Hello and welcome to Protocol Enterprise! now: why GitHub’s Copilot coding tool can improve developer productivity at a price, CISA wants to hear what enterprise tech thinks about security reporting requirements and Iran gets the community’s attention cybersecurity.
Productivity paradox
Because of the cost required to maintain a team of even half-competent software developers, enterprise companies are interested in increasing their productivity. While it’s early days, GitHub is starting to lay out a case that all those developers need is some good old-fashioned automation.
The ubiquitous code warehouse released a new study on Wednesday outlines how 2,000 users of its Copilot product, first released last year, are finding the experience. Copilot allows developers to plug AI-generated code snippets into their applications to avoid the tedious task of writing a function over and over and over and over again.
- So far, so good: “Between 60–75% of users report that they are more satisfied with their work, less frustrated when coding, and able to focus on more enjoyable work when using GitHub Copilot, ” said the company.
- The survey also found that 87% of Copilot users said the tool was “preservative[d] mental effort during repetitive tasks,” which are obviously the most annoying tasks.
- Overall, 88% of respondents said they were more productive using Copilot.
But how good are they really? GitHub split a group of 95 developers into two groups — one that was allowed to use Copilot, and one that had to rely on their meager human brains — and gave them a task.
- Developers who were allowed to use Copilot completed the task nearly 90 minutes faster than the other group.
- However, both groups completed the work at about the same rate; 78% of Copilot users completed the task, while 70% of the other group powered through to the final result.
- The test is relatively simple – building an HTTP server in JavaScript – and real-world projects tend to be more complex, but every company has many major projects to work on.
The results aren’t too surprising: AI will develop code faster than humans, and assuming the code works, everyone wants to get the job done faster. The long-term questions for both GitHub and parent company Microsoft when it comes to Copilot are even trickier.
- Last month at Black Hat, security researchers showed that 40% of the code generated by Copilot had “exploitable vulnerabilities,” and often that vulnerable code was suggested by Copilot as the best choice for the job.
- “Copilot does not know what is good or bad. It only knows what it has seen before,” said Hammond Pearce, one of the researchers, in a session at Black Hat.
- And the difficult legal questions surrounding the use of AI-generated code trained on existing code will be a nonstarter for many enterprise companies, especially those with strict compliance requirements.
In other words, productivity can come at a price. The fastest way to get something done is not always the best.
— Tom Krazit (email | nervous)
Sponsored content from Upwork
Why on-demand talent may be exactly what companies need today: If you thought the rise of remote work, independent contractors and contingent workers had skyrocketed during the pandemic, just wait until the next few months when you’ll see an even higher increase in on-demand talent economy.
Read more from Upwork
CISA: Welcome feedback
During its less than four-year history, CISA has had very little regulatory power. But as you’ve probably read in this newsletter, that’s about to change.
CISA, the main US cybersecurity agency, has been tasked with hammering out details around mandatory reporting of critical infrastructure cyber attacks. Now, the opportunity for businesses to weigh in on the proposed reporting rules begins within days, CISA Director Jen Easterly said at an event in DC today. As we previously reported, CISA will issue a public request for information and host a series of “listening sessions” to solicit feedback from the industry.
Key elements of the regulations will require incidents to be reported to the government within 72 hours, and ransomware payments to be disclosed within 24 hours, by companies in 16 critical infrastructure sectors. (Unlike the SEC’s controversial incident reporting proposal, however, details on cyberattacks disclosed in CISA will be anonymized before any public sharing.)
From a cybersecurity perspective, one concern is that the final critical infrastructure rules aren’t really due for another three years. Shortening the time frame is worth exploring, some in the security industry told me; the sooner CISA has more transparency about cyberattacks, the better off everyone is in security, the reasoning goes.
Companies affected by the regulations are likely to have concerns of a different kind, though. Granted, Easterly and CISA have generated a lot of goodwill by increasing engagement in the cybersecurity community. But as Okta’s Marc Rogers told me before, companies will still have questions like, “‘How much do I want to share? What’s risky for me to share? Is there a chance that the a competitor about it?'”
Those questions need to be answered through extended discussion between CISA and the industry, Rogers said. In other words, if you’re so passionate, this is your chance to be heard.
— Kyle Alspach (email | nervous)
Enterprise customer experience
The mandate is clear. Modern businesses need to provide a seamless, technology-enabled, end-to-end customer experience across their organizations: to always be ready, regardless of time or platform, to instantly meet customer needs and provide of human connection. This requires eliminating silos, increasing automation and analytics and ensuring that the front end and the back end are aligned to deliver a positive experience for your customers and your team. But how do you achieve this in today’s digital landscape?
At this virtual Protocol event on Sept. 19, we’ll examine the tech tools and tricks and real-life strategies companies are using to build the CX tech ecosystem and prepare for an increasingly customer-first future. Please join Protocol Enterprise’s Aisha Counts in conversation with Lara Caimi, chief customer officer, ServiceNow; Glenn Weinstein, chief customer officer, Twilio; and Clara Shih, chief executive officer, Service Cloud, Salesforce. RSVP here.
Sponsored content from Upwork
Why on-demand talent may be exactly what companies need today: The biggest benefit of using on-demand talent is often tapping into talent and skills that businesses can’t find elsewhere. A recent Upwork report highlights that 53% of on-demand talent provides skills that are in short supply for many companies, including IT, marketing, computer programming and business consulting.
Read more from Upwork
Thanks for reading — see you tomorrow!