The company surveyed 2,000 companies across the U.S., U.K, India, Japan, and Germany, and categorized 15% as AI Leaders who are ahead of their peers and the other 85% as AI Learners.

According to the report, there are four key factors that contribute to the success AI Leaders are seeing. 

Compared to their peers, AI Leaders:

• Are more aggressive with their AI investments
• Are more confident in their ability to access and manage their organization’s data
• Have a C-suite that is fully aligned with IT leadership on what they need to do to achieve AI maturity
• Can customize their AI efforts to achieve optimal value. 

“We discovered that Leaders don’t mindlessly chase trends. Instead, they look for the intersection of opportunity, need and internal capabilities to develop an action-oriented roadmap. They foster organization-wide alignment through clear and authentic communication,” IBM wrote in the report. 

The report also found that AI Leaders were 80% more likely to invest in the use cases of customer experience, IT operations and automation, virtual assistants, and cybersecurity. 

Overall, the conclusion of the report is that the success in AI comes down to the human element. “Yes, great technology is imperative, but so is visionary, decisive leadership that inspires experimentation, agility and persistence. Organizations must take stock of themselves while keeping a vigilant eye on an ever-changing AI landscape. AI is constantly in action; you should be too,” IBM wrote. 

The post Report: What sets AI Leaders apart from the rest appeared first on SD Times.

The USPS has a standard format it accepts, but it’s not standard around the world. Internationally there are over 200 different address formats used and more than 20 language scripts used to write those addresses. 

Given the complexity of considering all of these different global formats, using a verification service like Melissa’s Global Address service can help ensure that all addresses are properly formatted based on where they need to go, which improves deliverability.

John DeMatteo, solutions engineer I at Melissa, explained in a recent SD Times microwebinar that “fewer errors and returns equals more time to be working on other things, as well as less money spent on returned packages,” he said. 

Melissa’s Global Address service takes in addresses and returns them as validated, enriched, and standardized addresses for more than 250 countries and territories. According to DeMatteo, validated means an address was confirmed through official sources as being accurate and deliverable; enriched means the address was appended with additional data not present in the original request; and standardized means an address is output in the preferred format.

During the microwebinar, DeMatteo gave a demo of Melissa’s Global Address service with the following input address:

FF: 10 Dziadoszaska, Pozna, 61-248, PL

Global Address identifies this as being an address in Poland and reformats it in that country’s preferred address format, and also adds diacritics, which are the symbols that appear over certain letters in the Polish alphabet (ex. ć, ń, ó, ś, ź).

AddressLine1: ul. Dziadoszańska 10
AddressLine2: 61-248 Poznań

The addresses can also be transliterated to Native, Latin, or the Input script. According to DeMatteo, the difference between transliteration and translation is that transliteration converts character by character whereas translation converts whole words.  

To show transliteration in action, another example he shared during the microwebinar is an input written in Kanji — a set of characters used in Japanese writing — that was requested to be output into Latin script. “This is a lot more readable for me if I’m a data steward or someone working with the data,” he said. 

When it comes to making the most out of Global Address, like with any data verification process, “the better the data we have for the input, the better data we have for the output,” DeMatteo said. Therefore, there are a couple of best practices that he recommends following when working with Global Address.

While Global Address is good at detecting the country from the input, he says that when possible, the country code and name should be included with every record. He also recommends sending in multiple addresses at once for batch processing, which can improve speed and efficiency. And finally, customers should avoid including extraneous information not related to the address. 

Global Address can be used on its own, or better yet, in combination with Melissa’s other verification services including Global Name, Global Email, and Global Phone. 

“The Global Suite works together to provide a comprehensive Validation, Enrichment, and Standardization solution for the big four data types,” he said. “Used together, customers can ensure their data is of the highest quality possible.”

The post Navigating the complexities of managing global address data appeared first on SD Times.

The survey, Anchore’s 2024 Software Supply Chain Security Report, also found that less than half of respondents are following supply chain best practices like creating software bill-of-materials (SBOMs) for the software they develop (49% of respondents) or for open source projects they use (45%) of respondents. Additionally, only 41% of respondents request SBOMs from the third-party vendors they use. Despite these low numbers, this is a significant improvement from 2022’s survey, when less than a third of respondents were following these practices. 

The report found that 78% of respondents are planning on increasing their use of SBOMs in the next 18 months, and 32% of them plan to significantly increase use. 

