Agile
Community Posts
AI Coding Assistants: Velocity or Vulnerability?
Latest research reveals a hidden feedback loop threatening software security:
The Evidence: • ≈33% of Copilot suggestions echo CWE Top-25 flaws (Asare et al., 2024) • ~50% of LLM code snippets contain exploitable bugs (CSET, 2024) • Developers with AI help feel more confident while shipping less secure code (Stanford, 2023)
The Systemic Risk: Flawed AI output is pushed to public repositories, polluting the next model's training data—risk compounding with every release cycle.
What leading teams are doing this quarter:
1. Audit AI-tool usage and establish approved lists
2. Insert AI-aware SAST (e.g., Snyk Code, Semgrep Assistant) into IDEs and CI/CD pipelines
3. Adopt OWASP LLM Top 10 + MAESTRO for threat modeling
4. Track percentage of AI-generated code and its defect rates
Question: How are you measuring AI-generated technical debt today, and what is your plan to stop it from becoming tomorrow's supply-chain crisis?
Share metrics or tools that worked for you.
For orgs that are trying to mature their DevOps model, what do you think the most common gaps or pitfalls are?
Does your software team often have to go back and forth with other departments to clarify their feature requests or bug reports? Any advice for simplifying that process so new requests are easier to understand from the start?
No automated tests, and no intention to ever write them4%
No automated tests, but have an intention to write them in the future37%
Writing automated tests after big feature releases23%
Writing automated tests after several sprints18%
Writing automated tests at the end of the sprint4%
Writing automated tests at the end of each user story3%
Ensuring each commit has automated tests3%
Test Driven Development3%
Other (please comment)
Has GitOps helped your software and I&O teams work together? Have you noticed any measurable benefits since implementing it?
Monthly8%
Quarterly40%
Annually18%
On a project-by-project basis12%
As needed in response to specific factors11%
We use different strategies for different projects5%
We’re in the process of creating a software development strategy1%
We don’t follow a strategy1%
Other (I’ll share in a comment)
How do you encourage your software team to work collaboratively on security — both within the team and with other departments?
Problems with tool integration16%
High vendor costs22%
Lack of buy-in from employees44%
Lack of buy-in from executives61%
Limitations of the low-code/no-code software71%
Bugs in the finished code16%
None of these — we’ve adopted low-code/no-code tools3%
Other (I’ll share my barrier in the comments)1%