""The closer a development platform and deployment infrastructure is to good practice, the less concern you should have about the specific use of AI coding assistants," GDS said. It recommended that software engineering teams within government departments can "greatly reduce the risks of employing AI coding assistants in their development environment by working in the open and employing main branch protections"."
"GDS' guidance recommends software engineering teams in government departments also maintain the strict separation and audit of production secrets access and use multi-stage deployment, which needs to include sufficient test coverage and vulnerability scanning for continuous deployment in software development pipelines. Due to the non-deterministic nature of the models underpinning AI coding assistants, the GDS guidance recommends that source code and build pipeline should never rely on a specific response to a prompt unless the software engineering team is willing to test these responses extensively and accept the risk of frequent breakage."
The Government Digital Service (GDS) warns that using AI coding assistants may introduce unacceptable risks when a production service is developed, maintained and deployed from a single environment. GDS advises that the closer a development platform and deployment infrastructure is to good practice, the less concern there should be about AI coding assistant use. Teams can greatly reduce risks by working in the open and applying main branch protections. Teams must maintain strict separation and audit of production secrets, use multi-stage deployment with sufficient test coverage and vulnerability scanning, and avoid reliance on specific model responses without extensive testing. A four-month trial with over 1,000 developers indicated potential efficiency gains of roughly 28 working days per developer per year.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]