Applying AI to the SDLC: New Ideas and Gotchas! - Leveraging AI to Improve Software Engineering
Summary
TLDRThe presentation explores the parallels between the evolution of navigation technology and today's developments in generative AI within the realm of software engineering. The speaker, Tracy Ben, from the MITRE Corporation, highlights how technology, specifically AI, has become ubiquitous and yet cautions against getting swept up in the hype around it. Tracy suggests that we are at the peak of inflated expectations in the AI lifecycle, where generative AI, while holding groundbreaking potential, comes with limitations and challenges—primarily in terms of security, trust, and integration with existing systems. The discussion delves into the phases of AI development, how it’s reshaping software engineering practices, and the need for rigorous testing and maintaining human oversight in AI processes. Concerns over data silos, the need for platform engineering, and changes in team dynamics with AI agents are addressed. Best practices are encouraged, like version control, testing independence, and avoiding data exposures. The session concludes with a call for organizations to thoughtfully integrate AI by understanding and preparing for its impacts on software engineering.
Takeaways
- 📱 QR codes simplify downloading materials.
- 📍 Technology evolution from maps to AI in navigation.
- 🔍 Current AI technology mirrors digital transition in navigation.
- ⚠️ Peak of inflated AI expectations noted by the speaker.
- 👥 Emphasis on keeping humans in the loop with AI.
- 🛡️ Concerns about AI's traceability and security.
- 🧩 Generative AI is a part of larger AI/ML frameworks.
- 📉 Identification of potential reduced collaboration in software teams.
- 🔧 Best practices include testing independence and security measures.
- 🚀 Encouragement of strategic AI pilot initiatives for organizations.
Timeline
- 00:00:00 - 00:05:00
The speaker begins by discussing the ubiquitous nature of navigation technology, comparing past experiences of using maps to the current use of digital navigation systems like GPS. They draw a parallel between this technological evolution and the current state of AI, emphasizing the importance of AI in software engineering, particularly with the transition to generative AI.
- 00:05:00 - 00:10:00
The speaker comments on the current hype cycle of AI, noting that AI technologies are at their peak of inflated expectations. They discuss the complexities of software engineering, emphasizing the need for understanding different AI types beyond generative AI as tools within the software development lifecycle.
- 00:10:00 - 00:15:00
They highlight that generative AI is non-deterministic, which comes with potential and limitations. The speaker suggests treating AI like a young apprentice, capable but requiring oversight. They also reference the need for humans in the loop, especially to ensure security, traceability, and auditability in software development processes.
- 00:15:00 - 00:20:00
The speaker discusses a survey finding about developers using AI, emphasizing a potential reduction in collaboration due to the use of generative AI tools. They recount a personal story about leveraging AI for requirements analysis, underlining the importance of diverse data sets and rigorous testing with humans in the loop.
- 00:20:00 - 00:25:00
Emphasizing potential privacy issues and hallucinations in AI-generated tests, the speaker warns about the use of AI in code generation, noting the shift from 'code generation' to 'code completion' due to reliability issues. There's a need for independence between generated code and tests to maintain quality.
- 00:25:00 - 00:30:00
They mention studies showing AI-generated code frequently contains security vulnerabilities and highlight the importance of thorough code reviews. Recognizing AI's groundbreaking potential, the speaker insists on having rigorous testing and maintaining human oversight.
- 00:30:00 - 00:35:00
The speaker stresses the importance of infrastructure readiness before embedding AI into workflows, recommending continuous integration practices. They discuss the balance between perceived and actual productivity gains with AI, advocating for team-based productivity measurement.
- 00:35:00 - 00:40:00
Recommended organizational strategies for adopting AI include setting clear governance and performing needs assessments. They stress creating a focused pilot to identify skills required and challenges faced during AI integration, advocating for thoughtful leadership to stay abreast of rapid AI advancements.
- 00:40:00 - 00:50:02
Looking ahead, they foresee increased data silos and slower workflow initially due to AI integration. They suggest focusing on platform engineering to minimize errors and highlight the shift from AI as a tool to AI functioning as integrated agents in the software development lifecycle.
Mind Map
Video Q&A
What is the main topic of the video?
The video discusses the evolution of technology, focusing on the transition to generative AI in software engineering.
How does the speaker describe the current stage of AI development?
The speaker suggests we are at the peak of inflated expectations in the development of generative AI.
What does the speaker compare generative AI to?
The speaker compares generative AI to a young apprentice who is promising yet requires supervision and guidance.
What are some of the concerns raised about generative AI in the video?
Concerns include traceability, auditability, reproducibility, security, and reduced collaboration in software engineering.
How does the speaker propose organizations should engage with generative AI?
By implementing pilots to assess needs, ensuring diverse data sets, maintaining rigorous testing, and always keeping humans in the loop.
What changes does the speaker predict will occur with the use of generative AI in software development?
The speaker predicts more data silos, increased platform engineering needs, and a shift in the structure of teams to incorporate AI agents.
What are some best practices mentioned for using generative AI in software development?
Best practices include maintaining independent code and test generation, thorough code reviews, and securing vulnerabilities.
Does the speaker view current generative AI technology positively or negatively?
The speaker recognizes both the groundbreaking potential and the current limitations and challenges of generative AI.
What is the importance of trust in AI according to the speaker?
Trust is crucial in AI, especially given its non-deterministic nature, requiring more oversight and understanding of its outputs.
What is suggested to avoid while using generative AI tools?
It's suggested to avoid relying solely on AI-generated content without human oversight and not to expose sensitive information to public models.
