Software development is going through something of a revolution due to the rising importance of AI—as with any revolution, risk isn’t far behind.

Generative AI in particular has become a focal point for developers. The technology’s ability to be deployed for testing software makes it “a Swiss Army knife for tech,” Cars24 VP of Engineering Deepak Gupta wrote for Forbes in July.

Trusted tool. That Swiss Army knife usage of generative AI is most clearly shown in the software engineering testing process, BlinqIO co-founder and CEO Tal Barmeir told IT Brew. Developing code can lead to bottlenecks because of the need for testing—automating as much of that process as possible can lead to a quicker and more efficient software supply chain. AI test engineers, with human oversight, allow for a better testing regime, Barmeir said.

“There is a human in the loop just to oversee stuff—similar to if you had employees that would write the code, you’d have a manager that would sort of code review it before it’s submitted into the main testing process,” Barmeir said. “But basically, all the work is done by the AI test engineers.”

BlinqIO isn’t the only company deploying generative AI for software testing. In March, DataCebo—a company started at MIT—said its Synthetic Data Vault is helping to utilize generative AI for software testing by bringing its data to bear on the process.

Read the rest here.—EH

The Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies that they must remove or update an Ivanti appliance that is vulnerable to remote-code execution.

According to an advisory by Ivanti, it has issued a patch for the company’s Cloud Service Appliance (CSA) version 4.6 after discovering an OS command injection vulnerability that would allow a remote, authenticated attacker to run code on a device utilizing the CSA. The bug’s assigned code is CVE-2024-8190.

The advisory warned that CSA 4.6 has reached end of life and will no longer receive new patches and customers should upgrade to the 5.0 version of CSA. Threat actors have been taking advantage of the exploit since at least September 13, according to Ivanti.

“This is the last fix that Ivanti will backport for this version,” the advisory stated, adding that “CSA 5.0 is the only supported version and does not contain this vulnerability.”

In a bulletin, CISA staff wrote the agency had added CVE-2024-8190 to its Known Exploited Vulnerabilities (KEV) catalog, a federal database that compiles documented security flaws in software products. Executive orders issued under the Biden administration require most executive branch agencies (known as Federal Civilian Executive Branch [FECB] agencies) to remediate flaws on the list.

Read more here.—TM

Security teams say they feel stuck between a rock and a hard place when it comes to patrolling AI-powered developers. Lucky for them, several security experts say these feelings are just temporary.

The relationship between cybersecurity teams and software developers continues to mimic that of a worried parent and a rebellious teenager as developers leverage AI in their roles. According to a new report from Venafi that surveyed 800 security leaders from four different countries, about 66% of security decision-makers say it is impossible for their teams to keep up with AI-powered developers, despite concerns such as a dependency on AI leading to lower standards being top of mind. Almost three-quarters (72%) said they felt like they had no choice but to allow developers to use AI to remain competitive.

Been there, done that. Venafi Chief Innovation Officer Kevin Bocek told IT Brew that this love-hate dynamic between security teams and AI-powered developers is a familiar story, drawing parallels with security teams’ initial reactions toward cloud computing.

“Developers were excited about it. CIOs were excited about it. CTOs were excited about it, and it took time for security teams to be comfortable,” said Bocek, adding that the industry now has a “plethora” of security controls that protect data, applications, and compute networking years later.

Fortunately, Bocek said that security teams can look toward the widespread adoption of cloud computing as a “blueprint” to solve this “age-old problem” and take a strategic approach to implementing security protocols.

Keep reading here.—BM

$9m is the average cost of data loss. But it doesn’t end there. Data loss leads to costly downtime and wasted developer cycles, too. That’s why you need to protect your data with a third-party backup and recovery platform like Rewind for your SaaS applications, including Jira, Confluence, GitHub, and more. Start a free trial.