Heather Hinton

With all of the attention given to generative AI (GenAI) and its potential use within development, we cannot neglect the practice of secure development in GenAI-assisted development environments. This essay proposes considerations for the adaptation of secure GenAI-assisted development and testing practices, starting right at the initial “light bulb” moment and throughout the development life cycle:

User stories

User stories are a key input to the design process, used to help define a product or feature and how it is expected to be used. If using GenAI solutions to help identify user stories, these stories must be independently reviewed by a human and modified and enhanced if necessary. Do not assume that all required stories will be created by the AI or that these stories will be accurate, complete, or correct.

Specifications

User stories (should) provide input to technical specifications. The specifications must be clear, accurate, and comprehensive. This doesn’t change with the use of GenAI-created user stories. If using GenAI to create specifications from user stories, the specifications must be reviewed: no one (and nothing) should write code if you do not have a clear definition of what is expected of that code.

Development considerations

There is much evidence that (common) code can be “developed” ...