View more video summaries
Macbeth Act 1 Scene 7 (Part One) | ISC Class 11 | English Explanation | English with Sudhir Sir
Stroll Through the Playlist (a Biology Review)
Macbeth Act 1 Scene 6 - Explanation in English | ISC Class 11 | English with Sudhir Sir | SWS
The Filipino Tribe That Lives Inside a Volcano | The Last Cavemen | Free Documentary
The Goodness—and Dangers—of the Law - Bishop Barron's Sunday Sermon
Physical Quantities And Measurements Class 7 ICSE Physics | Selina Chapter 1 | Volume & Area #1
- 00:00:03[Music]
- 00:00:12good morning everybody thank you for
- 00:00:14coming out this morning Chris thank you
- 00:00:16for the for the warm welcome if you
- 00:00:18could all do me a favor and take out
- 00:00:20your smartphones and point them at the
- 00:00:22QR code and that'll take you to a
- 00:00:24download of today's materials that way
- 00:00:27if you'd like to during the course of
- 00:00:28our chat you don't need take as many
- 00:00:33photos now I got into town over the
- 00:00:35weekend I got in this is my first time
- 00:00:37in London and I've been navigating the
- 00:00:40city and I've been having a fantastic
- 00:00:42time and it really got me thinking about
- 00:00:44something it got me thinking about the
- 00:00:47fact that I could use my phone to get
- 00:00:49anywhere I needed to
- 00:00:53go and it got me to think about how
- 00:00:55ubiquitous it is that we can navigate
- 00:00:58easily anywhere we want to go it's built
- 00:01:01into our cars i road bicycle and I have
- 00:01:04a computer on my road bike and we always
- 00:01:06know where I am you can buy a little
- 00:01:08chip now and you can sew it into the
- 00:01:09back of your children's sweatshirts and
- 00:01:12things and always know where they're at
- 00:01:14so it's really ubiquitous but it didn't
- 00:01:16start out that
- 00:01:18way when I learned to drive I learned to
- 00:01:21drive with a map and as a matter of fact
- 00:01:25I was graded on how
- 00:01:27well I could refold
- 00:01:31the map obviously a skill that I haven't
- 00:01:34worried about since
- 00:01:36then but I was also driving during the
- 00:01:39digital transition when all of that
- 00:01:41amazing cartography information was
- 00:01:44digitized and somebody realized we can
- 00:01:46put a front end on this and we can ask
- 00:01:48people where they're starting where
- 00:01:50they're going and then we can give them
- 00:01:53step by step place to go but they still
- 00:01:55had to print it out and if you happen to
- 00:01:58be the first person who is in the
- 00:02:00passenger seat you got to be the voice
- 00:02:03in 100 m take a left the ramp onto the
- 00:02:09M4 and it wasn't long until we had
- 00:02:12special Hardware now we had a Garmin or
- 00:02:16we had a
- 00:02:17TomTom and it was mixing the cartography
- 00:02:20information it was mix mixing The Voice
- 00:02:23aspect and it was mixing that Hardware
- 00:02:24together and is fantastic now when my
- 00:02:26children started to drive they started
- 00:02:28with a TomTom but I made made them learn
- 00:02:30to read a map because if you can see
- 00:02:32what it says there the signal was
- 00:02:35lost but now it's everywhere it is
- 00:02:38ubiquitous for us in 2008 the iPhone was
- 00:02:42released the iPhone 3G and it had that
- 00:02:46sensor in it and now everywhere that we
- 00:02:48went we have the ability to tell where
- 00:02:51we are we can track our packages we can
- 00:02:53track when the car is coming to pick us
- 00:02:55up we can track all sorts of different
- 00:02:56things we've just begun to expect that
- 00:02:59what does that have to do with AI with
- 00:03:03software
- 00:03:04engineering that's because I believe
- 00:03:06that this is where we're at right now I
- 00:03:09think we're at the digital transition
- 00:03:10when it comes specifically to generative
- 00:03:12Ai and leveraging that to help us to
- 00:03:15build
- 00:03:17software so yes my name is Tracy Ben and
- 00:03:20I go by Trace I like wordclouds uh and I
- 00:03:23am a software architect I am a
- 00:03:25researcher now and that's been something
- 00:03:27newer in my career over the last couple
- 00:03:29of years years I work for a company
- 00:03:31called the miter Corporation we're
- 00:03:33federally funded research and
- 00:03:35development the US government realized
- 00:03:38that they needed help they needed
- 00:03:39technologist they weren't trying to sell
- 00:03:40anything so I get paid to talk straight
- 00:03:43it's kind of
- 00:03:44cool so let's go back in time everybody
- 00:03:472023 where were you when you heard that
- 00:03:50100 million people were using chat
- 00:03:53GPT I don't know I do remember that all
- 00:03:56of a sudden my social feed my emails
- 00:03:59newsletters there's everything said ai
- 00:04:02ai ai right chronic fomo it's almost as
- 00:04:06though you expect to go walking down the
- 00:04:08aisle in the grocery and see AI stickers
- 00:04:12slapped on the milk and on the biscuits
- 00:04:13and on the cereal because obvious it's
- 00:04:15everywhere it's
- 00:04:17everything please don't get swept up in
- 00:04:21the
- 00:04:23hype now I know here at cuon and with
- 00:04:26infoq we prefer to talk about CR
- 00:04:29crossing the chasm but I'm going to use
- 00:04:32the Gartner hype cycle for a
- 00:04:35moment the words are beautiful are we at
- 00:04:38the technology trigger when it comes to
- 00:04:40Ai and software engineering are we at
- 00:04:42the peak of inflated expectations the
- 00:04:45Troth of disillusionment have we started
- 00:04:48up the slope of Enlightenment yet are we
- 00:04:51yet at that plateau of productivity
- 00:04:53where do you think we are it's one of
- 00:04:55the few times that I agree with
- 00:04:57Gardner we are at the peak of inflated
- 00:05:01expectations now granted Gartner is
- 00:05:03often late to the game no offense to
- 00:05:05anybody from Gartner who's here but by
- 00:05:07the time they realize it oftentimes I
- 00:05:08believe that we're further along the
- 00:05:10hype cycle but what's interesting here
- 00:05:12is two to five years to the plateau of
- 00:05:15productivity how many people would agree
- 00:05:17with that based on what I'm seeing based
- 00:05:20on my experience based on Research I
- 00:05:22believe that's
- 00:05:26correct what we do as software
- 00:05:29architects as software Engineers is
- 00:05:31really complex and it's not a straight
- 00:05:34line in any decision that we're making
- 00:05:36we use architectural trade-off I love
- 00:05:38the quote by Grady bch the entire
- 00:05:41history of software engineering is one
- 00:05:42of rising levels of abstraction and
- 00:05:44we've heard about that this week we've
- 00:05:46heard about the discussions of needing
- 00:05:47to have orchestration platforms of many
- 00:05:50many different layers of many many
- 00:05:52different libraries that are necessary
- 00:05:53to abstract and make AI generative Ai
- 00:05:56and specific helpful
- 00:06:00yes I like word clouds I mentioned that
- 00:06:03before I have the luxury of working with
- 00:06:05about 200 of the leading data scientists
- 00:06:09and data engineers in the world so I sat
- 00:06:12down with a couple of them and said I'm
- 00:06:13going to cuon this is the audience how
- 00:06:16would you explain to me all of the
- 00:06:18different types of AI that exist the ml
- 00:06:22universe beyond generative AI boy did we
- 00:06:25draw Frameworks we had slide after slide
- 00:06:27after slide so I came back to it and
- 00:06:30said you know let's take this instead
- 00:06:31like Legos and dump them on the
- 00:06:33table what's important to take away from
- 00:06:36this slide is that generative AI is
- 00:06:39simply one piece of a massive puzzle
- 00:06:42there are many many different types of
- 00:06:44AI many types of ml many different types
- 00:06:46of algorithms that we can and should be
