Peer-Driven Insights

Agile

Community Posts

AI Coding Assistants: Velocity or Vulnerability?

Latest research reveals a hidden feedback loop threatening software security:
The Evidence: • ≈33% of Copilot suggestions echo CWE Top-25 flaws (Asare et al., 2024) • ~50% of LLM code snippets contain exploitable bugs (CSET, 2024) • Developers with AI help feel more confident while shipping less secure code (Stanford, 2023)
The Systemic Risk: Flawed AI output is pushed to public repositories, polluting the next model's training data—risk compounding with every release cycle.

What leading teams are doing this quarter:
1. Audit AI-tool usage and establish approved lists
2. Insert AI-aware SAST (e.g., Snyk Code, Semgrep Assistant) into IDEs and CI/CD pipelines
3. Adopt OWASP LLM Top 10 + MAESTRO for threat modeling
4. Track percentage of AI-generated code and its defect rates

Question: How are you measuring AI-generated technical debt today, and what is your plan to stop it from becoming tomorrow's supply-chain crisis?

Share metrics or tools that worked for you.

How readily did your devs adopt AI into their inner development loop? Was it a seamless addition or did you have to encourage them to embrace it?

Read More Comments

For orgs that are trying to mature their DevOps model, what do you think the most common gaps or pitfalls are?

How often / when do your teams write automated tests?

No automated tests, and no intention to ever write them4%

No automated tests, but have an intention to write them in the future37%

Writing automated tests after big feature releases23%

Writing automated tests after several sprints18%

Writing automated tests at the end of the sprint4%

Writing automated tests at the end of each user story3%

Ensuring each commit has automated tests3%

Test Driven Development3%

Other (please comment)

View Results

Does your software team often have to go back and forth with other departments to clarify their feature requests or bug reports? Any advice for simplifying that process so new requests are easier to understand from the start?

How often do you reevaluate your software development strategy?

Monthly8%

Quarterly40%

Annually18%

On a project-by-project basis12%

As needed in response to specific factors11%

We use different strategies for different projects5%

We’re in the process of creating a software development strategy1%

We don’t follow a strategy1%

Other (I’ll share in a comment)

View Results

Which barriers are stopping you from using low-code/no-code tools? (Select all that apply)

Problems with tool integration16%

High vendor costs22%

Lack of buy-in from employees44%

Lack of buy-in from executives61%

Limitations of the low-code/no-code software71%

Bugs in the finished code16%

None of these — we’ve adopted low-code/no-code tools3%

Other (I’ll share my barrier in the comments)1%

View Results

What are your strategies for demonstrating the value of technical debt reduction quickly? Do you prioritize short-term, high-impact projects to build early wins?

Read More Comments

Our IT organization is in the midst of transitioning from a traditional waterfall methodology to an agile/SAFe framework. In your experience, is a traditional project manager better suited to be a product owner or a scrum master? Who would make an ideal product owner?

Read More Comments

Has GitOps helped your software and I&O teams work together? Have you noticed any measurable benefits since implementing it?

If you’re told that your software team needs to increase delivery speed but you can’t spend budget on new tooling or platforms, where would you make improvements?

Read More Comments

How do you encourage your software team to work collaboratively on security — both within the team and with other departments?

If you’re trying to cut costs, where in the SDLC would you reduce performance testing? Have you ever had to eliminate testing due to lack of budget?

Any tips for software development teams who are setting up a new CI/CD pipeline in a DevOps environment? How do you maintain current software delivery speeds while getting automation processes established within the pipeline?

Read More Comments

Any advice for creating self-service platforms that devs actually want to use?

How would you define a DevOps “mindset”? Why do you think there’s sometimes confusion among software leaders and teams about what a DevOps mindset truly entails?