The primary challenge in the field of testing is the scarcity of talent and expertise, particularly in automation testing, according to Nilesh Patel, Senior Director of Software Services at KMS Technology. Many organizations struggle due to a lack of skilled testers capable of implementing and managing automated testing frameworks. As a result, companies often seek external assistance to fill this gap and are increasingly turning to AI/ML. 

Many organizations possess some level of automation but fail to leverage it fully, resorting to manual testing, which limits their efficiency and effectiveness in identifying and addressing software issues, Patel added. 

Another significant issue is the instability of testing environments and inadequate test data. Organizations frequently encounter difficulties with unstable cloud setups or lack the necessary devices for comprehensive testing, which hampers their ability to conduct efficient and effective tests. The challenge of securing realistic and sufficient test data further complicates the testing process. 

The potential solution for this, KMS’s Patel said, lies in leveraging advanced technologies, such as AI and machine learning, to predict and generate relevant test data, improving test coverage and the reliability of testing outcomes. 

Patel emphasized that applications are becoming more intricate than ever before, so AI/ML technologies are not only essential for managing that complexity but also play a crucial role in enhancing testing coverage by identifying gaps that could have been previously overlooked. 

“If you have GenAI or LLM models, they have algorithms that are actually looking at user actions and how the customers or end users are using the application itself, and they can predict what data sets you need,” Patel told SD Times. “So it helps increase test coverage as well. The AI can find gaps in your testing that you didn’t know about before.”

In an environment characterized by heightened complexity, rapid release expectations, and intense competition, with thousands of applications offering similar functionalities, Patel emphasizes the critical importance of launching high-quality software to ensure user retention despite these challenges. 

This challenge is particularly pronounced in the context of highly regulated industries like banking and health care, where AI and ML technologies can offer significant advantages, not only by streamlining the development process but also by facilitating the extensive documentation requirements inherent to these sectors.

“The level of detail is through the roof and you have to plan a lot more. It’s not as easy as just saying ‘I’m testing it, it works, I’ll take your word for it.’ No, you have to show evidence and have the buy-ins and it’s those [applications] that will probably have longer release cycles,” Patel said. “But that’s where you can use AI and GenAI again because those technologies will help figure out patterns that your business can use.”

The system or tool can monitor and analyze user actions and interactions, and predict potential defects. It emphasizes the vast amount of data available in compliance-driven industries, which can be leveraged to improve product testing and coverage. By learning from every possible data point, including the outcomes of test cases, the algorithm enhances its ability to ensure more comprehensive coverage for subsequent releases.

Testing is becoming all hands on deck

More people in the organization are actively engaged in testing to make sure that the application works for their part of the organization, Patel explained. 

“I would say everyone is involved now. In the old days, it used to be just the quality team or the testing team or maybe some of the software developers involved in testing, but I see it from everyone now. Everyone has to have high-quality products. Even the sales team, they’re doing demos right to their clients, and it has to work, so they have opinions on quality and in that case even serve as your  end users,” Patel said.

“Then when they’re selling, they’re getting actual feedback on how the app works. When you see how it works, or how they’re using it, the testers can take that information and generate test cases based on that. So it’s hand in hand. It’s everyone’s responsibility,” he added. 

In the realm of quality assurance, the emphasis is placed on ensuring that business workflows are thoroughly tested and aligned with the end users’ actual experiences. This approach underscores the importance of moving beyond isolated or siloed tests to embrace a comprehensive testing strategy that mirrors real-world usage. Such a strategy highlights potential gaps in functionality that might not be apparent when testing components in isolation. 

To achieve this, according to Patel, it’s crucial to incorporate feedback and observations from all stakeholders, including sales teams, end users, and customers, into the testing process. This feedback should inform the creation of scenarios and test cases that accurately reflect the users’ experiences and challenges. 

By doing so, quality assurance can validate the effectiveness and efficiency of business workflows, ensuring that the product not only meets but exceeds the high standards expected by its users. This holistic approach to testing is essential for identifying and addressing issues before they affect the customer experience, ultimately leading to a more robust and reliable product.

