Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
6 Experts on the Future of Coding in the Age of AI
In the world of software development,
generative AI could very well spur 2024's biggest opportunities -- and issues.
As GenAI hits the mainstream, it has led to the emergence of new tools to
support developers. However, AI is writing code for speed, not quality, which
exacerbates the risks of bad code, including tech debt and security issues.
At Sonar,
the industry-leading solution for Clean Code, we collected perspectives from
our developer advocates and our R&D team to hear from them about the
software development trends they expect to surface in 2024, with particular
attention to the impacts of AI, both positive and negative:
++
Johannes Dahse, Head of R&D
More Supply Chain Attacks on Code Call for Better Software Security
Measures: "A growing list of supply chain attacks make
them a hot topic for development organizations today. There's an underlying
design issue exploited by these attacks and it is that all modern software is
built on top of other third-party software components, often without clear
visibility on the code quality of all the downloaded packages. A single code
vulnerability introduced by a library can be used for large-scale attacks
against multiple softwares using this library.
Because the main code of popular open source
software becomes well-reviewed and tested, attackers will focus more on finding
previously unknown code vulnerabilities hidden in widely-used but lesser-known
open source libraries. It's a very effective and subtle attack vector to
compromise many organizations at once. In tandem with the risk and threats, the
importance of a deeper code analysis will grow that also covers the code of
libraries."
++
Jonathan Vila, Developer Advocate
- AI-Generated
code growth: As LLMs are going to be more accessible and
diverse, more generative AI code tools with integrations with specific or more
focused libraries will appear. I see more development regarding test
generators, UI generators, integration plumbing generators, where users with
natural prompting will be able to get the necessary code, aligned (or not) with
the current user's code base.
- Low
Code - No Code growth: 2024 will experience a growth on low code -
no code platforms that can create applications or services without the need of
programming skills. This can allow creating a bond between teams that know what
the business needs by removing the translation and misunderstanding when
sending those requirements to the development teams.
- Java
is not going to die (again): It's always been the rumor or joke that Java
is dead in favor of other technologies, but I foresee that in one more year,
this is going to be proven wrong. With the evolution of AOT compilation
technologies more oriented to Cloud Native environments (Quarkus, Micronaut,
Helidon, Spring native), and the new features of Java 21 helping the
concurrency to be easier and more performant, as well as new features to come
in order to improve the cold warm up with project Leyden, Java will be more
alive than ever.
++
Phil Nash, Developer Advocate:
- Overconfidence
in Generative AI code will lead to generated AI vulnerabilities:
As more and more developers use generative AI to successfully help build their
products, 2024 will see the first big software vulnerabilities attributed to AI
generated code. The success of using AI tools to build software will lead to
overconfidence in the results and ultimately a breach that will be blamed on
the AI itself. This will lead to a redoubling across the industry of previous
development practices to ensure that all code, written by both developers and
AI, is analyzed, tested, and compliant with quality and security standards.
- Generative
AI will evolve beyond the chatbot: The breakout star of
generative AI has been ChatGPT; subsequently, 2023 saw most interfaces to
generative AI via chat. As designers and developers work with the technology,
and as more specialized LLMs are produced, we'll see AI fade into the
background, but we'll see more powerful applications built upon it. Right now,
chatbots are hammers and everything looks like a nail, to truly use AI to its
full potential we will need to move beyond that.
- We'll
write less 'JavaScript': While web applications will continue to push
the boundaries with JavaScript frameworks, websites that don't need the same
level of interaction will be able to reduce their JavaScript and still build
great experiences. In 2024 a combination of a number of new browser APIs will
mean developers can achieve many of the effects that currently need a lot of
JavaScript with mostly HTML and CSS. Scroll driven animations, Dialogs and
Popovers, View Transitions, CSS masonry layout, and parent selectors are just a
number of the newer HTML and CSS features that will contribute to this
reduction in JavaScript.
++
Ben Dechrai,
Developer Advocate:
- AI
Coding Assistants will keep getting better: There
are many of us saying that AI won't kill the developer role, but that's based
on the current capabilities and the need for a human to check the computer's
"intelligence." While Artificial General Intelligence is still a pipe dream,
GenAI solutions are getting very good, especially those that are trained for
specific work (i.e. ChatGPT is too generic, but CoPilot/Cody are specialized
and provide better results for coding). GPT-4 is already leaps and bounds above
GPT-3.5, and while some reckon GPT-5 won't be as huge a leap, in the next year,
I feel we will keep closing that gap on how much developers need to do. So,
we're going to see more developers vetting generated code instead of writing
the bulk of it by hand.