- 00:06:51using so where do you think AI can be
- 00:06:55used within Dev SEC Ops within the
- 00:06:57software development life cycle
- 00:07:01now the next slide I'm going to show you
- 00:07:02is one that's worth coming back to it's
- 00:07:04an ey chart please do download it
- 00:07:07because you're not going to be able to
- 00:07:08read
- 00:07:10it the first time I published this was
- 00:07:13in October of last year and there are at
- 00:07:15least a half a dozen additional areas
- 00:07:17that have been added to that during the
- 00:07:19this time what's important is that
- 00:07:22generative AI is only one piece of the
- 00:07:24puzzle here we've been using AI we've
- 00:07:28been using ml for years and years and
- 00:07:31years how do we get after digital twins
- 00:07:33if we're dealing with cyber physical
- 00:07:35systems we're not simply generating new
- 00:07:38scripts and new codes we're leveraging
- 00:07:40deterministic algorithms for what we
- 00:07:43need to do and remember that generative
- 00:07:45AI is
- 00:07:48non-deterministic with it though it has
- 00:07:51groundbreaking potential generative AI
- 00:07:53in specific groundbreaking potential and
- 00:07:57it has limitations and has challeng
- 00:08:00I love this slide you're going to see
- 00:08:01the slide a couple of times I simply
- 00:08:03love the photo treat generative AI like
- 00:08:07a young apprentice and I don't mean
- 00:08:09somebody who's coming out of college I
- 00:08:11mean that 15-year-old brings a lot of
- 00:08:14energy and you're excited to have them
- 00:08:16there and occasionally they do something
- 00:08:18right and it really makes you happy but
- 00:08:21most of the time you're cocking your
- 00:08:23head to the side and say what the heck
- 00:08:25were you
- 00:08:26thinking we heard that with stories this
- 00:08:29week in the tracks especially around Ai
- 00:08:32and ml so pay close attention pay very
- 00:08:35close
- 00:08:38attention and yes I learned my lesson
- 00:08:41and I do use note cards now I'm going to
- 00:08:44take you back for a moment and just make
- 00:08:45sure that I say to you that this is not
- 00:08:48just my
- 00:08:49opinion this is what the research is
- 00:08:52showing there are service providers who
- 00:08:55have provided AI capabilities who are
- 00:08:57now making sure that they have have all
- 00:08:59kinds of disclaimers and they have all
- 00:09:01kinds of advice for you that they're
- 00:09:02providing guidance that says make sure
- 00:09:04you have humans in the
- 00:09:08loop do you think that generative AI
- 00:09:11contradicts devops
- 00:09:14principles any thoughts on that well I
- 00:09:18will tell you that sort of it does so
- 00:09:21when I think about
- 00:09:22traceability if it's being generated by
- 00:09:24a black box that I don't own that's much
- 00:09:27more difficult how about auditability
- 00:09:29that's part of depths Ops how am I going
- 00:09:32to be able to audit something that I
- 00:09:33don't understand where it came from or
- 00:09:35the provenance for it reproducibility
- 00:09:38anybody ever hit the regenerate button
- 00:09:40does it come back with the same thing
- 00:09:42reproducibility explainability do you
- 00:09:45understand what was just generated and
- 00:09:47handed to you whether it's a test
- 00:09:49whether it's code whether it's script
- 00:09:51whether it's something else do you
- 00:09:53understand and then there's
- 00:09:55security we're going to talk a lot about
- 00:09:57Security today so I'm glad that we are
- 00:09:59having a security track today as well
- 00:10:02there was a survey of over 500
- 00:10:05developers and of those 500
- 00:10:08developers 56% of them are leveraging Ai
- 00:10:11and of that 56% all of them are finding
- 00:10:14security issues in the code completion
- 00:10:16or the code generation that they're
- 00:10:17running into there's also this concept
- 00:10:20of reduced
- 00:10:22collaboration why why would there be
- 00:10:24reduced
- 00:10:25collaboration well if you're spending
- 00:10:28your time talking talking to your GI
- 00:10:31friend and not talking to the person
- 00:10:33beside you you're investing in that
- 00:10:35necessary prompting and chatting it has
- 00:10:37been shown so far to reduce
- 00:10:42collaboration so where are people using
- 00:10:44it today for building software we've
- 00:10:47spent a lot of time this week talking
- 00:10:49about how we can provide it as a
- 00:10:51capability to end users but how are we
- 00:10:53using it to generate software to build
- 00:10:56the capabilities we deliver into
- 00:10:57production well I don't ignore the
- 00:11:01industry or the commercial surveys
- 00:11:03because if you're interviewing or
- 00:11:04surveying hundreds of thousands of
- 00:11:06people even tens of thousands of people
- 00:11:09I'm not going to ignore that as a
- 00:11:10researcher so yes stack Overflow
- 00:11:14friends so
- 00:11:1637,000 developers answered the survey
- 00:11:20and of that 44% right now are attempting
- 00:11:23to use AI for their job 25 additional
- 00:11:28percent said they want to they really
- 00:11:29want to perhaps that's fomo perhaps not
- 00:11:32but what are they using it for of that
- 00:11:3444% that are leveraging it well let me
- 00:11:36read you some
- 00:11:38statistics 82% are attempting to
- 00:11:41generate some kind of code that's a
- 00:11:43pretty high number 48% are debugging
- 00:11:48another 34% documentation love that one
- 00:11:52this is my personal favorite which is
- 00:11:54explaining the code base using it to
- 00:11:57look at language that already exists but
- 00:12:01less than a quarter are using it for
- 00:12:03software
- 00:12:06testing so this is a true story this is
- 00:12:08my story from the January time frame
- 00:12:10about how I was able to leverage with my
- 00:12:12team AI to assist us with requirements
- 00:12:15analysis what we did was we met with our
- 00:12:18uh user base and we got their permission
- 00:12:21I'm going to talk with you I'm going to
- 00:12:23record it we're going to take that
- 00:12:24transcriptions are you okay if I
- 00:12:26leverage a GPT tool to help us and
- 00:12:28analyze it
- 00:12:29the answer was yes we also crowdsourced
- 00:12:32via survey now it was free form by and
- 00:12:35large very little was it rationalized to
- 00:12:37using like or anything uh along that
- 00:12:40line and when we fed all of that in
- 00:12:42through a series of very specific
- 00:12:45prompts we were able to uncover some
- 00:12:47sentiments that were not really as overt
- 00:12:51as we had thought there were other
- 00:12:52things that people were looking for in
- 00:12:54their requirements so when it comes to
- 00:12:56requirements analysis I believe it is
- 00:12:58strong use of the tool because you're
- 00:13:00feeding in your language and you are
- 00:13:02extracting from that it's not generating
- 00:13:04that on its own things to be concerned
- 00:13:08about make sure you put your prompt into
- 00:13:11your version control and don't just put
- 00:13:12the prompt into Version Control but keep
- 00:13:14track of what model or what service that
- 00:13:18you are posting it against because as
- 00:13:19we've heard as we know those different
- 00:13:23prompts react differently with different
- 00:13:25models now why would I talk about
- 00:13:27diverse data sets well the models
- 00:13:31themselves have been proven to have
- 00:13:33issues with bias it's already a leading
- 00:13:36practice for you to make sure that
- 00:13:38you're talking to a diverse User Group
- 00:13:40when you're identifying and pulling
- 00:13:42those requirements out but now you have
- 00:13:44that added need that you have to make
- 00:13:47sure that you are balancing the
- 00:13:49potentiality that the model has a bias
- 00:13:52in it so make sure that your data sets
- 00:13:54make sure that the interviews make sure