The post The power of automation and AI in testing environments appeared first on SD Times.

This collaborative effort, initiated by Kusari, Google, and Purdue University, is designed to manage dependencies and offer actionable insights into the security of software supply chains. It has support from entities in the financial services and technology sectors, such as Yahoo!, Microsoft, Red Hat, Guidewire, and ClearAlpha Technologies.

GUAC addresses the growing concerns over software security and the integrity of software supply chains, exacerbated by the increasing frequency of software attacks and the widespread adoption of open-source tools. By serving as a reliable source of truth, GUAC aims to bridge the information gap between developers and security teams, facilitating a mutual understanding of software vulnerabilities, compliance issues, and threat detection.

Since its beta launch in May of the previous year, GUAC has swiftly established itself as an essential tool for gaining comprehensive insights into software supply chains. The project has a community of 50 contributors, 300 members, and has garnered over 1,100 stars on GitHub.

GUAC’s technology enables a thorough analysis of software components, including first-party, third-party, and open-source software, by aggregating security metadata into a graph database. 

This allows users to trace connections, ensure compliance, identify data gaps in their software supply chain, and bolster threat detection and response capabilities. The platform supports a wide range of data sources, including Software Bill of Materials (SBOMs) in SPDX and CycloneDX formats, SLSA and in-toto attestations, and metadata from various cloud services and external repositories.

By converting diverse software supply chain metadata into a structured and analyzable format, GUAC enhances visibility into software dependencies and the integrity of software components. Its flexible and extensible architecture accommodates data from local file systems, cloud storage services, and external package repositories, further enriched by additional metadata sources. This comprehensive approach positions GUAC as a useful tool in securing software supply chains against emerging threats, fostering a safer software ecosystem for developers and organizations alike.

The post SD Times Open-Source Project of the Week: Guac appeared first on SD Times.

This update allows New Relic’s users to pinpoint exploitable vulnerabilities within their applications, allowing them to replicate issues for easier remediation before they release new software versions. This advancement aids both security and engineering teams in concentrating their efforts on genuine application security issues, ensuring no false positives, according to New Relic. 

The introduction of proof-of-exploit reporting significantly enhances the application security testing process, enabling New Relic customers to identify, verify, and fix exploitable vulnerabilities more efficiently. 

This approach ensures that teams can confidently deploy new code, backed by the assurance of a 100% accuracy rate in detecting real security problems, as validated by the industry-recognized OWASP benchmark.

“Security must be ingrained in the development culture, not just added on. New Relic IAST offers engineering and IT teams the ability to identify real application security risks with the same platform they use to monitor application performance,” said Manav Khurana, chief product officer at New Relic. “It strengthens DevSecOps by bringing developers and security teams together to write secure code that defends against the threats of tomorrow and promotes a proactive stance on security. For well over a decade, the New Relic full-stack observability platform has bridged organizational silos by providing a single, trusted source of truth and unified user workflows – and now New Relic IAST furthers this mission.”

Other new updates include a new risk exposure and assessment feature that provides visibility into every code change and instant impact analysis, which details the number of applications that would be impacted by a vulnerability.

The post New Relic adds proof-of-exploit reporting to its IAST tool appeared first on SD Times.

DBOS (database oriented operating system) runs operating system services on top of high-performance distributed databases, creating a scalable, fault-tolerant, and cyber-resilient foundation for cloud-native applications with the added ability to store all state, logs, and other system data in SQL-accessible tables, the company explained.

Its first product offering is DBOS Cloud, which is a functions as a service (FaaS) platform that presents a significant advancement for developers looking to explore the capabilities of the DBOS operating system. As a transactional serverless application platform, DBOS Cloud facilitates the construction and operation of serverless functions, workflows, and applications. 

Its foundation on DBOS enables developers to tap into a framework designed for streamlined development processes and enhanced operational efficiency.