- AI
as a Service: It's already possible to use OpenAI's
ChatGPT in your own applications, but being able to model responses based on
your own, proprietary datasets will bring much more value to businesses. This
leads to issues of data sovereignty and confidentiality, which will see the
rise of not just cloud-based AI services, but the ability to run them in siloed
cloud-environments.
- Post-Quantum
Cryptography: Quantum computing will continue to evolve,
and with it the threat to encryption. Not all encryption algorithms are
considered to be quantum-safe, and cloud providers like Cloudflare are already
upgrading their systems to implement post-quantum cryptography to
data-in-transit. I believe that 2024 will see this extend to providers looking
at data-at-rest, such as document storage, health systems, and more, to
mitigate future attacks against data encrypted in the present. For example,
data encrypted today will probably be decryptable by quantum computing in 15
years, so we need to address that sooner, to keep our data safe into the
future.
- Simplified
Service Configuration: We're already seeing no-code and low-code
being used to configure some areas of the hosted services we use, and this will
increase. An Identity as a Service provider recently deprecated some of its
full-code extensibility capabilities, requiring customers to use the newer
low-code and no-code replacement. I believe we'll also see a growth in
intercommunication between services that will allow companies to define their
infrastructure more holistically through these simplified interfaces. While
this might be through strategic partnerships at first, we might see a consensus
towards a standardized configuration language that allows services to be almost
plug-and-play in platform orchestration tools.
++
Thomas Chauchefoin,
Vulnerability Researcher:
- Regulatory
changes to make security best practices the norm: Security
has always been seen as a cost center - and hence, optional. As new regulation
and compliance requirements are introduced, e.g. the new SEC rule forcing
public companies to disclose material cybersecurity incidents within four days,
it is forced to become the norm. This has a profound impact on how companies
implement their security, internalizing and shifting left as much as possible.
This shift favors proven and cost-effective practices, leaving most of the
AI-powered security hype behind us.
- Increase
of (detected) in-the-wild exploitation campaigns: As we
keep on getting better at detecting and analyzing in-the-wild exploitation
campaigns of both known (N-days) and previously unknown (0-days)
vulnerabilities, we'll notice an upward trend of these. It doesn't mean that
threat actors are more active - only that we are finally catching up.
++
Stefan Schiller, Vulnerability Research:
- AI-Assisted attacks to become more
sophisticated and automated: IT security attacks leveraging AI are expected
to become more sophisticated and automated. Hackers will likely use AI to
analyze vast amounts of data and launch targeted attacks. AI-driven phishing
attackers capable of generating highly convincing and personalized messages,
which trick users into revealing sensitive information, may increase.
Furthermore, AI-powered malware could adapt and evolve in real time, making it
more challenging for traditional antimalware detection systems to keep up.
It's no surprise that AI is transformative to
any industry and area it touches, but organizations should embrace its
potential with a dose of cautious optimism. For example, it's wise to take
advantage of AI's ability to assist with coding for speed but don't forget to
prioritize Clean Code - code that is consistent, intentional, adaptable, and
responsible. Code is at the core of all software, which is at the core of every
business. This means the performance of the business is inextricably tied to
the quality of the software it's built upon. In 2024, businesses should ensure
they put mechanisms in place to keep AI oriented in a positive direction,
whether that's in the context of software development or any area where AI
impacts their organization.
##
ABOUT THE AUTHOR
Peter McKee is the Head of Developer Relations
and Community at Sonar, where he leads a team of developer advocates in
reaching and educating developers across their preferred forums to help them
write better, more secure code. Peter is also the maintainer of the open source
project Ronin.js and for over 25 years has built his career developing
full-stack applications as well as leading and mentoring developer teams. Prior
to Sonar, Peter was the Director of Developer Advocacy at JFrog and before
that, he held multiple roles at Docker including Head of Developer Relations.
When not building things with software, he spends his time with his wife and
seven kids in beautiful Austin, TX.