A reality television show that takes place on the dark web probably wouldn’t get picked up by any major television network. Fortunately, one Secureworks researcher gave the world a taste of what raw, unscripted moments look like on the underground forums.

For the past six months, Rebecca Taylor, threat intelligence knowledge manager of Secureworks’ counter threat unit, has been taking the phrase “keep your friends close and your enemies closer” literally as she monitored what goes on within the internet’s underbelly.

Like many, Taylor envisioned the dark web to be “murky” and “cruel” environments filled with “consistently malicious” individuals. However, to her surprise, she soon learned that underground forums often serve as a “safe space” for malicious actors.

“It’s their version of a coffee shop for chats and conversations with like-minded people,” Taylor said during a live presentation at Secureworks’ annual Global Threat Intelligence Summit.

Read the rest here.—BM

There’s a gap between expectations, experience, and metrics when it comes to AI code assistants, according to a recent study by engineering intel firm Uplevel.

Previous surveys have shown both high expectations and satisfaction with code assistants. Stack Overflow’s 2024 developer survey found 76% of respondents were already using or planned to use AI code assistants. A separate GitHub survey found nearly all developers have at least tried AI, and 73% of those in the US were optimistic it could help them better meet customer requirements. Surveys have also shown high rates of developer satisfaction with AI tools.

Uplevel took a sample of nearly 800 developers using its metrics-tracking platform, of whom around 350 were using GitHub Copilot. They then compared them to the control group on “objective metrics” like cycle time, pull request (PR) cycle time, bugs detected during review, and extended working hours.

Copilot didn’t actually help much if at all on any of these metrics, according to the study. On efficiency metrics, Uplevel found Copilot had little impact on the developers in the sample and didn’t increase coding speed. While there were statistically significant effects in some areas, Uplevel called them “inconsequential to engineering outcomes, e.g., cycle time decreased by 1.7 minutes.”

More ominously: The rate of detected bugs rose 41%. According to Matt Hoffman, product manager and data analyst at Uplevel, that’s just those bugs caught in production—there’s not enough data to determine the total impact on product defects.

Read more here.—TM

As a former PMO lead, Olivia Montgomery learned the art of “endless, endless conversations.”

A PMO, or project management office, creates the standards, documentation, and metrics for achieving company priorities—often IT ones, like the deployment of new software.

Montgomery, now associate principal analyst at Gartner-owned Capterra, sees the PMO position typically as a neutral one that sits in IT, reporting to a CTO, acting as a liaison “between what operations needs, what finance and accounting has, and what IT can provide.”

And that means a lot of conversation.

Let’s say the business wants a new enterprise resource planning (ERP) software. Montgomery walked us through the early conversations and questions.

• The talks may begin with the software requester: What problems are you trying to solve?
• Then, they may head to IT: Can your infrastructure team support a tool? And at what cost?
• Next, to the front-line managers and users: How would this new system impact your and your team’s day-to-day operations? How much training would be involved? “Because sometimes there is a disconnect between the end users and C-suite,” Montgomery told IT Brew.
• And the PMO must communicate the technical requirements, change management challenges, and business goals throughout the organization.

Montgomery spoke with IT Brew about her PMO days and how to ensure a business’s new software plan isn’t just all talk.

Keep reading here.—BH