Virtualization Technology News and Information
Article
RSS
Sonar 2024 Predictions: 6 Experts on the Future of Coding in the Age of AI

vmblog-predictions-2024 

Industry executives and experts share their predictions for 2024.  Read them in this 16th annual VMblog.com series exclusive.

6 Experts on the Future of Coding in the Age of AI

In the world of software development, generative AI could very well spur 2024's biggest opportunities -- and issues. As GenAI hits the mainstream, it has led to the emergence of new tools to support developers. However, AI is writing code for speed, not quality, which exacerbates the risks of bad code, including tech debt and security issues.

At Sonar, the industry-leading solution for Clean Code, we collected perspectives from our developer advocates and our R&D team to hear from them about the software development trends they expect to surface in 2024, with particular attention to the impacts of AI, both positive and negative:

++

Johannes Dahse, Head of R&D

More Supply Chain Attacks on Code Call for Better Software Security Measures: "A growing list of supply chain attacks make them a hot topic for development organizations today. There's an underlying design issue exploited by these attacks and it is that all modern software is built on top of other third-party software components, often without clear visibility on the code quality of all the downloaded packages. A single code vulnerability introduced by a library can be used for large-scale attacks against multiple softwares using this library.

Because the main code of popular open source software becomes well-reviewed and tested, attackers will focus more on finding previously unknown code vulnerabilities hidden in widely-used but lesser-known open source libraries. It's a very effective and subtle attack vector to compromise many organizations at once. In tandem with the risk and threats, the importance of a deeper code analysis will grow that also covers the code of libraries."

++

Jonathan Vila, Developer Advocate

  • AI-Generated code growth: As LLMs are going to be more accessible and diverse, more generative AI code tools with integrations with specific or more focused libraries will appear. I see more development regarding test generators, UI generators, integration plumbing generators, where users with natural prompting will be able to get the necessary code, aligned (or not) with the current user's code base.
  • Low Code - No Code growth: 2024 will experience a growth on low code - no code platforms that can create applications or services without the need of programming skills. This can allow creating a bond between teams that know what the business needs by removing the translation and misunderstanding when sending those requirements to the development teams.
  • Java is not going to die (again): It's always been the rumor or joke that Java is dead in favor of other technologies, but I foresee that in one more year, this is going to be proven wrong. With the evolution of AOT compilation technologies more oriented to Cloud Native environments (Quarkus, Micronaut, Helidon, Spring native), and the new features of Java 21 helping the concurrency to be easier and more performant, as well as new features to come in order to improve the cold warm up with project Leyden, Java will be more alive than ever.

++

Phil Nash, Developer Advocate:

  • Overconfidence in Generative AI code will lead to generated AI vulnerabilities: As more and more developers use generative AI to successfully help build their products, 2024 will see the first big software vulnerabilities attributed to AI generated code. The success of using AI tools to build software will lead to overconfidence in the results and ultimately a breach that will be blamed on the AI itself. This will lead to a redoubling across the industry of previous development practices to ensure that all code, written by both developers and AI, is analyzed, tested, and compliant with quality and security standards.
  • Generative AI will evolve beyond the chatbot: The breakout star of generative AI has been ChatGPT; subsequently, 2023 saw most interfaces to generative AI via chat. As designers and developers work with the technology, and as more specialized LLMs are produced, we'll see AI fade into the background, but we'll see more powerful applications built upon it. Right now, chatbots are hammers and everything looks like a nail, to truly use AI to its full potential we will need to move beyond that.
  • We'll write less 'JavaScript': While web applications will continue to push the boundaries with JavaScript frameworks, websites that don't need the same level of interaction will be able to reduce their JavaScript and still build great experiences. In 2024 a combination of a number of new browser APIs will mean developers can achieve many of the effects that currently need a lot of JavaScript with mostly HTML and CSS. Scroll driven animations, Dialogs and Popovers, View Transitions, CSS masonry layout, and parent selectors are just a number of the newer HTML and CSS features that will contribute to this reduction in JavaScript.