“The SBOM is now a critical component of software supply chain security. An SBOM provides visibility into software ingredients and is a foundation for understanding software vulnerabilities and risks,” Anchore wrote in the report.

The report also found that currently 76% of respondents are prioritizing software supply chain security.

Many companies are having to make this a priority as part of their efforts to comply with regulations. According to the report, organizations are now having to comply with an average of 4.9 regulations and standards, putting more pressure on them to get security right. 

Of the companies surveyed, more than half have a cross-functional (51%) or fully dedicated team (8%) that works on supply chain security. 

Finally, 77% of respondents are worried about how embedded AI libraries will impact their software supply chain security.  

For the survey, Anchore interviewed 106 leaders and practitioners that are involved in software supply chain security at their company.

The post Report: Only 1 in 5 organizations have full visibility into their software supply chain appeared first on SD Times.

Microsoft shared that user feedback on GitHub Copilot indicated that some developers struggle with creating prompts, including understanding phrasing and what context to include.  “In some cases, the experience left users feeling like they were getting too much or too little from their interactions,” Microsoft wrote in a blog post. 

In response to this, GitHub Copilot’s chat will now be a more conversational experience that can adapt to a developer’s specific context and needs. 

For example, if a developer asks a question that is too vague, like “what is this?,” Copilot will now respond back saying that the “question is ambiguous because it lacks specific context or content” and will suggest some prompts that are more specific and will lead to better responses. In this example, the response included other sample prompts, like “What is the purpose of the code in #file:’BasketService.cs’?” or “Can you explain the errors in #file:’BasketService.cs’?”

Those suggested new prompts are clickable, so all a developer has to do is select one of the provided prompts, and GitHub Copilot will try again with the new prompt.  

“Our guided chat experience takes Copilot beyond simple input-output exchanges, turning it into a collaborative assistant. When the context is clear, Copilot provides direct and relevant answers. When it isn’t, Copilot guides you by asking follow-up questions to ensure clarity and precision,” Microsoft wrote.

The new chat experience is available in Visual Studio 2022 17.12 Preview 3 and above, according to Microsoft.

The post GitHub Copilot chat now provides guidance on rewording prompts appeared first on SD Times.

Project Zero is a security research team at Google that studies zero-day vulnerabilities, and back in June they announced Project Naptime, a framework for LLM assisted vulnerability research. In recent months, Project Zero teamed up with Google DeepMind and turned Project Naptime into Big Sleep, which is what discovered the vulnerability. 

The vulnerability discovered by Big Sleep was a stack buffer overflow in SQLite. The Project Zero team reported the vulnerability to the developers in October, who were able to fix it on the same day. Additionally, the vulnerability was discovered before it appeared in an official release.

“We think that this work has tremendous defensive potential,” the Project Zero team wrote. “Finding vulnerabilities in software before it’s even released, means that there’s no scope for attackers to compete: the vulnerabilities are fixed before attackers even have a chance to use them.”

According to Project Zero, SQLite’s existing testing infrastructure, including OSS-Fuzz and the project’s own infrastructure, did not find the vulnerability.

This feat follows security research team Team Atlanta earlier this year also discovering a vulnerability in SQLite using LLM assisted detection. Project Zero used this as inspiration in its own research. 

According to Project Zero, the fact that Big Sleep was able to find a vulnerability in a well fuzzed open source project is exciting, but they also believe the results are still experimental and that a target-specific fuzzer would also be as effective at finding vulnerabilities. 

“We hope that in the future this effort will lead to a significant advantage to defenders – with the potential not only to find crashing testcases, but also to provide high-quality root-cause analysis, triaging and fixing issues could be much cheaper and more effective in the future. We aim to continue sharing our research in this space, keeping the gap between the public state-of-the-art and private state-of-the-art as small as possible,” the team concluded. 

The post Google researchers successfully found a zero-day vulnerability using LLM assisted vulnerability detection appeared first on SD Times.

One way developers can set themselves up for better opportunities is to pursue certifications for skills that are relevant to their career. A certification offers an opportunity for developers to show others that they have a particular skill; It’s one thing to list Kubernetes as a core competency on their resume, and another to say they’ve passed the certification exam for one of the CNCF’s Kubernetes certifications.  

