a look at
two very simple pieces of code that both expose an API with a route to return
a pre-signed URL from a cloud storage bucket.
Explainable AI: A question of evolution?
Inexplicable black boxes lead back to the bewitchment of the Sorting Hat; with
real life tools we need to know how their decisions are made. As for the
human-in-the-loop on whom we are pinning so much, if they are to step in and
override AI decisions the humans better be on more than just speaking terms
with their tools. Explanation is their job description. And it’s where the
tools are used by the state to make decisions about us, our lives, liberty and
livelihoods, that the need for explanation is greatest. Take a policing
example. Whether or not drivers understand them we’ve been rubbing along with
speed cameras for decades. What will AI-enabled road safety tools look and
sound and think like? If they’re on speaking terms with our in-car telematics
they’ll know what we’ve been up to behind the wheel for the last year not just
the last mile. Will they be on speaking terms with juries, courts and public
inquiries, reconstructing events that took place before they were even
invented, together with all the attendant sounds, smells and sensation rather
than just pics and stats? Much depends on the type of AI involved but even
Narrow AI has given the police new reach like remote biometrics.
Rethinking Documentation for Agile Teams
Documentation doesn’t need to be a separate task or deliverable to complete.
During every meeting or asynchronous interaction, you can organically create
documentation by using a virtual whiteboard to take notes, create visuals, and
complete activities. ... Look for tools that can help you build and maintain
your technical documentation with less effort. Modern visual collaboration
solutions like Lucid offer advanced features to streamline documentation.
These solutions can automatically generate various diagrams such as
flowcharts, ERDs, org charts, and UML diagrams directly from your data. Some
even incorporate AI assistance to help build and optimize diagrams. By using
automation, teams can significantly reduce errors commonly associated with the
manual creation of documentation. Another advantage of these platforms is the
ability to link your data sources directly to your documents. This integration
ensures your documentation stays up to date automatically, without requiring
additional effort. What's more, advanced visual collaboration solutions
integrate with project management tools like Jira and Azure DevOps. This
integration allows teams to seamlessly share visuals between their chosen
platforms, saving time and effort in keeping information synchronized across
their environment.
Succeeding with observability in the cloud
The complexity of modern cloud environments amplifies the need for robust
observability. Cloud applications today are built upon microservices, RESTful
APIs, and containers, often spanning multicloud and hybrid architectures. This
interconnectivity and distribution introduce layers of complexity that
traditional monitoring paradigms struggle to capture. Observability addresses
this by utilizing advanced analytics, artificial intelligence, and machine
learning to analyze real-time logs, traces, and metrics, effectively
transforming operational data into actionable insights. One of observability’s
core strengths is its capacity to provide a continuous understanding of system
operations, enabling proactive management instead of waiting for failures to
manifest. Observability empowers teams to identify potential issues before
they escalate, shifting from a reactive troubleshooting stance to a proactive
optimization mindset. This capability is crucial in environments where systems
must scale instantly to accommodate fluctuating demands while maintaining
uninterrupted service.
How to Reduce VDI Costs
The onset of widespread remote work made the strategy much more prevalent,
given that many organizations already had VDI infrastructure and experience.
Due to its architectural design, infrastructure requirements scale more or
less linearly with usage. But that means most organizations are often
upside-down in their VDI investment — given that the costs are significant —
and it seems that both practitioners and users have disdain for the
experience. ... Maintaining VDI can be costly due to the need for patch
management, hardware upgrades and support for end-user issues. An enterprise
browser eliminates maintenance costs associated with traditional VDI systems
because it requires no additional hardware. It also lowers administrative
costs by centralizing controls within the browser, which reduces the need for
multiple security tools and streamlines policy management. ... VDI solutions
and their back-end systems can have substantial licensing fees, including the
VDI platform and any extra licenses for the operating systems and apps used in
VDI sessions. An enterprise browser can reduce the need for VDI by 80% to 90%,
saving money on licensing costs. ... Ensuring secure and compliant endpoint
interactions within a VDI session often requires additional endpoint controls
and management solutions.