++

Ben Dechrai, Developer Advocate:

  • AI Coding Assistants will keep getting better: There are many of us saying that AI won't kill the developer role, but that's based on the current capabilities and the need for a human to check the computer's "intelligence." While Artificial General Intelligence is still a pipe dream, GenAI solutions are getting very good, especially those that are trained for specific work (i.e. ChatGPT is too generic, but CoPilot/Cody are specialized and provide better results for coding). GPT-4 is already leaps and bounds above GPT-3.5, and while some reckon GPT-5 won't be as huge a leap, in the next year, I feel we will keep closing that gap on how much developers need to do. So, we're going to see more developers vetting generated code instead of writing the bulk of it by hand.
  • AI as a Service: It's already possible to use OpenAI's ChatGPT in your own applications, but being able to model responses based on your own, proprietary datasets will bring much more value to businesses. This leads to issues of data sovereignty and confidentiality, which will see the rise of not just cloud-based AI services, but the ability to run them in siloed cloud-environments.
  • Post-Quantum Cryptography: Quantum computing will continue to evolve, and with it the threat to encryption. Not all encryption algorithms are considered to be quantum-safe, and cloud providers like Cloudflare are already upgrading their systems to implement post-quantum cryptography to data-in-transit. I believe that 2024 will see this extend to providers looking at data-at-rest, such as document storage, health systems, and more, to mitigate future attacks against data encrypted in the present. For example, data encrypted today will probably be decryptable by quantum computing in 15 years, so we need to address that sooner, to keep our data safe into the future.
  • Simplified Service Configuration: We're already seeing no-code and low-code being used to configure some areas of the hosted services we use, and this will increase. An Identity as a Service provider recently deprecated some of its full-code extensibility capabilities, requiring customers to use the newer low-code and no-code replacement. I believe we'll also see a growth in intercommunication between services that will allow companies to define their infrastructure more holistically through these simplified interfaces. While this might be through strategic partnerships at first, we might see a consensus towards a standardized configuration language that allows services to be almost plug-and-play in platform orchestration tools.

++

Thomas Chauchefoin, Vulnerability Researcher:

  • Regulatory changes to make security best practices the norm: Security has always been seen as a cost center - and hence, optional. As new regulation and compliance requirements are introduced, e.g. the new SEC rule forcing public companies to disclose material cybersecurity incidents within four days, it is forced to become the norm. This has a profound impact on how companies implement their security, internalizing and shifting left as much as possible. This shift favors proven and cost-effective practices, leaving most of the AI-powered security hype behind us.
  • Increase of (detected) in-the-wild exploitation campaigns: As we keep on getting better at detecting and analyzing in-the-wild exploitation campaigns of both known (N-days) and previously unknown (0-days) vulnerabilities, we'll notice an upward trend of these. It doesn't mean that threat actors are more active - only that we are finally catching up.

++

Stefan Schiller, Vulnerability Research:

  • AI-Assisted attacks to become more sophisticated and automated: IT security attacks leveraging AI are expected to become more sophisticated and automated. Hackers will likely use AI to analyze vast amounts of data and launch targeted attacks. AI-driven phishing attackers capable of generating highly convincing and personalized messages, which trick users into revealing sensitive information, may increase. Furthermore, AI-powered malware could adapt and evolve in real time, making it more challenging for traditional antimalware detection systems to keep up.

It's no surprise that AI is transformative to any industry and area it touches, but organizations should embrace its potential with a dose of cautious optimism. For example, it's wise to take advantage of AI's ability to assist with coding for speed but don't forget to prioritize Clean Code - code that is consistent, intentional, adaptable, and responsible. Code is at the core of all software, which is at the core of every business. This means the performance of the business is inextricably tied to the quality of the software it's built upon. In 2024, businesses should ensure they put mechanisms in place to keep AI oriented in a positive direction, whether that's in the context of software development or any area where AI impacts their organization.

##

ABOUT THE AUTHOR

Peter McKee 

Peter McKee is the Head of Developer Relations and Community at Sonar, where he leads a team of developer advocates in reaching and educating developers across their preferred forums to help them write better, more secure code. Peter is also the maintainer of the open source project Ronin.js and for over 25 years has built his career developing full-stack applications as well as leading and mentoring developer teams. Prior to Sonar, Peter was the Director of Developer Advocacy at JFrog and before that, he held multiple roles at Docker including Head of Developer Relations. When not building things with software, he spends his time with his wife and seven kids in beautiful Austin, TX.

Published Tuesday, December 05, 2023 7:33 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2023>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456