- 00:13:55the people you talk to represent a
- 00:13:57diverse set and of course
- 00:13:59rigorous testing humans in the
- 00:14:03loop now I personally like it for test
- 00:14:06cases and there was some research that
- 00:14:08was published in the January time frame
- 00:14:10that made me take pause it said that
- 00:14:12only 42 I'm sorry 47% 47% of
- 00:14:16organizations have automated their
- 00:14:19testing I need you to hear that again
- 00:14:2147% have automated their testing now in
- 00:14:23some of the places where I work where
- 00:14:25there's cyber physical systems when I'm
- 00:14:26working with the military I want it to
- 00:14:28be
- 00:14:29that but that also means that 53% have
- 00:14:33manual testing going on well let's
- 00:14:36realize and let's be okay with the fact
- 00:14:38that there's manual testing going on and
- 00:14:39let's set our QA professionals down in
- 00:14:42front of a chat engine let's make sure
- 00:14:44that they have their functional
- 00:14:46requirements they have their manual test
- 00:14:48cases they have their scenarios that
- 00:14:49they have their user stories that they
- 00:14:51have Journey Maps let them sit down and
- 00:14:53let them go through Chain of Thought
- 00:14:55prompting and allow the GPT to be their
- 00:14:58Muse because you will be surprised how
- 00:15:01well it can really help now back to
- 00:15:04stack
- 00:15:06Overflow
- 00:15:0755% said that they were interested in
- 00:15:10somehow using generative AI specifically
- 00:15:13for testing yet only 3% trust it it
- 00:15:17could be because it is
- 00:15:20non-deterministic now I bring that up
- 00:15:22because you can use um generative AI to
- 00:15:25help you with synthetic test data
- 00:15:27generation
- 00:15:29but it's not always going to give you
- 00:15:31anything that is as accurate as you
- 00:15:33would like and there are some gotas
- 00:15:34we'll come back
- 00:15:36to one of the gotus is privacy if you're
- 00:15:41taking your data elements of your data
- 00:15:43aspects of your data and feeding it into
- 00:15:45anybody else's subscription model if you
- 00:15:48are not self-hosting and owning it
- 00:15:49yourself you could have a data privacy
- 00:15:52concern you could also have issues with
- 00:15:55the Integrity of that data so you have
- 00:15:56to be highly in tune with what's
- 00:15:59happening with your information if
- 00:16:00you're sending it out to a subscription
- 00:16:03service also beware we've talked about
- 00:16:06hallucinations it happens when you
- 00:16:08generate tests as well you can have
- 00:16:10irrelevant tests I've seen it I've
- 00:16:12experienced it it's kind of funny but it
- 00:16:15happens and back to transparency and
- 00:16:19explainability the tests that come
- 00:16:20forward the code that comes forward
- 00:16:23sometimes it's not as helpful as you'd
- 00:16:24like it to
- 00:16:27be so let's talk about about the
- 00:16:29elephant in the
- 00:16:30corner no technical conference would be
- 00:16:33complete without talking about code
- 00:16:35generation
- 00:16:38right
- 00:16:41oh well there we go that was my dramatic
- 00:16:44ad to the day
- 00:16:47um
- 00:16:48so when it comes to coding there's a
- 00:16:53interesting Trend that's happening right
- 00:16:54now major providers are pulling back
- 00:16:57from calling it code generation to
- 00:17:00calling it code completion and that
- 00:17:01should resonate with us that should
- 00:17:04point out to us that something's a foot
- 00:17:06if they're pulling back from saying code
- 00:17:08generation to code
- 00:17:10completion there's a reason for that now
- 00:17:13it is fantastic it is amazing when it
- 00:17:16comes to explaining your existing code
- 00:17:18base now you have to be okay with
- 00:17:20exposing your existing code base to
- 00:17:22whatever that language model is whether
- 00:17:24it's hosted or not and generally the
- 00:17:28code that you get out of this thing will
- 00:17:30be wonderfully structured it will be
- 00:17:32well formatted and occasionally it'll
- 00:17:35work now there's a study from Purdue
- 00:17:39University that has shown that when they
- 00:17:42prompt uh for software engineering
- 00:17:44questions that about 52% of the time the
- 00:17:47answers are
- 00:17:48wrong so that means we're getting
- 00:17:51inaccurate code generated we have to be
- 00:17:54cognizant of it remember this is
- 00:17:56groundbreaking potential this is amazing
- 00:17:59stuff limitations and challenges just go
- 00:18:02in with eyes wide open gang these tools
- 00:18:05can help to generate code what it can't
- 00:18:08do is it can't build software not yet
- 00:18:11not
- 00:18:14yet look at the blue arrow that's what I
- 00:18:17want you to focus on one of three that's
- 00:18:21one of three choices for any one piece
- 00:18:24of code so in this instance I've Seen It
- 00:18:27Go as high as six and you're simply
- 00:18:29asking for a a module a function a small
- 00:18:34tidbit the person that you see there is
- 00:18:37suffering from what we call decision
- 00:18:39fatigue now decision fatigue in the past
- 00:18:42has been studied with medical
- 00:18:43professionals military the Judiciary
- 00:18:47places where people have to make really
- 00:18:49important decisions constantly they're
- 00:18:52under high pressure and their ability to
- 00:18:55make those decisions
- 00:18:57deteriorates in what World should we be
- 00:19:00studying decision fatigue and software
- 00:19:02engineering we shouldn't be in ide help
- 00:19:06can be fantastic when it comes to
- 00:19:09helping you with that blank page
- 00:19:11mentality that we get to it can really
- 00:19:13help with that but I can tell you day in
- 00:19:15and day out it can cause some
- 00:19:17fatigue groundbreaking potential know
- 00:19:20the limitations know the
- 00:19:23challenges some things to be concerned
- 00:19:26about or at least to be aware of
- 00:19:28consideration ations you will see
- 00:19:30unequal productivity gains with the
- 00:19:32different individuals who are using it
- 00:19:34somebody new in career new to the
- 00:19:37organization will have less individual
- 00:19:40productivity gains than somebody who is
- 00:19:42more senior who can look at the code and
- 00:19:44can understand there's a problem I see
- 00:19:48it I see the problem code churn this is
- 00:19:52something that a company named uh git
- 00:19:54clear has been studying on GitHub for
- 00:19:58years
- 00:19:59from
- 00:20:002019 until
- 00:20:022023 the code churn value by industry
- 00:20:06was roughly the same what code churn is
- 00:20:09is I take that code that I've written or
- 00:20:11I've had help writing I check it in I
- 00:20:14then check it out I tinker with it I
- 00:20:16check it in I check it out there's a
- 00:20:17problem with it I check it in I check it
- 00:20:19out code churn in
- 00:20:222024 we are on Pace to double double
- 00:20:26code churn is it cause
- 00:20:29by generation I don't know is there
- 00:20:32correlation I don't know but we are
- 00:20:34going to watch that because that's an
- 00:20:36interesting number to see
- 00:20:38rising and the code is less secure I
- 00:20:41know people don't want to believe that
- 00:20:43it is I'll tell you a personal story
- 00:20:46first second week of March I sat through
- 00:20:49an entire afternoon Workshop I was using
- 00:20:51GitHub co-pilot good tool it has some
- 00:20:54real value we're using Java codebase uh
- 00:20:58and I was able even with what I thought
- 00:21:00was pretty articulate and elegant
- 00:21:02prompting to have oosp top 10 right
- 00:21:06there I had my SQL injection right there
- 00:21:08in front of me unless I very clearly
- 00:21:10articulated don't do this don't do this
- 00:21:12don't do this be aware be aware be aware
- 00:21:16that means that the code is less secure
- 00:21:18by Nature by