The platform’s integration with DBOS offers a distinctive user experience by simplifying the complexities traditionally associated with development, deployment, and operations. By leveraging DBOS Cloud, developers not only benefit from an environment that prioritizes ease of use but also gain advancements in cybersecurity and cyber-resilience. This dual focus ensures that applications built on DBOS Cloud are both robust against cyber threats and adaptable to the evolving digital landscape.

“The cybersecurity implications of DBOS are truly transformative,” said DBOS co-founder and former Head of Cybersecurity Practice at BCG Platinion, Michael Coden. “By simplifying the cloud application stack, DBOS greatly reduces the attack surface of cloud applications. On top of that, DBOS enables self-detection of cyberattacks within seconds without the use of expensive external analytics tools, and it can restore itself to a pre-attack state in minutes. It’s a DevSecOps game-changer.”

DBOS was co-founded by Mike Stonebaker, who created Postgres and won a Turing Award for his contributions “to the concepts and practices underlying modern database systems; Matei Zaharia, who was co-founder and CEO of Databricks; and a joint team of MIT and Stanford computer scientists. It was built based on several years of joint research from MIT and Stanford. 

“The cloud has outgrown 33 year-old Linux, and it’s time for a new approach,” said Stonebraker. “If you run the OS on a distributed database as DBOS does, fault-tolerance, multi-node scaling, state management, observability and security get much easier. You don’t need containers or orchestration layers, and you write less code because the OS is doing more for you.”

The post DBOS announces FaaS platform DBOS Cloud and $8.5 million in seed funding appeared first on SD Times.

Additionally, Google is revising its spam policies to more effectively exclude low-quality content from its search results. The updated policies target specific types of undesirable content, including websites that have expired and been repurposed for spam, as well as the proliferation of obituary spam. 

These measures are part of Google’s broader strategy to maintain the integrity of its search results and protect users from irrelevant or malicious content, thereby enhancing the overall user experience on the platform.

“This update involves refining some of our core ranking systems to help us better understand if webpages are unhelpful, have a poor user experience or feel like they were created for search engines instead of people. This could include sites created primarily to match very specific search queries,” Elizabeth Tucker, director of product management for Google, wrote in a blog post. “We believe these updates will reduce the amount of low-quality content on Search and send more traffic to helpful and high-quality sites. Based on our evaluations, we expect that the combination of this update and our previous efforts will collectively reduce low-quality, unoriginal content in search results by 40%.”

Google is enhancing its policy to tackle abusive content creation practices aimed at manipulating search rankings through scaled content production, regardless of whether it is generated by automation, humans, or a combination of both. 

This update aims to target and mitigate the impact of low-value content created en masse, such as webpages that appear to provide answers to common searches but ultimately fail to offer useful information. This initiative reflects Google’s commitment to improving the quality of content surfaced by its search engine, ensuring users receive relevant and valuable information, according to Google.

The post Google updates Search algorithm to help reduce spam and low-quality content appeared first on SD Times.

These sandboxes are equipped with pre-configured AI cloud services, generative AI notebooks, and an array of large language models (LLMs). This setup is aimed at enabling users to experiment with AI technologies in a safe space, thereby helping organizations to save time and resources, reduce costs, and mitigate risks associated with setting up their own experimental environments.

Using AI cloud sandboxes, employees can initiate a live sandbox session on Amazon Web Services, Azure, or Google Cloud to practice skills using the cloud provider’s AI services. Users can save time, money, and resources by provisioning their own AI sandboxes without the need for separate cloud provider accounts. 

Despite the vast potential that AI holds, there is a notable scarcity of profound AI expertise within the tech industry. According to Pluralsight’s recent AI Skills Report, a mere 12% of technologists possess considerable experience with AI technologies. This gap highlights a significant opportunity for growth and improvement in the field, underscoring the importance of platforms like AI sandboxes that facilitate practical learning and experimentation, according to the company. 

“To take full advantage of the benefits that AI has to offer, companies need to invest in expanding the breadth and depth of their workforce’s technical knowledge,” said Greg Ceccarelli, chief product officer at Pluralsight. “Organizations that leverage Pluralsight’s AI sandboxes will have a safe, secure environment to upskill employees without fear of generating unintended cloud computing costs or the risk associated with learning in a production environment.” 