“People are really happy by taking a certification, because it is the validation of some knowledge,” said  Christophe Sauthier, head of CNCF certifications and trainings, in a recent episode of our What the Dev? podcast. “It is something that we feel is really important because anybody can say that they know something, but proving that usually makes a real difference.”

A 2023 CompTIA report found that 80% of US HR professionals surveyed relied on technical certifications during the hiring process. Sauthier said the CNCF has conducted a survey looking into the impact of certifications as well, and has also seen that people who obtain them generally benefit. 

“More than half the people who answered the survey said that taking some training or certification helped them get a new job,” said Sauthier. “It is a way for people to be more recognized for what they know, and also to usually get better pay. And when I say a lot of people get better pay, it was about one third of the people who answered our survey who said that they had a higher pay because of taking training or certifications.”

Another survey from CompTIA in 2022 showed that IT professionals that obtained a new certification saw an average $13,000 increase in salary. 

How to select a certification

In order to see these benefits, it’s important for anyone pursuing a certification to think about which one will best suit their needs, because they come in all shapes and sizes.

Sauthier says he recommends starting with an entry-level certification first, as this can enable someone to get used to what it means to take a certification. 

Then, it might make sense to move onto more advanced certifications. For instance, the CNCF’s Certified Kubernetes Security Specialist (CKS) certification is “quite tough”, he said. However, its difficulty is what appeals to people.  

“People are really attracted by it because it really proves something,” he said. “You need to actually solve real problems to be able to pass it. So we give you an environment and we tell you, ‘okay, there is this issue,’ or ‘please implement that,’ and we are then evaluating what you did.”

Sauthier did note that difficulty alone shouldn’t be a deciding factor. “When I’m looking at the various certifications, I am more interested in looking at something which is widely adopted and which is not opinionated,” he said. Having it not be opinionated, or not tied to a specific vendor, will ensure that the skills are more easily transferable. 

“Many vendors from our community are building their bricks on top of the great project we have within the CNCF, but the certifications we are designing are targeting those bricks so you will be able to reuse that knowledge on the various products that have been created by the vendors,” he said.

He went on to explain how this informs the CNCF’s process of certification development. He said that each question is approved by at least two people, which ensures that there is wide agreement. 

“That is something that is really important so that you are sure when you’re taking a certification from us that the knowledge that you will validate is something that you will be able to use with many vendors and many products over our whole community,” he said. “That’s really something important for us. We don’t want you to be vendor locked with the knowledge you have when you take one of a certification. So that’s really the most important thing for me, and not the difficulty of the certification itself.”

The CNCF recently took its certification program a step further by introducing Kubestronaut, an achievement people can get for completing all five of its Kubernetes certifications. Currently, there are 788 Kubestronauts, who get added benefits like a private Slack channel, coupons for other CNCF certifications, and a discount on CNCF events, like KubeCon. 

The post Using certifications to level up your development career appeared first on SD Times.

By integrating GitHub Copilot capabilities into the tool, users will now be able to clean and transform data in VS Code with natural language prompts. It will also be able to provide suggestions of how to fix errors in data transformation code. 

According to Microsoft, one of the current limitations of using AI for exploratory data analysis is that the AI often lacks context of the data, leading to more generalized responses. Further, the process of verifying that the generated code is correct can be a very manual and time-consuming process. 

The integration of Data Wrangler and GitHub Copilot addresses these issues because it allows the user to provide GitHub Copilot with data context, enabling the tool to generate code for a specific dataset. It also provides a preview of the behavior of the code, which allows users to visually validate the response. 

Some examples of how GitHub Copilot can be used in Data Wrangler include formatting a datetime column, removing columns with over 40% missing values, or fixing an error in a data transformation — all using natural language prompts. 

Using this new integration will require having the Data Wrangler VS Code extension, the GitHub Copilot VS code extension, and an active GitHub Copilot subscription.

Microsoft also announced that this is just the first of many Copilot enhancements planned for Data Wrangler, and additional functionality will be added in the future. 

The post Microsoft enhances Data Wrangler with the ability to prepare data using natural language with new GitHub Copilot integration appeared first on SD Times.

“As organizations seek a competitive edge through innovative digital experiences, they need to invest equally in state-of-the-art technologies and in fostering the productivity of their software development teams,” said Christopher Davey, vice president and general manager of API management at WSO2. “With new functionality for managing AI services as APIs and extended support for Kubernetes as the preferred platform for digital innovation, WSO2 API Manager and WSO2 APK are continuing to enhance developers’ experiences while delivering a future-proof environment for their evolving needs.”