- 00:21:21Nature now there was a Stanford study
- 00:21:24that came out and all of the studies all
- 00:21:27of the reports that I mentioned are
- 00:21:29referenced in the bibliography that
- 00:21:31you'll get when you download this by the
- 00:21:33way but that Stanford report clearly
- 00:21:36demonstrated it's a security
- 00:21:38professional's worst
- 00:21:40nightmare we tend to think that it's
- 00:21:43right we tend to overlook it because it
- 00:21:45is well formatted it's it's almost as
- 00:21:47though it has authenticity right it's
- 00:21:50it's speaking to us it looks correct so
- 00:21:52more more issues are sneaking into the
- 00:21:55code so what's that mean we need
- 00:21:58rigorous testing we need humans in the
- 00:22:02loop as a matter of fact now we actually
- 00:22:04need more humans not fewer humans don't
- 00:22:07worry about losing your job there's a
- 00:22:10lot for us to
- 00:22:13do generative AI can be
- 00:22:16unreliable so pay close attention pay
- 00:22:19very close attention you'll notice that
- 00:22:21I'm emphasizing the person who has the
- 00:22:23oversight this
- 00:22:25time so there was a North Carolina State
- 00:22:29University study that came out that said
- 00:22:31that 58% of us when we are doing code
- 00:22:33reviews are now doing what's called
- 00:22:36coping Out means that we only look at
- 00:22:38the
- 00:22:39diffs why does that matter I was talking
- 00:22:43to a team member of mine his name is
- 00:22:44Carlton he's a technical lead has a
- 00:22:47beautiful team um one of his Rockstar
- 00:22:50developers is named Stephen these are
- 00:22:52real people so if you want a social
- 00:22:53engineer and find out who they are you
- 00:22:55can I asked Carlton how do you do code
- 00:22:59reviews for Stephen he said well I pull
- 00:23:02it up I've worked with Steven for five
- 00:23:03years I trust his capabilities I know
- 00:23:07his competencies I only look at the
- 00:23:09diffs it's okay when you have someone
- 00:23:12new in your organization new to your
- 00:23:14team new to to this domain what do you
- 00:23:17do with their code changes well I open
- 00:23:19them up I studied it I make sure that
- 00:23:21they understand what they were doing I
- 00:23:22back out into other pieces of the code I
- 00:23:25really study
- 00:23:27it okay
- 00:23:29so if Stephen starts to use a code
- 00:23:32completion tool or a code generation
- 00:23:34tool and there's pressure on him to get
- 00:23:36something done quickly do you trust him
- 00:23:40with the same amount of trust that you
- 00:23:42had before and Carlton's eyes got pretty
- 00:23:46big I'm going to have to not cop out now
- 00:23:49if you're doing something like par
- 00:23:51programming where you are not
- 00:23:52necessarily doing the code reviews in
- 00:23:53the same way you're going to want to
- 00:23:55rotate Partners more quickly you may
- 00:23:57want to rotate rotate in a domain expert
- 00:24:00at some point consider more frequent
- 00:24:02rotations also think about bringing
- 00:24:05together um individuals who can help you
- 00:24:08with more sass more static analysis with
- 00:24:12all of these it's interesting I think it
- 00:24:14was the end of last week that there was
- 00:24:16an announcement from gitlab I believe um
- 00:24:19this is not in the bibliography I'll
- 00:24:20have to double check this but they've
- 00:24:22purchased a tool they've purchased a
- 00:24:24corporation that provides sast because
- 00:24:26they want to make sure that there's more
- 00:24:27sast scanning going on in in the devops
- 00:24:30pipeline going on in our ability to turn
- 00:24:32out this code because we have to pay
- 00:24:35closer
- 00:24:37attention by the way if you're
- 00:24:39generating code don't generate the tests
- 00:24:42if you're generating the tests don't
- 00:24:44generate the code you need to have that
- 00:24:47independent verification this is just
- 00:24:49smart stuff right this is just smart
- 00:24:52stuff there can be bias and there can be
- 00:24:55blind spots there can also be this
- 00:24:57really interesting condition that I
- 00:24:59learned about maybe six or seven months
- 00:25:01ago called
- 00:25:02overfitting it's when a model is trained
- 00:25:05and there's some noise in the training
- 00:25:07data and it causes it to be hyperfocused
- 00:25:09in one area and what can happen with
- 00:25:12your tests is that they can be
- 00:25:14hyperfocused in one area of your code
- 00:25:16base to the exclusion of other areas
- 00:25:19does that mean to not use generative AI
- 00:25:22tools no it means be aware know the
- 00:25:25limitations prepare for it
- 00:25:29so is your organization ready to use
- 00:25:32generative AI for software engineering
- 00:25:35anybody anybody I don't see a lot of
- 00:25:38hands come on folks all
- 00:25:40right my question to you is is your sdlc
- 00:25:44already in pretty good
- 00:25:46shape if it is hot diggity you might
- 00:25:49want to amplify leveraging generative AI
- 00:25:52but if you have some existing
- 00:25:54problems
- 00:25:56sprinkling some generative AI on top
- 00:25:59it's probably not a good
- 00:26:02idea so let's go back to the basics for
- 00:26:05just a moment when I get parachuted into
- 00:26:08a new organization into a new team one
- 00:26:11of the first questions that I ask is do
- 00:26:13you own your path to production and by
- 00:26:17asking that simple question it gives me
- 00:26:19an entire waterfall of cascading other
- 00:26:22questions to ask if you can't make a
- 00:26:24change and understand quickly how it's
- 00:26:26going to get fielded probably has some
- 00:26:30challenges and that's when I usually
- 00:26:32tell teams that we need to step back and
- 00:26:34start to do the
- 00:26:37minimums in 2021 during the height of
- 00:26:40the lockdowns I attended the devops
- 00:26:42Enterprise Summit with a number of
- 00:26:44different friends it was virtual and you
- 00:26:46if any of you attended there are lots of
- 00:26:48different tools where you could belly up
- 00:26:49to the virtual bar and I bellied up to
- 00:26:52the bar with a friend of mine actually
- 00:26:54someone who introduced me to Chris Swan
- 00:26:56and my friend Brian Finster and n six or
- 00:26:59seven other people were arguing and
- 00:27:01frustrated with one another why is
- 00:27:03everybody telling us that they can't use
- 00:27:06Dev SEC Ops that they can't have a cicd
- 00:27:09pipeline why are there so many dang
- 00:27:11excuses you know what we'll do we're
- 00:27:14going to write down what those minimums
- 00:27:15are and we did so that QR code will take
- 00:27:18you to minimum c.org but you can
- 00:27:20remember that easy enough and it's an
- 00:27:22open source listing we simply are
- 00:27:25maintainers of documentation providing
- 00:27:27people what the minimums are so what are
- 00:27:29the minimums what do you need to do
- 00:27:32before you start sprinkling AI on
- 00:27:34top make sure you're practicing
- 00:27:37continuous integration that means don't
- 00:27:39leave the code on your desktop overnight
- 00:27:42tell the people on your team don't leave
- 00:27:44the code outside the repository check it
- 00:27:46in and if it's not done that's okay put
- 00:27:49a flag around it put a feature flag
- 00:27:51around it so that if it does flow
- 00:27:52forward it's not going to cause a
- 00:27:54problem once you check that code in how
- 00:27:58does it get into production the pipeline
- 00:28:01the pipeline determines deployability it
- 00:28:05determines releasability and how does
- 00:28:08that magical pipeline do that because we
- 00:28:11as humans sat down and decided what our
- 00:28:14thresholds were for
- 00:28:15deployability and then we codified it
- 00:28:18into that
- 00:28:19pipeline what else is involved once that
- 00:28:23code becomes an electronic asset it's
- 00:28:26immutable humans don't touch it again
