Upset person working at a laptop.
Photo: Moodboard via Getty Images

I wanna go fast

Protocol Enterprise

Hello and welcome to Protocol Enterprise! Today: why GitHub’s Copilot coding tool could improve developer productivity at a price, CISA wants to hear what enterprise tech thinks about security reporting requirements and Iran draws the attention of the cybersecurity community.

Productivity paradox

Given the expense required to maintain a team of even halfway-competent software developers, enterprise companies are keenly interested in improving their productivity. While it’s still early, GitHub is starting to lay out a case that all those developers need is some good old-fashioned automation.

The ubiquitous code warehouse released a new study Wednesday outlining how 2,000 users of its Copilot product, first released last year, are finding the experience. Copilot allows developers to plug AI-generated snippets of code into their applications in order to avoid the drudgery of writing that one function over, and over, and over again.

  • So far, so good: “Between 60–75% of users reported they feel more fulfilled with their job, feel less frustrated when coding, and are able to focus on more satisfying work when using GitHub Copilot,” the company said.
  • The survey also found that 87% of Copilot users said the tool “preserve[d] mental effort during repetitive tasks,” which are obviously the most annoying tasks.
  • Overall, 88% of respondents said they felt more productive using Copilot.

But how well were they really doing? GitHub split a group of 95 developers into two groups — one that was allowed to use Copilot, and one that had to rely on their meager human brains — and gave them a task.

  • The developers that were allowed to use Copilot completed the task about 90 minutes faster than the other group.
  • Still, both groups completed the job at about the same rate; 78% of Copilot users completed the task, while 70% of the other group powered through to the end result.
  • The test was relatively simple — building an HTTP server in JavaScript — and real-world projects are likely to be a lot more complicated, but every company has plenty of basic projects to slog through.

The results aren’t too surprising: AI will generate code faster than people, and assuming that code works, everybody likes to get the job done faster. The long-term questions for both GitHub and parent company Microsoft when it comes to Copilot are a lot trickier.

  • Last month at Black Hat, security researchers demonstrated that 40% of the code generated by Copilot had “exploitable vulnerabilities,” and that oftentimes that vulnerable code was suggested by Copilot as the best choice for the job.
  • “Copilot doesn’t know what’s good or bad. It just knows what it has seen before,” said Hammond Pearce, one of the researchers, during a session at Black Hat.
  • And the thorny legal questions around the use of AI-generated code that has been trained on existing code are going to be nonstarters for a lot of enterprise companies, especially ones with strict compliance requirements.

In other words, productivity might come at a price. The fastest way to get something done isn’t always the best.

— Tom Krazit (email | twitter)

Sponsored content from Upwork

Why on-demand talent could be exactly what companies need right now: If you thought the rise of remote work, independent contractors and contingent workers rose sharply during the pandemic, just wait until the next few months when you see a higher uptick in the on-demand talent economy.

Read more from Upwork

CISA: Feedback welcome

During its less-than-four-year history, CISA has had very little regulatory power. But as you've perhaps read in this newsletter, that's about to change.

CISA, the main U.S. cybersecurity agency, has been tasked with hammering out the specifics around mandatory reporting of critical infrastructure cyberattacks. Now, the chance for businesses to weigh in on the proposed reporting rules will begin within days, CISA Director Jen Easterly said at an event in D.C. today. As we previously reported, CISA will be issuing a public request for information and hosting a series of "listening sessions" to solicit feedback from industry.

The key elements of the regulations will require incidents to be reported to the government within 72 hours, and ransomware payments to be disclosed within 24 hours, by companies in 16 critical infrastructure sectors. (Unlike the SEC's controversial incident reporting proposal, however, details on cyberattacks disclosed to CISA would be anonymized before any public sharing.)

From a cybersecurity standpoint, one concern is that the final critical infrastructure rules aren't actually due for another three years. Shortening the time frame is worth exploring, some in the security industry have told me; the sooner CISA has more transparency about cyberattacks, the better off everyone will be on security, the reasoning goes.

The companies affected by the regulations are likely to have concerns of a different type, though. True, Easterly and CISA have generated a lot of goodwill through increased engagement with the cybersecurity community. But as Okta’s Marc Rogers told me previously, companies will still have questions like, "'How much do I want to share? What is risky for me to share? Is there a chance that a competitor could find out about this?'"

Those questions will need to be answered through extended discussion between CISA and the industry, Rogers said. In other words, if you are so inclined, this is your chance to be heard.

— Kyle Alspach (email | twitter)

Customer experience in the enterprise

The mandate is clear. Modern businesses need to provide a seamless, tech-enabled, end-to-end customer experience across their organizations: to always be ready, no matter the time or the platform, to promptly address customer needs and provide a human connection. This requires eliminating silos, increasing automation and analytics and ensuring that the front end and the back end are aligned to deliver a positive experience for your customers and your team. But how do you achieve this in today’s digital landscape?

In this virtual Protocol event on Sept. 19, we will dive into the tech tools and tricks and real-life strategies that companies are using to build a CX tech ecosystem and prepare for an increasingly customer-first future. Please join Protocol Enterprise’s Aisha Counts in conversation with Lara Caimi, chief customer officer, ServiceNow; Glenn Weinstein, chief customer officer, Twilio; and Clara Shih, chief executive officer, Service Cloud, Salesforce. RSVP here.

Around the enterprise

Albania took what is believed to be unprecedented action following a cyberattack, cutting diplomatic ties with Iran and expelling its ambassadors.

In a bid to cut costs, Netflix is considering reducing the scope of its long-running cloud-computing partnership with AWS, according to The Wall Street Journal.

Sponsored content from Upwork

Why on-demand talent could be exactly what companies need right now: The biggest benefit of leveraging on-demand talent is often tapping into the talent and skills that businesses can’t find elsewhere. Upwork’s recent report highlights that 53% of on-demand talent provide skills that are in short supply for many companies, including IT, marketing, computer programming and business consulting.

Read more from Upwork

Thanks for reading — see you tomorrow!

Recent Issues

The Dreamforce hangover