I’m kidding! But I have to admit something: I’ve been going on LinkedIn every day recently, and I’m having a great time. Last week, the company announced it was adding three games to its app, both on desktop and mobile, as a naked engagement ploy to get you to open the app every day. I hate to say this, but it’s working.
The three games are called Pinpoint, Crossclimb, and Queens. Pinpoint is basically The New York Times’ Categories game but in reverse: the game gives you items, and you have to guess the category. Crossclimb is like the Times’ mini crossword, with a twist that you then have to rearrange the answers into a word ladder. And Queens, my...
Microsoft is attempting to solve the problem of coming up with a good prompt for generative AI, aiming to turn everyone into a prompt engineer. In the coming months Copilot for Microsoft 365, the paid service that adds an AI assistant to Office apps, will be updated with a new auto-complete feature that offers suggestions to improve AI prompts.
If you start creating a prompt then Copilot will soon offer to complete it with extra details to improve the end result of whatever you’re generating or the questions you’re asking. So if you start typing “summarize” then Copilot will display options to summarize the last 10 unread emails in your inbox, or other tasks that are related to your Office data.
When integrating an open source software (OSS) component into your software supply chain, it’s critical to go beyond merely assessing component functionality.
This evaluation should encompass a thorough examination of the component’s security and delve into the overall health of the software project, including the efforts of maintainers and contributors who support and advance the project’s development.
Moreover, understanding software dependencies is crucial in managing risks associated with open source components within a software supply chain. A software bill of materials (SBOM) can also play a pivotal role as a comprehensive inventory of all software components used, enabling better management of dependencies and security vulnerabilities.
Let’s explore the essential elements that contribute to the reliability and security of OSS software components. By understanding these factors, organizations can enhance their ability to effectively manage the associated risks and ensure a secure software supply chain.
Codebase security: Examining the codebase for security vulnerabilities is essential to understand the immediate risks of integrating OSS. This includes identifying common security issues and outdated components.
Maintainer engagement: The commitment of project maintainers to address security concerns directly affects the trustworthiness and security of OSS. Responsive maintainers enhance the reliability of their projects.
By rigorously assessing these areas, organizations can ensure their use of OSS adheres to high security standards, reducing risks and bolstering the overall security and stability of their technological infrastructure.
Understanding the OSS Security Landscape
The open nature of OSS presents both significant benefits and challenges. While its adaptability and collaborative development model promote innovation and evolution, these characteristics also make OSS susceptible to security vulnerabilities.
Key security risks in OSS include:
Accessibility and vulnerability: Open access to OSS code invites global contributions that enhance development, but also exposes the software to potential exploitation by malicious actors.
Testing and quality assurance: OSS often lacks the centralized security testing found in proprietary software, leading to latent bugs and security flaws that might only be identified after causing damage.
Accountability challenges: The decentralized governance of OSS can diminish accountability. Without centralized management, the response to security threats can be delayed, increasing risk exposure.
Integrating OSS security into the SDLC is vital to mitigate risks while maximizing the benefits of OSS. This proactive approach helps ensure that organizations not only benefit from the innovation of open source but also protect their operations against potential threats.
Evaluating OSS Security
Ensuring the security of OSS within your SDLC requires a proactive and structured approach.
Here are critical strategies to effectively assess and enhance the security posture of OSS components:
License evaluation: Assess the license implications of the OSS, especially concerning redistribution and modification rights. Confirm compatibility with your project’s legal and operational frameworks.
Community involvement: Active community engagement indicates robust project health. Evaluate whether maintainers are responsive and committed to ongoing project development.
Maintenance and updates: Consistent updates and active maintenance signal a healthy, secure OSS project. A lack of updates may indicate potential security risks, emphasizing the need to monitor maintenance activities.
Security assessment: Perform thorough security assessments to identify known vulnerabilities and potential insider threats. Use various tools to stay informed about the security status of OSS components.
Integrating OSS Security Into Your Development Workflow
Adopting robust security measures is not merely a best practice but a necessity for safeguarding your applications from vulnerabilities and malware.
Here are key strategies to integrate OSS security effectively:
Robust code review and testing: Establish rigorous testing protocols and regular code reviews to proactively identify and address vulnerabilities. Cultivate a culture of security that values diverse perspectives and expertise in the review process. Using security testing tools and techniques can normalize your analysis, help pinpoint vulnerabilities and ensure compliance with security standards.
Dependency management: Given the reliance on a diverse array of open source libraries and components, meticulous management of software dependencies is essential. Regular updates, reviews and the integration of SBOMs enhance transparency, allowing precise tracking and efficient remediation of vulnerabilities. Staying informed about security advisories and applying patches promptly are also crucial to mitigating risks associated with outdated or compromised software.
