Articles about code

A survey of 800 senior developers has 75 percent of respondents saying they expect AI to significantly transform the industry within the next five years. What’s more 53 percent say they believe large language models can already code better than most humans.

The survey, from Clutch, reveals that AI has already become a daily tool for many software teams. 49 percent of senior developers and team leads say they use AI tools every day. Another 29 percent use them most days, meaning 78 percent rely on AI regularly.

Continue reading →

New research reveals that insecure code is behind a shocking number of cyber breaches in the UK, with two-thirds of tech leaders admitting their organization suffered an incident in the past year.

The study from SecureFlag, of 100 UK C-suite and tech leaders, shows that despite the risks, many companies are still failing to train developers properly, leaving a gap that attackers are exploiting.

Continue reading →

New research shows 81 percent of organizations knowingly ship vulnerable code, and 98 percent experienced a breach stemming from vulnerable code in the past year, that’s a sharp rise from 91 percent in 2024.

The survey from Checkmarx, of more than 1,500 CISOs, AppSec managers and developers around the world, also shows that AI‑generated code is becoming mainstream, but governance is lagging.

Continue reading →

Increasing pressure to build and launch applications quickly has seen a rise in the use of AI to generate code. New analysis from Sonar, looking at the quality and security of software code produced by top Large Language Models (LLMs), finds significant strengths as well as material challenges across the tested models.

The study used a proprietary analysis framework for assessing LLM-generated code, tasking the LLMs with over 4,400 Java programming assignments. The LLMs evaluated in the study include Anthropic's Claude Sonnet 4 and 3.7, OpenAI's GPT-4o, Meta's Llama-3.2-vision:90b, and OpenCoder-8B.

Continue reading →

Recent high-profile attacks have placed increased emphasis on the software supply chain and the need to understand where code has originated.

A developer's coding style is as unique as their fingerprint and, thanks to artificial intelligence, it’s possible to identify an author based on a short code segment. Felix Mächtle, a researcher at the University of Lübeck and member of the AI Grid research network, has developed a tool that does just that. We spoke to him to learn more.

Continue reading →

New research from Apiiro shows that while AI code assistants are accelerating development times they're also increasing risks.

AI code assistants have seen rapid adoption since the launch of ChatGPT in November 2022. Microsoft reports that more than 150 million developers now use GitHub Copilot, up 50 percent over the past two years.

Continue reading →

Free and Open Source Software (FOSS) has become a critical part of the modern economy and it's estimated that up to 96 percent of codebases now include it.

In order to understand the impact of open source The Linux Foundation, in collaboration with the Laboratory for Innovation Science at Harvard, commissioned its latest study into the space and today announces the release of the Census III of Free and Open Source Software -- Application Libraries report.

Continue reading →

Using AI can increase the speed of code development, but it comes with an increased risk of bad code seeping into codebases.

Clean code solutions company Sonar is releasing two new features, Sonar AI Code Assurance and Sonar AI CodeFix. These deepen Sonar's commitment to improving the developer experience and increasing developer productivity to support the delivery of better code.

Continue reading →

A new survey from software delivery platform Harness finds that 66 percent of UK consumers think software companies releasing 'bad' code that causes mass outages is on par with, or worse than, supermarkets selling contaminated products that break laws on food safety.

The study of 2,000 UK consumers, conducted by Opinium Research, finds that 44 percent have been affected by an IT outage. 26 percent were impacted by the recent incident caused by a software update from CrowdStrike in July 2024.

Continue reading →

Rapid solutions development has become the standard in the tech world, empowering organizations to be first to market and fast to acquire a return on their investment. However, achieving rapid development has become increasingly more difficult.

One of the main challenges to rapid development for today’s tech firms is the ever-increasing complexity of the tech world. New solutions must integrate with a virtually unending tech universe, and the factors that must be considered -- as well as the likelihood of conflicts -- have grown exponentially in recent years.

Continue reading →

Industry-agnostic software is now an organization’s most critical business asset, as its competitive edge often depends on it. Since companies become more technologically savvy and dependent upon their software to meet revenue goals and deliver products or services to customers, it cannot be afforded to underestimate the importance that secure and high-quality code plays.

The more this becomes evident, the greater the pressure on developers to deliver. Leaders expect their developer teams to work faster, ship more features, and write “better” code, but the technical debt accrued as a result of these escalating demands creates a slowdown effect as developers try to keep up. This technical debt can take a third of developers’ time to address, with refactoring later costing twice, or even three times as much as a proactive fix. While AI code generation tools can help manage the responsibility of creating large amounts of code and handling mundane tasks so developers can focus on collaborative or creative work, AI-generated code shouldn’t be trusted at face value. When code is not properly reviewed for maintainability, security, and reliability (i.e. Clean Code attributes), poor-quality code problems creep in.

Continue reading →

The percentage of codebases with high-risk open source vulnerabilities -- those that have been actively exploited, have documented proof-of-concept exploits or are classified as remote code execution vulnerabilities -- increased from 48 percent in 2022 to 74 percent in 2023, according to new research.

The Open Source Security and Risk Analysis (OSSRA) report from Synopsys is based on findings from more than 1,000 commercial codebase audits across 17 industries. While codebases containing at least one open source vulnerability remain consistent year-on-year at 84 percent, significantly more codebases contained high-risk vulnerabilities in 2023.

Continue reading →

You'll often hear CI (continuous integration) and CD (continuous deployment) mentioned in the same breath, often as CI/CD, and indeed both are part of improving the quality, speed and efficiency of software development.

However, Stephen Atwell, principal product manager at Armory, argues that they shouldn't be considered as related functions. We spoke to him to find out why.

Continue reading →

A new survey of over 280 developers and technical decision makers finds two-thirds dealing with major flaws in homegrown authorization efficiency, security, and app performance. As a result, most organizations (83 percent) plan to invest more into policy as code as a solution.

In case you're unfamiliar with the concept, policy-as-code is an approach to policy management in which policies are defined, shared, updated and enforced using code rather than relying on manual processes.

Continue reading →

Software is immensely pervasive and foundational to innovation and market leadership. You’ve likely heard the popular phrase coined by McKinsey that "all companies are software companies." It’s true that businesses are competing and winning in their markets based on their ability to digitize and innovate. Almost every major enterprise, no matter its industry, relies heavily on software to deliver services, manage operations internally or promote itself.

Software starts with code, which means that secure or insecure code starts in development. As long as we continue to view security as a bolt-on or an after-the-fact fix, we’ll continue to widen the chasm between the pace of digital innovation and security’s ability to keep up. With AI-generated code increasing the volume and speed of software production without an eye toward code quality, this problem will only worsen. The world needs Clean Code. Without it, the performance of software will suffer, negatively impacting the business. 

Continue reading →