Page 167 - Cyber Defense eMagazine October 2023
P. 167
Handle with care
One of the most effective ways to use AI to produce secure results is by minimizing the task you give it.
Just like when a developer writes a function, if they put too many tasks in the individual function it
becomes bloated and difficult to understand or manage. When we ask AI to help us write code it should
be for very small tasks that are easy for us to understand and quickly evaluate for security. Rather than
asking it to add authentication to our project, we should ask it to show us a function to validate a user
based on the credentials provided. Then we can adapt that function to our project. Someday AI might be
able to write code for us, but today it works much better as a reference to help us when we are stuck
rather than a tool that can produce secure code for us.
Above all, organizations should treat AI with care. Yes, it can be a useful resource, but only if treated as
the fallible coding partner it often is. For that reason, it should only be used according to the corporate
risk appetite and in line with security policy. Faster coding isn’t better if it comes with bugs. We need to
train our people before we let loose the machines.
About the Author
Mike Burch, Director of Application Security, Security Journey. Michael
is an Ex-Army Green Beret turned application security engineer.
Currently, he serves as the senior enlisted Cyber Network Defender
for the North Carolina National Guard. In his civilian career, he is the
Director of Application Security and content team lead for Security
Journey, a SaaS-based application security training platform. He
leverages his security knowledge and experience as a developer to
educate and challenge other developers to be a part of the security
team. http://www.securityjourney.com/
Cyber Defense eMagazine – October 2023 Edition 167
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.