The company announced its Egress API Management capability, which allows developers to manage their AI services as APIs. It supports both internal and external AI services, and offers full life cycle API management, governance, and built-in support for providers such as OpenAI, Mistral AI, and Microsoft Azure OpenAI. 

The egress, or outbound, gateway experience enforces policies, providing secure and efficient access to AI models, as well as reducing costs by allowing companies to control AI traffic via backend rate limiting and subscription-level rate limiting of AI APIs. 

WSO2 also announced many new features to support the increase of APIs running on Kubernetes. A new version of the WSO2 API Microgateway — a cloud-native gateway for microservices — has been released, and it aligns with the latest WSO2 API Manager release, improving scalability while also maintaining governance, reliability, and security.

WSO2 APK was updated to align with the gRPC Route specification, improving integration with Kubernetes environment and facilitating better control over gRPC services. 

The latest version of WSO2 APK also includes new traffic filters for HTTP Routes, providing more flexibility and precision when routing HTTP traffic.

For better developer productivity in general, WSO2 also improved API discoverability by updating the unified control plane in the WSO2 API Manager so that now developers can search for APIs using the content in API definition files directly in the Developer Portal and Publisher portal.

And finally, to improve security and access control, the control plane also now supports the ability to configure separate mTLS authentication settings for production and sandbox environments. The latest release also adds support for personal access tokens (PAT), which provide secure, time-limited authentication to APIs without a username and password. 

The post WSO2’s latest product release allows AI services to be managed like APIs appeared first on SD Times.

The Aerospike Kubernetes Operator (AKO) enables users to simplify management and monitoring of their Aerospike databases. 

AKO 3.4 incorporates the recently launched Aerospike Backup Service (ABS), which allows for easy management of backup jobs across Aerospike clusters. ABS runs on a VM or Docker container and provides a set of REST API endpoints for backing up and restoring database clusters. It allows for both full and incremental backups, supports the creation of different backup policies and schedules, and offers usability improvements over the traditional asbackup and asrestore command line tools. 

Additionally, with this release, the company has doubled the default resource limits to better support customers needing to scale. 

Another new capability in AKO 3.4 is the ability to pause all AKO operations and then easily resume them when ready. According to Aerospike, this is useful for triaging incidents. 

This version also supports Aerospike 7.2, which was released in early October and brought with it new capabilities like Active Rack, a multi-zone deployment option that cuts the costs of interzone data transfers. 

Other features of note in this release include the ability to trigger warm and cold restarts to Aeropsike clusters and integration of the Aerospike Monitoring Stack with AKO. 

The post Aerospike Kubernetes Operator 3.4 adds better backup and scalability capabilities appeared first on SD Times.

“For most software developers, every day starts with where the last one left off. Trawling through the backlog of issues on GitHub you didn’t deal with the day before, you’re triaging which ones you can fix quickly, which will take more time, and which ones you really don’t know what to do with yet. You might have 30 issues in your backlog and know you only have time to tackle 10,” IBM wrote in a blog post. This new family of agents aims to alleviate this burden and shorten the time developers are spending on these tasks. 

One of the agents is a localization agent that can find the file and line of code that is causing an error. According to IBM, the process of finding the correct line of code related to a bug report can be a time-consuming process for developers, and now they’ll be able to tag the bug report they’re working on in GitHub with “ibm-swe-agent-1.0” and the agent will work to find the code. 

Once found, the agent suggests a fix that the developer could implement. At that point the developer could either fix the issue themselves or enlist the help of other SWE agents for further assistants. 

Other agents in the SWE family include one that edits lines of code based on developer requests and one that can be used to develop and execute tests. All of the SWE agents can be invoked directly from within GitHub.

According to IBM’s early testing, these agents can localize and fix problems in less than five minutes and have a 23.7% success rate on SWE-bench tests, a benchmark that tests an AI system’s ability to solve GitHub issues. 

IBM explained that it set out to create SWE agents as an alternative to other competitors who use large frontier models, which tend to cost more. “Our goal was to build IBM SWE-Agent for enterprises who want a cost efficient SWE agent to run wherever their code resides — even behind your firewall — while still being performant,” said Ruchir Puri, chief scientist at IBM Research.

The post IBM releases open AI agents for resolving GitHub issues appeared first on SD Times.