Embedding robust security practices within your SDLC enhances application security and reduces vulnerability risks, leveraging the benefits of OSS while mitigating its inherent challenges.
Prioritizing OSS security within your SDLC not only safeguards against vulnerabilities but also fosters innovation and trust in your software projects, ensuring resilience and reliability in a rapidly evolving digital world.
Edge might be based on the same open-source Chromium engine as Google's Chrome, but it's no mere clone. These three features are great for making the web less annoying.
In April this year, we released WebStorm 2024.1, our first major update for 2024. Thank you to everyone who is already using it and providing us with feedback.
With April now behind us, we’d like to announce what we’ve got planned for the next release of WebStorm, which is scheduled for the end of July, with our usual disclaimer that these plans are subject to change.
Also, as usual, we’ll be releasing EAP builds in the run-up to this release. We encourage you to try these builds and provide us with feedback on the features and report any issues you discover. You can have a significant impact on the product development at this stage.
Our primary focus with this release will be improving various aspects across performance, as well as the quality of support for the main technologies. Here are our most significant plans for WebStorm 2024.2:
Run .ts files – We’re developing a feature to enable the direct execution of .ts files in WebStorm. This feature will allow users to run .ts files without the need for a compilation step, catering to both individual files and small projects. (WEB-31667).
WebStorm@next TypeScript engine enabled by default – We’re continuing to work on delivering our TypeScript engine, and we intend to make it the default in this release. We also hope to make it stable for Vue and Angular.
Debugging support for Bun – We’ll be adding debugging support for new technologies such as Bun through the Debug Adapter Protocol (WEB-63924).
Next.js support improvements – We’re adding support for the Next.js 13 app directory’s href prop of Link component, providing code completion, support for the Rename refactoring, and path resolution (WEB-60601).
Node.js test runner for TypeScript – We plan to add support for configuring and running node:test for TypeScript files the way you do for JavaScript ones (WEB-63423).
Nx support enhancements – We’re adding support for stylePreprocessorOptions, which will include features like Resolve, Rename, and Find Usages in WebStorm (WEB-56082).
More quick documentation improvements – We plan to build on the new improvements to our quick documentation in 2024.1. WebStorm will show classes as separate lines for fields (WEB-65252) and make both them and interfaces clickable (WEB-65407).
Auto-import improvements –We’ll be improving the basic functionality of auto-imports for various subsystems, including Angular workspaces (WEB-35547), Angular HttpContext (WEB-64669), and JSDoc (WEB-60820 and WEB-65257).
Show component usage improvements –We’ll continue to improve Show component usage,adding a shortcut for it (WEB-66135) and providing usage results in the template (WEB-65061).
Support for Angular reactive forms –We’re improving support for Angular reactive forms, with plans to implement code completion and an option to generate code in the template (WEB-29262).
Svelte 5 support – We plan to include essential support for Svelte 5 in this release (WEB-63102).
That’s all for now! Stay tuned for the start of the 2024.2 Early Access Program!
Our series exploring how market and user research is done at JetBrains continues. Want to learn more about research insights and take part in future JetBrains studies? Join our JetBrains Tech Insights Lab!
The world of IT is a rapidly growing industry, attracting more and more people with a passion for creative and challenging tasks. With the increasing demand for technology in every aspect of life and business, the industry offers a diverse range of career paths for newcomers.
Every year, around 30,000 respondents take part in our Developer Ecosystem Survey. These include both professionals in the industry and those just starting in IT, like students and career switchers. With the data we’ve gathered, we’re able to get insights into how developers at all stages of the journey – but especially newcomers – are approaching the tech world.
We’ve looked at the data collected in Developer Ecosystem Survey 2023 and compared responses given by students and professionals on various topics related to programming languages, tools, technologies, and activities. In this blog post, our goal is to offer you valuable insights into the exciting world of technology and skills that are in high demand, while also highlighting the diversity of career paths available in IT for newcomers. As a bonus, we’ll share career advice from our colleagues at JetBrains to help guide those embarking on their IT journey.
Table of Contents
Education
Most people’s journey into the world of programming begins with education. For both students and professionals, formal education emerges as the primary stepping stone toward a career in software development. This initial foray into the world of programming is often facilitated through university programs and structured courses. Free online courses and code schools follow closely. Among students, this approach is particularly prominent, with 17% indicating that it facilitated their entry into the world of IT. With the blossoming of learning platforms that has begun in recent years, this way of learning is likely will take an increasing share as an affordable and flexible option.
Computer science and software engineering are the two most frequent majors among our respondents.
When it comes to gaining new knowledge, both students and professionals go for video and written learning content in equal measure.
A Product Marketing Manager is the intersection between product, marketing, and sales. If somebody wants to become a Product Marketing Manager, they do not need to be experts in everything at once. You can just be good at one thing, and you’ll learn the rest. So, my major advice is to be ready to learn.