- 00:28:28you don't touch the environments you
- 00:28:30don't touch anything stop touching
- 00:28:32things let the pipeline take care of it
- 00:28:35that's a big piece of Dev SEC Ops
- 00:28:37principles and it matters and it helps
- 00:28:41you also whenever you're doing any kind
- 00:28:42of testing you want any of the other
- 00:28:44environments that you're leveraging to
- 00:28:46be at what's called parody parody to
- 00:28:48production because I can give you a lot
- 00:28:50of stories we'll share drinks tonight
- 00:28:53and I'll tell you about having
- 00:28:54environments that were not identical
- 00:28:58a thing that you can do to get started
- 00:29:00is to take a look at the DOR metrics
- 00:29:02pick one you don't have to pick four
- 00:29:04don't bite off more than you can Sho
- 00:29:06pick one deployment frequency is not a
- 00:29:07bad place to start that QR code will
- 00:29:09take you to the research site and when
- 00:29:12you're there you can also find another
- 00:29:14tool that it's a quick survey I think
- 00:29:16it's four or five questions that'll help
- 00:29:18you decide which of those metrics to
- 00:29:20start to track don't you love this
- 00:29:22picture I just love this
- 00:29:25picture let's talk about the gotas as
- 00:29:27we're going for forward
- 00:29:30gang if you're adding generative AI into
- 00:29:33your workflow your workflow is going to
- 00:29:36change that means your measurements and
- 00:29:38your metrics are going to change so if
- 00:29:40you have people who are really paying
- 00:29:41attention and looking at your metrics
- 00:29:43and studying your measurements let them
- 00:29:45know that things are going to waver and
- 00:29:47that you're going to have to train some
- 00:29:49folks and be aware that if you're
- 00:29:52processes were in okay shape people have
- 00:29:55what I call muscle memory sometimes
- 00:29:57they're resistant to to change does that
- 00:29:59mean to not do it no it just means some
- 00:30:01things to be aware
- 00:30:03of let's talk about productivity this
- 00:30:06drives me frakin
- 00:30:07batty because it's perceived
- 00:30:10productivity that the surveys that the
- 00:30:12current research that the current
- 00:30:15advertisements are all talking about you
- 00:30:17are going to have greater productivity
- 00:30:18you are going to have greater
- 00:30:20productivity personal
- 00:30:22productivity it's perceived at this
- 00:30:24point by and large that productivity is
- 00:30:26a perceived gain it means I'm excited I
- 00:30:29got a new tool this is really cool this
- 00:30:32is going to be great it doesn't
- 00:30:34necessarily mean that I'm dealing with
- 00:30:36higher order issues that I am putting
- 00:30:38features out at a faster Pace with
- 00:30:40higher quality doesn't necessarily mean
- 00:30:42that at all it means I perceive it we
- 00:30:44have to give time for there to be
- 00:30:45equalizing of the perceived gain to real
- 00:30:48gain but that leads to a really much
- 00:30:51bigger
- 00:30:52thing we measure team productivity not
- 00:30:55individual productivity it's how well
- 00:30:58does a team put software into production
- 00:31:00right it's not how fast does Tracy do it
- 00:31:03alone it's how fast do we do it as a
- 00:31:06team now if you're measuring
- 00:31:08productivity and you should think about
- 00:31:10it I recommend using Dr Nicole
- 00:31:13forsen's um framework this came out
- 00:31:16around 2021 with a number of other
- 00:31:19researchers from Microsoft what's
- 00:31:20important is that you see all those
- 00:31:22human elements that are there
- 00:31:24satisfaction we actually need to
- 00:31:26understand if people feel satis Saied
- 00:31:28with what they're doing to understand
- 00:31:29their productivity now I met with Nicole
- 00:31:31about three weeks ago and we're talking
- 00:31:32about adding in uh another dimension
- 00:31:36kind of throws off the whole Space
- 00:31:37analogy there but we're talking about
- 00:31:40adding in
- 00:31:41trust why does trust
- 00:31:44matter if I'm using traditional
- 00:31:47traditional Ai and ML and it's
- 00:31:50deterministic I can really understand
- 00:31:53and I can recreate algorithmically
- 00:31:56repetitively again and again and again
- 00:31:59that same value so think about a heads
- 00:32:01up display for a pilot I want them to
- 00:32:05trust what the AI or the ml algorithm
- 00:32:09has has given them and I do that by
- 00:32:11proving to them again and again and
- 00:32:13again that it will be identical that is
- 00:32:15the altitude that is a mountain you
- 00:32:17should turn
- 00:32:19left generative AI is by its nature
- 00:32:23non-deterministic it lies to you so
- 00:32:26should you trust it so we have to
- 00:32:29understand as things change as we start
- 00:32:32to use generative AI we have to
- 00:32:33understand are we going to be able to
- 00:32:35trust it and that's going to give people
- 00:32:37angst and we're already seeing some
- 00:32:38beginnings of that so we're going to
- 00:32:40have to understand how do we measure
- 00:32:41productivity going forward can't tell
- 00:32:44you 100% how that's going to happen
- 00:32:47yet the importance of
- 00:32:49context I love this library because this
- 00:32:52represents your code base this
- 00:32:54represents your IP this represents all
- 00:32:57the things that you need to be willing
- 00:32:59to give over access to a
- 00:33:02model if you own the model if it's
- 00:33:05hosted in your organization that's a
- 00:33:06whole lot different than if you decided
- 00:33:08to use a subscription service I'm not
- 00:33:11telling you to not use subscription
- 00:33:13Services what I'm telling you is to go
- 00:33:15in eyes wide open and make sure that
- 00:33:17your organization is okay with things
- 00:33:20crossing your boundary I deal a lot with
- 00:33:22infosec organizations and we talk about
- 00:33:24the information flow and if all of a
- 00:33:26sudden I say yeah I'm just going to take
- 00:33:27code base to provide as much context as
- 00:33:30possible and shoot it out the door you
- 00:33:32guys don't mind do you they
- 00:33:36mind now this is not to poke an eye in
- 00:33:40sneak I love sneak I love their tools
- 00:33:43but I want you to to take away from this
- 00:33:45is read the
- 00:33:47popups read the end user licensing
- 00:33:50agreements read them when I saw this for
- 00:33:53just a moment I went well how do I flush
- 00:33:56the cash
- 00:33:58now it happened to be that I was using
- 00:34:00some training information actual
- 00:34:02Workshop code but if it had been
- 00:34:05something of greater value I would have
- 00:34:08taken pause so read read those things
- 00:34:11read the popups be
- 00:34:14aware oh Public Service
- 00:34:17Announcement keep the humans in the
- 00:34:23loop so we're going to talk about how we
- 00:34:25add AI to the Enterprise the next slide
- 00:34:27SL might be worthy of coming back
- 00:34:30to how do you add AI Strat to your
- 00:34:33strategy or how do you create an AI
- 00:34:36strategy doesn't matter if you're an
- 00:34:38organization that has two people it
- 00:34:40doesn't matter if you're an organization
- 00:34:41with 200 or 2,000 or 20,000 people you
- 00:34:45may already have a data strategy what
- 00:34:47matters is that you do A needs
- 00:34:49assessment don't roll your eyes I saw
- 00:34:52that by the
- 00:34:53way what matters is that you get some
- 00:34:56people together perhaps just sit around
- 00:34:58the table with some Post-it notes and
- 00:35:00you talk about what might be a valuable
- 00:35:03place to leverage this make a decision
- 00:35:06it's not everything at all times not
- 00:35:08automatically scaling which takes me to
- 00:35:10the second Point Define a pilot make
- 00:35:13sure you have a limited focused pilot so
- 00:35:16you can try these things out what I'm