Quantum computing: The future just got faster
Quantum computing holds promise for breakthroughs in many different
industries. For example, scientists could use this technology to improve drug
research by remodeling complex molecules and interactions that were previously
computationally prohibitive. Complex optimization problems, like those
encountered in logistics and supply chain management, could see solutions that
drastically reduce costs and improve efficiency. Quantum computers could
revolutionize cryptography by rapidly solving mathematical problems that
underpin current encryption methods, posing both opportunities and significant
security challenges. Sure, logistics and molecular simulations might sound far
off for us regular folks, but there are applications that are right around the
corner. For example, quantum computing could allow marketers to quickly
analyze and process vast amounts of consumer data to identify trends, optimize
ad placements, and tailor campaigns in real-time. While traditional data
analysis might take hours or days to sift through customer preferences, a
quantum computer could potentially complete this analysis in minutes,
providing marketers with insights to adjust strategies almost
instantaneously.
Why AI alone can’t protect you from sophisticated email threats
The battle between AI-based social engineering and AI-powered security
measures is an ongoing one. Sophisticated attackers may develop techniques to
evade AI detection, such as using ever more subtle and contextually accurate
language, but security tools will then adapt to this, putting the pressure
back on the attackers. So while AI-based behavioural analysis is a powerful
tool in the fight against sophisticated social engineering attacks, it is most
effective when used within a multi-layered defence strategy that includes
security awareness training and other security measures. ... Alternative
strategies for CISOs to consider include integrating AI and machine learning
into the email security platform. AI/ML can analyse vast amounts of data in
real time to identify anomalies and malicious patterns and respond
accordingly. Behavioural analytics help detect unusual activities and patterns
that indicate potential threats. ... Ensuring the security of email
communications, especially with the involvement of third-party vendors,
requires a comprehensive approach that is based both on security due diligence
of the partner and effective security tools. Before engaging with any third
party, an organisation should conduct a background check and security
assessment.
Shortsighted CEOs leave CIOs with increasing tech debt
There’s a delicate balance between short- and long-term IT goals. A lot of the
current focus with AI projects is to cut costs and drive efficiencies, but
organizations also need to think about longer-term innovation, says Taylor
Brown, co-founder and COO of Fivetran, vendor of a data management platform.
“Every business, at some scale, is based on the decision of, ‘Do I continue to
invest to make my product better and update it, or do I just keep driving the
revenue that I have out of the product that I have?’” he says. “A lot of
companies face this, and if you want to stay relevant, you want to compete and
invest in innovation.” There are some companies that can probably survive by
not thinking about long-term innovation, but they are few and far between,
Brown says. “If you’re a technology company, then absolutely, you have to
constantly be thinking about innovation, unless you have some crazy lock-in,”
he adds. “In order to win new customers, you have to keep innovating.” Some IT
leaders, however, aren’t convinced about the IBM report’s focus on IT
shortcuts vs. innovation. IT spending is driven more by a desire to enable
business goals, such as growth, and managing risks, including cyberattacks,
says Yvette Kanouff, partner at JC2 Ventures, a tech-focused venture capital
firm.
Musk’s anticipated cost-cutting hacks could weaken American cybersecurity
Although it’s too soon to predict what cybersecurity regulations DOGE might
affect, experts say Musk might, at minimum, seek to strip regulatory power
from agencies that align with some of his business interests, weakening their
cybersecurity requirements or recommended practices in the process. Musk’s
effort dovetails with what experts have already said: there is a high
likelihood that the Trump administration will move to eliminate cybersecurity
regulations. A landmark Supreme Court decision this summer that casts doubt on
the future of all expert agency regulations reinforces this deregulatory
direction. ... Even if Musk and the DOGE effort were to succeed in hacking
back a significant number of regulations, experts say it won’t come easy. “One
doesn’t know how enduring their relationship will be, nor how much of it is
just going to be talk, nor how much opposition there might be in the state
generally,” Tony Yates, former Professor of Economics at Birmingham University
in the UK and a former senior advisor to the Bank of England, tells CSO. “The
US has lots of checks and balances, many of which aren’t working as well as
they used to,” he says. “But they’re still not entirely absent. So, it’s
really hard to predict.”
Quote for the day:
“Success is not so much what we have,
as it is what we are.” -- Jim Rohn
No comments:
Post a Comment