Security

Remediation Ballet Is a Pas de Deux of Patch and Performance

Michael Bargury
Jun 26th, 2023

Generative AI capabilities continue to make their way into every organization, with increasingly useful ways of helping employees and contractors be more productive. This includes advancing how fully automated vulnerability remediation works, and with the power of generative AI, is able to take into account unique environments and uses in real-time. 

While copilots, such as ones introduced by Microsoft, GitHub, Salesforce, and more, provide awesome power to both professional and citizen developers to create and generate context-aware code completion and suggestions that save time, there are also ‘hallucinations’ where wrong information can be spewed and inserted into applications, or flat-out wrong suggestions that, when blindly trusted, can lead organizations astray. As with anything, new technological capabilities must be met with strong processes and informed people to fully harness the power. 

However, finding the right balance is critical, and can often be too heavily weighted on one side or the other behind productivity and control. Traditional security controls like urgent patches, encryption, and WAFs are necessary, but can also lag productivity, particularly in the fast-paced world of application development. On the people side, having centralized application security teams often see problems in isolation and are unable to see organizational consequences of applying specific fixes to a specific application (nor should they be expected to). 

Further, making environment-level changes can have sweeping effects on individual applications, and each decision to increase security must be weighed against the potential dips in efficiency or productivity. AI-generated mitigations can reduce the cost of remediation, but the risk of applying ill-advised or ill-fitting mitigations will always exist. It begs the question of how much organizations should be expected to trust AI copilots, with many needing to run deep analysis of where in the middle-ground they want to live. 

Read more from my latest monthly DarkReading column here.

Subscribe to Newsletter

Keep informed of all the latest news and notes within the world of securing and governing citizen development

Thanks for registering to the Zenity newsletter.

We are sure that you will like it and are looking forward to seeing you again soon.

Related posts

April 4th, 2024

Low Code Application Security Best Practices and Strategies
Developing applications using low code platforms has gained popularity in recent years due to its ability to accelerate the software development process. However, with increased speed and efficiency comes the need for robust security measures to protect sensitive data and ensure a safe user experience. In this article, we will explore the best practices and…
Blog
April 4th, 2024

The Importance of Low Code Security in Today’s Digital Landscape
In today’s rapidly evolving digital landscape, the importance of low code security cannot be overstated. As organizations increasingly rely on low code development platforms to accelerate application and software development, it is crucial to understand the significance of robust security measures. Understanding Low Code Security Before delving into the intricacies of low code security, it…
Blog
March 14th, 2024

Cybersecurity in the Low-Code Age: Emerging Threats and Protective Strategies
Uncover low-code cybersecurity strategies & stay ahead of threats with Zenity.io. Empower your development securely today!
Blog