- 00:35:18telling you is that this has what
- 00:35:20groundbreaking potential groundbreaking
- 00:35:23potential and there are limitations and
- 00:35:26there are challenges when you're going
- 00:35:28through that pilot it's going to help
- 00:35:29you to understand the different types of
- 00:35:31skills that you're going to need in your
- 00:35:33organization or if you're going to need
- 00:35:34to hire more people or if you're going
- 00:35:36to need to bring more people
- 00:35:39in it'll also help you get after those
- 00:35:41first couple of tranches of governance
- 00:35:43and hopefully your governance is don't
- 00:35:45do it no your governance needs to be
- 00:35:47relevant and relative to what you are
- 00:35:49attempting to do monitoring and feedback
- 00:35:53loops always important but I want to
- 00:35:56point out the bottom bullet this that's
- 00:35:57here may seem a little strange to you
- 00:36:01why am I telling you that you have to
- 00:36:02have thought leadership as part of your
- 00:36:04AI strategy I'm not talking about
- 00:36:06sending your people to get up on stage
- 00:36:08I'm not talking about writing white
- 00:36:10papers what I'm telling you is to make
- 00:36:12sure that in your organization that you
- 00:36:14give dedicated time to more than one
- 00:36:17person to stay AB breast and help your
- 00:36:19organization to stay on top of what's
- 00:36:21happening because it's a tital wave
- 00:36:23right now isn't it I I some days don't
- 00:36:26even like to turn on my phone or read
- 00:36:28any of my feeds because I know what it's
- 00:36:30going to say another automated picture
- 00:36:32generated from Dolly yeah too much too
- 00:36:37much choose when and where to start how
- 00:36:43map it to a business need map it to a
- 00:36:46need make sure it's relevant and if your
- 00:36:49need is that you need to get some
- 00:36:51experience that's fine make a decision
- 00:36:55write it down architectural decision
- 00:36:57records
- 00:36:59and then make sure that you have some
- 00:37:01measurements against
- 00:37:04it all right time to design your AI
- 00:37:08assisted software engineering tool
- 00:37:12chain why is it that suddenly we've
- 00:37:15forgotten about all of the software
- 00:37:17architectural principles capabilities
- 00:37:20and things that we've been doing for
- 00:37:21decades why have we suddenly forgotten
- 00:37:24about trade-off analysis about the illes
- 00:37:27when you're designing your tool chain
- 00:37:30apply that same lens is it more relevant
- 00:37:34for you to take something that's off the
- 00:37:36shelf because you need time to Market
- 00:37:38what are my trade-offs well it may be
- 00:37:41faster it'll be less tailored to my
- 00:37:43exact domain need and it may be less
- 00:37:46secure but that may be a choice that we
- 00:37:49make it could be that I have the time
- 00:37:52energy finances abilities to do the
- 00:37:55tailoring myself maybe I in stti a model
- 00:37:58internally maybe I have an external
- 00:38:00service but I have a rag internally lots
- 00:38:02of different variations but make those
- 00:38:03choices let's not forget about all the
- 00:38:06things that we've known about for all
- 00:38:07these
- 00:38:11years leading practices got to have a
- 00:38:14leading practi this slide I want to
- 00:38:16point out that we need to keep humans in
- 00:38:18the loop someone had an an HL I'm going
- 00:38:22to start to hashtag that you're going to
- 00:38:23get sick of it if any of you if any of
- 00:38:25us are connected online make sure that
- 00:38:28everything everything everything is in
- 00:38:31source code the
- 00:38:33prompts the model numbers and names that
- 00:38:35you're using it against secure your
- 00:38:37vulnerabilities and don't provide your
- 00:38:41private information into public models
- 00:38:43into public
- 00:38:46engines I love this picture it's another
- 00:38:48one that I love because it makes me take
- 00:38:50pause sky is on a tight rope he's
- 00:38:53walking between mountains take a look at
- 00:38:54that and he's mitigated his risk he has
- 00:38:57tethers so is he doing something
- 00:39:00dangerous yeah but that's okay because
- 00:39:03he's mitigating that I need you to think
- 00:39:05about 2023 as a year where we really
- 00:39:08didn't have a lot of good
- 00:39:09regulation it's coming about we're
- 00:39:12seeing that regulation catch up but
- 00:39:14there are challenges with IP it can be
- 00:39:17that a model was trained with public
- 00:39:19information and so you actually don't
- 00:39:21own the copyright to the things that
- 00:39:23you're generating because it track back
- 00:39:26from a lineage persp perspective is
- 00:39:27something somebody else owned or
- 00:39:30worse when You' sent it out the door
- 00:39:33even if it hasn't been used to directly
- 00:39:35train a model let's say that they are
- 00:39:37keeping on your behalf all of your
- 00:39:39conversation threads and that they're
- 00:39:41analyzing those conversation threads and
- 00:39:43that they're taking IP from that you can
- 00:39:46lose ownership of your IP in the US we
- 00:39:49have copyright law and our copyright law
- 00:39:52says that a human hand must have touched
- 00:39:54it it means I have to be really careful
- 00:39:56doesn't it when it comes comes to
- 00:39:57generate
- 00:40:00code so what questions should you be
- 00:40:03asking to your
- 00:40:05providers or if you are the people who
- 00:40:08are providing that service to your
- 00:40:11Enterprise in the appendix for this
- 00:40:14there are two different sheets of
- 00:40:16different types of questions that I want
- 00:40:18you to take home and I want you to
- 00:40:20leverage I'll give you one or two as a
- 00:40:22as a
- 00:40:23snippet one how are you ensuring that
- 00:40:27the model is not creating malicious
- 00:40:31vulnerabilities how are you what are the
- 00:40:33guardrails that you have in place if I'm
- 00:40:35using your model or if you're providing
- 00:40:38that model how are you ensuring that
- 00:40:41that's not happening if there's an issue
- 00:40:43with the model and the model needs to be
- 00:40:45changed how are you going to notify me
- 00:40:47so that I can understand what the
- 00:40:49ramifications are to my value chain to
- 00:40:52my value stream questions to ask peeps
- 00:40:58so let's look
- 00:41:00ahead not going to go into this slide in
- 00:41:02detail because it covers generative AI
- 00:41:05it covers regular AI it covers ml what's
- 00:41:09important to know is that red arrow
- 00:41:10where are we we're at the peak of
- 00:41:13inflated expectations we absolutely are
- 00:41:16I completely believe that and I'm sure
- 00:41:19all of your Social feeds tell you that
- 00:41:20as
- 00:41:21well AI Ops is on the rise other places
- 00:41:25other types of AI and ml will continue
- 00:41:28to improve so we're at the beginning of
- 00:41:31generative AI but we're well on the way
- 00:41:34with the
- 00:41:36others what do you think it looks like
- 00:41:38over the next 12 to 24
- 00:41:42months recently I've had the opportunity
- 00:41:44to interview folks from Microsoft from
- 00:41:47it Revolution from Yahoo from the
- 00:41:50software engineering Institute and even
- 00:41:52some of my colleagues within miter
- 00:41:55Corporation what we believe what what
- 00:41:57we're seeing is going to happen is
- 00:41:59happening now is that we're seeing more
- 00:42:01data silos because each one of those
- 00:42:04areas where a different AI tool is being
- 00:42:07leveraged is a conversation between me
- 00:42:09and that tool you and I are not sharing
- 00:42:13session so we're not having the same
- 00:42:16experience especially with those
- 00:42:17generative AI tools so for right now for
- 00:42:20now for this moment more data silos data
- 00:42:23silos mean slower flow slower flow often
- 00:42:26means me more quality issues it's going
