As CTOs and VPs of Engineering think about expanding the use of GenAI in software development workflows, what are the first 3 steps to take to transition from theory → reality?
Step 1: Involve developers and team leaders in the implementation process
Build an advisory team of enthusiasts and skeptics, junior and senior devs, to speak their mind about the advantages and challenges of rolling out GenAI in the SDLC.
Step 2: Identify the guardrails.
Are there parts of the code where GenAI should not be used? Is GenAI acceptable as long as it’s been sufficiently modified / blended by the developers? Build this in collaboration with the legal team, at this point, to determine a set of ‘don’ts’ for your unique business constraints. This approach is a risk management exercise, related directly to the legal nexus of your organization.
Step 3:
Loop in your CISO. Security leadership will have strong instincts with respect to areas in which developers should not be using GenAI code. If possible, ask your CISO to consult with any advisory firms that may be consulting for your organization.
Key takeaway:
A clear understanding of constraints is key to understanding what you can do. With the proper guardrails, GenAI in the SDLC can unlock significant productivity and job satisfaction increases. Unchecked, GenAI can add technical debt, security debt, and potential IP risk. Understanding constraints from a cross-functional perspective can prevent issues early on.
About Sema Technologies, Inc.
Sema is the leader in comprehensive codebase scans with over $1T of enterprise software organizations evaluated to inform our dataset. We are now accepting pre-orders for AI Code Monitor, which translates compliance standards into “traffic light warnings” for CTOs leading fast-paced and highly productive engineering teams. You can learn more about our solution by contacting us here.
Disclosure
Sema publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only. To request reprint permission for any of our publications, please use our “Contact Us” form. The availability of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.