Oscar Rodriguez, Product Marketing Manager
Technologies and tools
While both students and professional developers are heavily involved in coding and programming, a closer look reveals some distinctions:
Students are more likely to be involved in academic research (33% vs. 8%), machine learning (24% vs. 10%), UX/UI design/research (16% vs. 10%), and graphics design/art (11% vs. 6%). In contrast, professionals are more likely to be involved in testing (47% vs. 27%), code reviewing (59% vs. 24%), deployment (40% vs.18%), DevOps activities (29% vs. 10%), and system design (43% vs.15%). These differences likely stem from the specific demands and amount of experience sought in each field.
Compared to professionals, students tend to lean more toward creative and user-centric activities: websites (58% vs. 51%), utilities (43% vs. 33%), and games (20% vs. 8%). Professionals are more involved in foundational and architectural aspects of technology: system software (25% vs. 18%) and IT infrastructure (21% vs. 11%).
Professionals tend to use a wider range of tools compared to students, with more significant differences observed in using Issue trackers and CI/CD. Notably, the use of cloud-based editors or IDEs is more common among students.
JetBrains tools are FREE for Students, Educators, and Open-source developers. Try them now!
I would recommend that beginner software developers take up a side project and develop something totally on their own, because then you get exposed to a lot more than just maintaining a piece of software. You get more experience as you go through the whole development lifecycle. Also, you can work on something fun, too. For example, I am involved in a music streaming site for tabletop role-playing games.
Bruce Hamilton, Full-Stack Software Developer
It’s really useful to create demo pages and replicate the technologies you see around you. For example, if you visit your favorite store’s website and see something interesting there, try to understand how it’s built. In the process, you also enhance your portfolio.
Liana Gukasyan, Frontend Developer
Programming languages
The top languages among professional developers and students are almost the same.
The top most used languages among students are Python, JavaScript, HTML / CSS, Java, SQL, C++, and C. Also, students significantly more often use C, C++, Python, Java, HTML / CSS, MATLAB, Assembly, and R than professionals do. In turn, professionals are more likely to use TypeScript, Shell scripting languages, Go, GraphQL, and SQL.
The popularity of C++ and C among students can be explained by the fact that these languages are often taught within the curriculum at different educational institutions to introduce the basics and logic of programming. In turn, Python is gaining popularity among students thanks to its approachability and wide usage in data analysis.
Remote and collaboration development
As the popularity of remote work continues to grow, remote collaborative development has become a cornerstone, allowing both students and professional developers to collaboratively shape code, exchange insights, and troubleshoot in real time.
Video calls with screen sharing have become the go-to method for remote collaborative development, prevailing among both students and professional developers. However, the share of students using screen sharing is slightly smaller. Students, more often than professionals, use an editor or IDE with collaboration features for remote collaborative development.
Common scenarios for collaborative development resonate across both groups, encompassing situations demanding assistance and bug fixing. Some natural differences are that students use collaborative development more often when learning something new, and professional developers take a collaborative approach when teaching. However, the distinction between the two groups in this aspect is minimal.
Lifestyle and media
As we explored Developer Ecosystem survey results beyond the technology landscape, we discovered several things that define the hobbies and leisure activities of students and professionals:
Students showcase a marked preference, with a substantial 80% leaning toward community forums as their primary source of information. In addition to forums, YouTube (70%) and social media (54%) also emerge as two other prominent information hubs among students.
based on the data from 2022 Developer Ecosystem survey
If you want to get into technology, remember that taking extra courses and staying curious sets you apart. Being proactive matters too. Another important thing is to make connections with the people in your field of interest. You can learn a lot from them.
David Watson, Content Marketing Writer
In terms of hobbies, both students and professionals have technology-driven interests. The top three leading hobbies among students and professionals are the same – programming, video games, and watching TV / video-streaming services.
based on the data from 2022 Developer Ecosystem survey
Checklist: Career advice for IT newcomers
Finding your first job and getting an interview can be very exciting and stressful at the same time. An action plan can help you get rid of uncertainty and cope with stress. The checklist contains HR team recommendations for your job search and things to do before an interview. We have added some tips and tricks shared by our experts, which might help find your first job in IT.
“An important piece of advice is actually being able to take advice”
David Watson, Content Marketing Writer
It was really difficult to change careers. I did it twice. I had a lot of doubts for a long time about whether I’d done the right thing. If you know, in your heart, that you’re not in the right career, it’s never too late to change. And even if it feels like I spent my entire 20s setting myself up for a long career and I basically threw 50% of it away, it was completely worth it. I chose to do what I was really passionate about, and it completely paid off.
Jodie Burchell, Developer Advocate in Data Science
Log in
