Development

According to recent projections from Gartner, by 2028 90 percent of enterprise software engineers will use AI code assistants, up from less than 14 percent in early 2024. But relying on AI in development roles also introduces risks.

Snyk is launching a new AI-native agentic platform specifically built to secure and govern software development in the AI Era.

As Java marks its 30th anniversary on May 23rd, it's a powerful reminder that few technologies have had the longevity -- or the impact -- of a language first launched in 1995.

Today, Java continues to underpin much of modern software development, from cloud-native systems to enterprise-scale applications.

To mark this milestone, we caught up with Dewan Ahmed, principal developer advocate at Harness. Dewan, whose work focuses on empowering DevOps and engineering teams to deliver reliable, efficient, and secure software. He has seen first-hand just how much Java has changed over the past decade.

The use of AI in software development can save valuable time completing routine tasks. But what if it could autonomously respond to events, implement changes, and submit code through standard pull requests?

This is what Zencoder is doing with the launch today of Autonomous Zen Agents for CI/CD, bringing groundbreaking AI automation directly into the software development infrastructure.

Updates to the Starburst data platform for apps and AI are designed to accelerate enterprise AI initiatives and support the transition to a future-ready data architecture built on a data lakehouse.

At the heart of these changes are Starburst AI Workflows, a purpose-built suite of capabilities that speed AI experimentation to production for enterprises. AI Workflows provides a link between vector-native search, metadata-driven context, and robust governance, all on an open data lakehouse architecture.

The Python programming language has become the foundation of modern AI and machine learning applications. Of course that makes it a prime target for supply chain attacks.

Public registries do minimal vetting of hosted artifacts, and they don't provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Python libraries are also susceptible to supply chain attacks because many projects include more than just pure Python code -- for example project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior.

With the European Accessibility Act (EAA) due to come into force next month, 84 percent of respondents to a new study say that digital accessibility is a priority for their company.

The EAA aims to make technology products and services easier to use for people with disabilities. The study, from quality and testing specialist Applause, shows 94 percent of organizations are preparing for the EAA by the June 28, 2025 deadline.

By 2026 it's estimated the IT skills shortage will affect nine out of 10 organizations, an issue that will only be exacerbated by the growing 'silver tsunami' of seasoned professionals retiring from the industry.

This shortage presents a challenge to almost every organization, especially as IT professionals are being asked to usher their company into the digital age and incorporate new technology into existing workflows.

The latest State of Pentesting report from Pentera reveals that over 50 percent of enterprise CISOs now report using software-based pentesting to support their in-house testing practices.

Based on research conducted by Global Surveyz, the report notes that 50 percent of CISOs now identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.

Artificial intelligence has found its way into many areas, not least software development. But using this technology isn't without problems around security, code quality and more.

We talked to Vibor Cipan, senior manager -- developer relations, community and success at AI coding agent Zencoder to find out more about the challenges of AI development and how to address them.

Although 63 percent of organizations claim their architecture is integrated throughout development (from design to deployment and beyond), a new study shows more than half (56 percent) have documentation that doesn't match the architecture in production.

The research from vFunction shows the impact of this architecture disconnect has potentially resulted in project delays (53 percent), security or compliance challenges (50 percent), scalability limitations (46 percent), and reduced engineering team productivity (28 percent).

A new study from Backslash Security looks at seven current versions of OpenAI's GPT, Anthropic's Claude and Google's Gemini to test the influence varying prompting techniques have on their ability to produce secure code.

Three tiers of prompting techniques, ranging from 'naive' to 'comprehensive,' were used to generate code for everyday use cases. Code output was measured by its resilience against 10 Common Weakness Enumeration (CWE) use cases. The results show that although secure code output success rises with prompt sophistication all LLMs generally produced insecure code by default.

Security teams know they need to test their main applications, but they often struggle to identify which other assets to cover. On average, organizations can miss testing nine out of 10 of their complex web apps.

Security testing platform Detectify is announcing the launch of its new Asset Classification and Scan Recommendations capabilities which enable organizations to easily identify and swiftly act on their complex web applications.

A new report from API and AI security solutions company Wallarm finds that of around 4,700 security issues analyzed in Agentic AI projects, 49 percent were API-related, underscoring the inseparable nature of agent and API security.

The report also finds that over 1,000 issues in Agentic AI repositories remain unaddressed. 22 percent of reported security issues remain open too, with some lingering for 1,200-plus days, highlighting a critical gap between vulnerability discovery and remediation.

In today's fast-paced digital landscape, many product teams are under pressure to deliver payment solutions faster while ensuring accessibility and security across platforms.

To help address these industry needs, payments company Visa is announcing today that for the first time its Visa Product Design System (VPDS), an all-encompassing platform within the Visa technology stack designed to improve the product design and development process, will be publicly available.

AI and machine learning tools have had an important role in software development for many years, helping to drive efficiency and automation. The new generation of AI tools has the potential to supercharge this transformation, bringing even greater improvements to efficiency, cost-effectiveness, and innovation cycles.

However, these tools also come with new risks, including security vulnerabilities, governance challenges, and regulatory uncertainty. As with any new technological approach, organizations bringing new AI tools and specifically AI-generated code into their development lifecycles must balance benefits with the potential risks.