Additional details are available here.

The post Pluralsight creates AI sandboxes that allow developers to safely experiment with AI appeared first on SD Times.

Among its notable features in Android Studio Iguana is the integration of the version control system within App Quality Insights, which is designed to streamline the development process by providing more detailed insights into app performance and quality. 

When developers utilize Android Gradle Plugin (AGP) version 8.3 or later, along with the most recent iteration of the Crashlytics SDK, AGP incorporates git commit details into the build artifact dispatched to the Play Store. 

This enhancement enables Crashlytics to append the specific git commit information to crash reports upon occurrence. Consequently, Android Studio Iguana leverages this data to facilitate developers in identifying and correlating the crash with the precise segment of code in their git history responsible for the issue.

This integration significantly streamlines the debugging process for developers. Through the App Quality Insights window, following the deployment of their applications built with AGP 8.3 (or newer) and the updated Crashlytics SDK, developers gain the ability to directly navigate to the problematic line of code within their current git checkout. Additionally, they can access a differential report that contrasts their present codebase with the specific version that led to the crash.

Additionally, this version introduces new built-in support for creating Baseline Profiles specifically for Jetpack Compose apps, enabling developers to optimize their applications more efficiently, according to Neville Sicard-Gregory, the senior product manager at Android Studio stated in a blog post. 

The new release also includes Jetpack Compose UI Check, progressive rendering for Compose Preview, and IntelliJ platform update, Baseline Profiles module wizard, and more.

The post Android Studio Iguana features better insights for debugging Android apps appeared first on SD Times.

It offers frontend developers the advantage of focusing on crafting reusable components, eliminating the need to duplicate components across different views.

The core principle of FastUI is the separation of concerns, where the backend is responsible for defining the entire application, and the frontend focuses solely on the user interface. This methodology streamlines the development process, ensuring that developers on both ends can work more efficiently and with a clearer focus on their respective areas.

FastUI is built on a foundation of Pydantic models and TypeScript interfaces, facilitating the definition of user interfaces that are validated both at build time (using TypeScript and tools like pyright or mypy) and at runtime (using Pydantic). This ensures a high level of integrity and reliability in the user interface, making FastUI a tool for developers looking to enhance their web application development workflow.

FastUI is a comprehensive toolkit designed to streamline the development of user interfaces in web applications, encompassing both Python and JavaScript ecosystems. At its core, FastUI includes the fastui PyPI package, which features Pydantic models for UI components and various utilities. This package is engineered to integrate seamlessly with FastAPI but maintains independence, allowing for compatibility with any Python web framework. This flexibility underscores FastUI’s utility across different development environments, not limiting its application to FastAPI-based projects.

On the JavaScript side, FastUI extends its functionality through three npm packages: @pydantic/fastui, @pydantic/fastui-bootstrap, and @pydantic/fastui-prebuilt. The @pydantic/fastui package offers a React TypeScript framework, enabling developers to leverage FastUI’s core mechanics and types while crafting custom components. For those seeking out-of-the-box solutions, @pydantic/fastui-bootstrap provides a set of components styled with Bootstrap, facilitating rapid UI development without the need for extensive customization. Lastly, the @pydantic/fastui-prebuilt package delivers a pre-built version of the FastUI React app, available through the jsdelivr.com CDN, simplifying deployment by eliminating the necessity for npm package installations or local builds. Together, these packages present a robust, flexible toolkit for developing sophisticated web interfaces with ease.

The post SD Times Open-Source Project of the Week: FastUI appeared first on SD Times.

This situation, characterized by a talent shortage coupled with pressure to deliver software quickly presents an ideal opportunity for offshoring and nearshoring tech talent as a solution, according to Leo Tucker, CEO at KMS Technology, a U.S.-based product engineering and services company with development and testing centers in Vietnam and Mexico.

“It’s certainly not the great resignation anymore,” Tucker said, referring to the post-Covid phenomenon of job hopping that was widespread among tech talent, as remote work opened doors to more competitive salaries around the globe. “But that said, there’s so much pressure that’s put on so many software companies, in particular, by the PE owners, or by their boards, or whoever it may be, to keep accelerating and keep putting out more and more feature functionality.”