- 00:42:28to get worse before it gets better and
- 00:42:32it's groundbreaking potential that we
- 00:42:34need to know the limitations and the
- 00:42:36risks
- 00:42:39for there's an entire track today about
- 00:42:42platform engineering I'm going to foot
- 00:42:44stomp that there is going to be a
- 00:42:46continued increase for the need because
- 00:42:48what are platforms for whether it's low
- 00:42:50code no code or the new kit on the Block
- 00:42:53that we're doing it for our custom
- 00:42:55developers it's making it hard hard for
- 00:42:57people to make mistakes it's codifying
- 00:42:59leading practices this is going to
- 00:43:00continue to increase if you have a
- 00:43:02chance to go to today's track I strongly
- 00:43:05suggest
- 00:43:06it what about this guy what about this
- 00:43:10guy any of you with adult children who
- 00:43:12are going to send them off to coding
- 00:43:14boot
- 00:43:15camp Jensen Hong would say do not do
- 00:43:20that the
- 00:43:22pessimists are saying that AI will
- 00:43:27replace the coder the optimists are
- 00:43:31saying that those who are qualified
- 00:43:34software Engineers software developers
- 00:43:37will be in a great place so I want you
- 00:43:39to hear the nuances that are there if
- 00:43:42you're good at your craft if you
- 00:43:45understand the principles if you're able
- 00:43:46to leverage those principles if you're
- 00:43:48able to teach others you'll be
- 00:43:52fine what about Devon have you heard
- 00:43:54about Devon or have you followed open AI
- 00:43:58open Devon that came out about three
- 00:44:00days after Devon was announced it's kind
- 00:44:02of fun to watch it you see a little
- 00:44:04video there think there's six videos on
- 00:44:06the site and it is saying that this is
- 00:44:08an AI software engineer and what they've
- 00:44:10done is a form of AI swarming they have
- 00:44:12different agents that are plugged in
- 00:44:14where one is triggering one is reacting
- 00:44:16to it there are different patterns one
- 00:44:18is a coder critic pattern it's
- 00:44:20essentially those
- 00:44:22patterns we're going to see ai go from
- 00:44:25being a tool that we independently and
- 00:44:27individually use to agents that are
- 00:44:30plugged into our sdlc and when they get
- 00:44:33plugged into our sdlc we're going to
- 00:44:36have to be cognizant of what that does
- 00:44:38to the humans in the mix we're going to
- 00:44:39give them very defined small roles so
- 00:44:41you may have somebody on your team that
- 00:44:44is a a gen AI not a Gen X not a gen Z
- 00:44:49gen
- 00:44:51AI I want to pause for a moment guys I
- 00:44:54want to take you back to 1939
- 00:44:579 what's that have to do with
- 00:45:00software it has to do with black and
- 00:45:02white 1939 was when the Wizard of Oz was
- 00:45:06filmed and it started out as black and
- 00:45:08white and I don't know if there's
- 00:45:10there's anybody here who hasn't seen it
- 00:45:13go watch
- 00:45:14it Dorothy's house is picked up by a
- 00:45:18tornado and it is cast Over the Rainbow
- 00:45:21and it lands in Oz smashes the Wicked
- 00:45:25Witch and
- 00:45:27she opens the door and as she opens the
- 00:45:30door she looks out at things that she
- 00:45:33has never seen before munchkins flying
- 00:45:37monkeys an Emerald City all in beautiful
- 00:45:41Technicolor and do you know where we
- 00:45:44are same Technic color my friends the
- 00:45:48future is amazing what we're going to do
- 00:45:52will be
- 00:45:53amazing but we're going to need to
- 00:45:55optimize differently
- 00:45:57right now our software practices are
- 00:45:59optimized for humans I limit work in
- 00:46:02progress why because I'm a human agile I
- 00:46:06take one user story at a time why
- 00:46:08because I'm human we're worried about
- 00:46:10cognitive overload why because we're
- 00:46:13humans it's not negative it's just a
- 00:46:15fact that we finally learned to optimize
- 00:46:17for the humans so as we go from having
- 00:46:20AI agents to having more
- 00:46:23capable team members or perhaps teams
- 00:46:26than that are made up of many different
- 00:46:29generative AI agents we're going to have
- 00:46:31to figure out how do we optimize and who
- 00:46:34who do we optimize for exciting damn
- 00:46:38exciting stuff guys damn exciting stuff
- 00:46:41but I'm going to take you from
- 00:46:41Technicolor back to where we are right
- 00:46:45now I like to say we cannot put the
- 00:46:49genie back in the
- 00:46:51bottle prompt engineering we need to
- 00:46:54understand it as a discipline we need to
- 00:46:56understand ethics of prompts who owns
- 00:46:58the generated outcomes machine human
- 00:47:01teaming we need to understand all this
- 00:47:03what about software team performance
- 00:47:05trust and reliability but why am i
- 00:47:07showing you a horse's
- 00:47:09backside
- 00:47:11well because a friend of mine named
- 00:47:13Lonnie Rosales hails from the great
- 00:47:15state of
- 00:47:17Texas and she said Trace you can
- 00:47:20actually trick the genie back into the
- 00:47:23bottle but you can't put the Poo back in
- 00:47:26the horse
- 00:47:28now she's from the great state of Texas
- 00:47:30and I can tell you that the word that
- 00:47:31she used was not
- 00:47:33poo but I want you to take that with you
- 00:47:36we cannot go back ever ever ever to
- 00:47:40where we were we cannot go back to where
- 00:47:42we were that's okay we can go into it
- 00:47:45Eyes Wide Open understanding the
- 00:47:47challenges and the limits that are there
- 00:47:48and working together to figure these
- 00:47:50things
- 00:47:51out your call to
- 00:47:54action go back and pulse your
- 00:47:56organization
- 00:47:57find out where the shadow gen is being
- 00:48:00used the shadow AI is being used bring
- 00:48:03it to the surface don't shame people
- 00:48:05understand how they're using it and then
- 00:48:07enable them to do the kinds of research
- 00:48:10or if they bring forward a need that you
- 00:48:12help them with that need make sure you
- 00:48:15are looking at cyber security as your
- 00:48:17Numero Uno issue number one number one
- 00:48:21establish your guard rails then connect
- 00:48:24with your providers use those questions
- 00:48:26or be ready to answer those questions if
- 00:48:29you are the provider of generative AI
- 00:48:31capabilities to your
- 00:48:33organization now that's your call to
- 00:48:36action but I need something from all of
- 00:48:38you you're actually the missing piece of
- 00:48:41my puzzle as a researcher I want to
- 00:48:45understand how are you using generative
- 00:48:48AI how is your organization preparing
- 00:48:51how are you personally focusing on
- 00:48:54getting ready for this what are you
- 00:48:55doing I'm going to be going down to the
- 00:48:58second floor after this and I would love
- 00:49:01if anybody wants to swing by and have a
- 00:49:03chat on what you're doing share your
- 00:49:05organization's Lessons Learned tell me
- 00:49:08about your stories tell me about the
- 00:49:09challenges that you have or tell me
- 00:49:11about the things that you want to learn
- 00:49:12about because you haven't gotten there
- 00:49:16yet by the
- 00:49:18way this is in color what matters in all
- 00:49:22of this is the humans we've talked about
- 00:49:24it all week this is what matters
- 00:49:27matters grab that QR code that'll take
- 00:49:30you to a download of today's materials
- 00:49:33it'll take you to the bibliography as
- 00:49:35well as that Continuum
- 00:49:37slide and I've been asked to pop this up
- 00:49:40and ask you to vote uh and provide
- 00:49:42feedback thank you guys very much
- 00:49:46[Applause]
- 00:49:54[Music]
- Generative AI
- Software Engineering
- AI Challenges
- Technology Evolution
- Digital Transition
- Trust in AI
- AI Hype Cycle
- AI Implementation
- IT Strategy
- Data Silos