AI Assisted Coding vs Security: Can Spec Driven Dev Help DevSecOps Win?

A look at the challenges of securing applications developed using AI coding tools and how spec driven development methods may help.

Speaker

Roy Harrow

Agenda

18:00 - Tea, coffee and networking

18:30 - Main presentation – Roy Harrow

19:30 - Q&A, followed by light refreshments for those attending in person

20:30 - Event close

Synopsis

As AI assisted coding becomes a routine part of modern software delivery, it is transforming not only how developers write code but also how organisations must think about securing it. This talk examines the tension between rapid, AI accelerated development and the growing difficulty of ensuring that security requirements are consistently met when code is generated through “vibe coding” and other emergent AI driven practices.

We will begin by exploring how traditional application security tooling (especially static analysis) can support AI augmented workflows and look at some of the challengers. The talk will the introduce the spec driven development as an evolving approach and explore how this might provide an opportunity to include security non functional into the “specification”. We will look at some of the different approaches to spec driven development and several current tools that help implement these methods.

The session will conclude with a short case study to explore the potential impact of including security NFRs in a specification. The aim is to provide a realistic, tool agnostic model that can be developed and to start an ongoing dialogue on this topic.

About the speaker

Roy Harrow is the Chair of the DevSecOps BCS Group and has worked in a wide range of roles in information technology and information security. His experience includes financial services, public sector, security consulting and security architecture. Roy is currently working for Sainsbury's in a cloud security role as part of their information security team.

Our events are for adults aged 16 years and over.

This meeting is conducted in accordance with the BCS Code of Conduct for Meetings.

BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today

If you are attending in person, please familiarise yourself with the Visitor Instructions for the BCS London Office.

Please note, if you have any accessibility needs, please let us know via groups@bcs.uk, and we’ll work with you to make suitable arrangements.

BCS privacy notice: your data will be processed by BCS in accordance with our data privacy notice.

Photography: by attending this event, you may be photographed or filmed. Please speak to a member of staff if you do not wish to be included.

For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.

This event is brought to you by: DevSecOps specialist group | BCS