The high costs associated with hiring are exacerbated by the need to compete with Silicon Valley’s salary standards, which have been further inflated by an influx of high-paid candidates due to recent tech layoffs. This situation has made it difficult for businesses outside the California tech hub to attract and retain skilled professionals without significantly increasing their payroll expenses. 

These challenges stem from a shortage of specific skill sets, such as quality assurance (QA), data analysis, solution architecture, or data architecture. This issue has become more pronounced in the digital economy, especially post-COVID, as not only software companies but virtually all types of businesses are undergoing digital transformations. 

Despite new graduates entering the market each year, the demand for software developers far exceeds the supply, making it a complex issue of both quality and quantity of talent available.

GenAI has sped up the talent needed for data analysis

One critical challenge is finding enough skilled data architects and experts proficient in handling data across various technologies. Specifically, it highlights the soaring demand for AI and ML skills, particularly driven by the surge in interest in generative AI technologies. 

While many of the skills required for AI and ML are data-related, there’s also a high demand for other AI-specific expertise. “While finding talent for common technologies like Java or Python might be easier due to their widespread use, securing experts in older or legacy technologies like Ruby on Rails can be particularly challenging,” Tucker explained. 

This is because new entrants to the workforce tend to be more familiar with newer technologies, making it difficult to fulfill needs in existing systems that rely on older technologies and leaving the myriad of organizations with legacy software short-staffed. 

Best practices for offshoring and nearshoring initiatives

When it comes to outsourcing, many organizations are focused on the risks and challenges, such as timezone differences and a lack of transparency or control over work quality.

Thus, it’s best to seek out partners in software development rather than temporary staff augmentation. Partners who not only grasp the business’s value but are also committed to achieving overarching goals play a crucial role in the growth and innovation of a business. 

Ideal partners are those who can propose innovative solutions, effectively guide conversations with investors, and have the capability to evolve alongside the company’s changing needs. Organizations that can adeptly manage timezone differences, have stellar references and have minimal team turnover are most suited to become an integral extension of development teams, according to Tucker. 

When deciding to grow existing teams with offshore or nearshore talent or to have fully, global dedicated teams, there are distinct advantages to the latter. Such teams operate autonomously, requiring less direct oversight from the client’s side, which contrasts with staff augmentation where one or two developers may join an existing team but need significant training, resources, and management. 

A fully dedicated team, therefore, represents a self-sufficient unit capable of driving projects forward without the need for constant intervention or additional support from the client’s internal team. This setup not only enhances efficiency but also allows the client’s core team to focus on other strategic areas of the business, making it a preferable option for companies looking to streamline their operations and scale effectively, Tucker explained.

The post Best practices for achieving offshoring and nearshoring success appeared first on SD Times.

This approach promotes standardization and aims to lower development costs, aligning with Unqork’s strategy to streamline and expedite the digital solution development process, according to Unqork. Among the advancements is a pre-built case management solution, specifically designed to help customers speed up their product’s time-to-market. 

“We are excited to kick off the year with such a powerful release demonstrating our ongoing commitment to an open, extensible, and easy-to-use solution,” said Thierry Bonfante, chief product officer at Unqork. “Everything we do at Unqork is meant to help customers achieve value faster while lowering their overall total costs. Our new Composite Applications are a perfect example of this and were built in close collaboration with our top customers.”

A landmark feature of the Winter 2024 Release is the debut of the first Open Source Specifications for codeless applications, which showcases a feature-rich, secure, and open ecosystem built on standardized web technologies. This initiative is aimed at diminishing the worries of vendor lock-in by granting customers and partners unrestricted access to the Unqork specification ecosystem. 

Other new features include the case management solution that includes pre-built components, drag-and-drop UI, and updates, and embedded UI which allows users to create composite applications by configuring and reusing standard components.

The post Unqork Winter 2024 release focuses on modular development appeared first on SD Times.