A look at the challenges of securing applications developed using AI coding tools and how spec driven development methods may help.
Speaker
Roy Harrow
Agenda
18:00 - Tea, coffee and networking
18:30 - Main presentation – Roy Harrow
19:30 - Q&A, followed by light refreshments for those attending in person
20:30 - Event close
Synopsis
As AI assisted coding becomes a routine part of modern software delivery, it is transforming not only how developers write code but also how organisations must think about securing it. This talk examines the tension between rapid, AI accelerated development and the growing difficulty of ensuring that security requirements are consistently met when code is generated through “vibe coding” and other emergent AI driven practices.
We will begin by exploring how traditional application security tooling (especially static analysis) can support AI augmented workflows and look at some of the challengers. The talk will the introduce the spec driven development as an evolving approach and explore how this might provide an opportunity to include security non functional into the “specification”. We will look at some of the different approaches to spec driven development and several current tools that help implement these methods.
The session will conclude with a short case study to explore the potential impact of including security NFRs in a specification. The aim is to provide a realistic, tool agnostic model that can be developed and to start an ongoing dialogue on this topic.
About the speaker
Roy Harrow is the Chair of the DevSecOps BCS Group and has worked in a wide range of roles in information technology and information security. His experience includes financial services, public sector, security consulting and security architecture. Roy is currently working for Sainsbury's in a cloud security role as part of their information security team.
Our events are for adults aged 16 years and over.
BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today
Please note: if you have any accessibility needs, please let us know via groups@bcs.uk, and we’ll work with you to make suitable arrangements.
If you are attending in person, please familiarise yourself with the Visitor Instructions for the BCS London Office.
For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.
This event is brought to you by: DevSecOps specialist group
