open source and cybersecurity news

March 29th, 2024

In this Episode:

It’s March 29th, 2024 and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today’s point of discussion is around low-code/no-code solutions and their implications. Today we have perspectives from Julie Chatman in Washington, DC, Katy Craig in San Diego, California, Trac Bannon in Camp Hill, Pennsylvania, Edwin Kwan in Sydney, Australia, and Olimpiu Pop reporting from KubeCon Paris.

We’ll start with Katy Craig.

Katy Craig
What is Low/No Code and Why Does it Matter?

Katy Craig, Contributing Journalist, It's 5:05 PodcastToday we’re diving into an emerging trend that’s reshaping the technology landscape: the rise of the low-/no-code citizen developer. This movement represents a seismic shift in how software is developed, offering a more inclusive and agile approach to building digital solutions. But what does this mean and why does it matter?

This is Katy Craig in San Diego, California.

Low-/no-code platforms empower individuals with little to no programming knowledge to create applications through graphical user interfaces and configuration instead of traditional coding. This democratization of technology development is enabling a new wave of innovation, as more people can turn their ideas into reality without the steep learning curve of coding languages.

The rise of the citizen developer is fueled by the need for rapid digital transformation. Businesses are under pressure to evolve quickly, and low-/no-code platforms offer a faster route to develop a custom solution that meets specific needs. This trend is not just about efficiency, it’s about accessibility. By lowering the barrier to entry, we’re seeing a more diverse group of people contributing to technological advancement, bringing fresh perspectives, and solving problems that were once overlooked.

However, this shift is not without its challenges. As more people gain the ability to create applications, concerns about data security, governance, and integration with existing systems arise. There’s a delicate balance between empowering citizen developers and maintaining control over the digital environment. Organizations must establish clear guidelines and provide oversight to ensure that applications built by citizen developers are secure, compliant, and align with broader business objectives.

Moreover, the rise of the citizen developer raises questions about the future of professional software development. While some fear that low-/no-code platforms might diminish the demand for traditional coding skills, others argue that they will free up developers to focus on more complex and innovative projects, elevating their role from coders to solution architects.

To conclude, the rise of the low-/no-code citizen developer is a testament to the evolving nature of technology. It’s a movement that’s breaking down barriers, fostering innovation, and challenging the traditional norms of software development. As we navigate this new landscape, it’s crucial for businesses to embrace this change, providing the right tools, guidance, and support to unleash the potential of citizen developers while safeguarding the integrity of their digital ecosystems.

This is Katy Craig, stay safe out there.

Julie Chatman
Title: Almost anyone can develop software now. What does this mean?

Julie Chatman, Contributing Journalist, It's 5:05This is Julie Chatman in Washington, DC, with a perspective on software development.

Software development is like building a digital Lego set. Imagine that you have a box of Legos, but instead of plastic parts, you have lines of code, which are instructions that tell computers what to do. Just like following Lego instructions to build a house or a spaceship, software development involves following a plan or a set of steps to create a website on the internet or applications that run on a computer to help us work, play, and connect with other people or businesses in the digital world.

Think about how smartphones made everyone a photographer. The same thing is happening in the world of software development via low-code/no-code tools and platforms. These tools and platforms offer a visual way to build software with templates and drag-and-drop functionality, as opposed to requiring the user to write software code. These tools and platforms are enabling democratization in software development by making complex tasks more accessible to non-technical users. That can foster inclusivity in today’s digital world. For technical workers, the benefit of low-code/no-code development is shrinking the time from idea to deployment.

Now, there could be a concern that some low-code/no-code platforms and tools may not be able to account for complex security requirements. Here, it may be helpful to imagine a plumbing issue in a condo, a house, or an apartment. Some plumbing issues can be addressed on a do-it-yourself basis, using guidance from a YouTube video. Others, not so much.

Another point of view is that low-code/no-code, software development platforms and tools are akin to being able to cook a gourmet meal without being a chef, or designing a multi-lane bridge without being an architect, and that software engineering as a technical discipline will be devalued and professional development in the field will be disincentivized.

Like any resource, low-code/no-code platforms and tools have their place, and they can be incredibly beneficial, but they aren’t a one-size-fits-all solution. My perspective is that we will see these platforms and tools coexist alongside traditional development. Let’s keep an eye on this and stay safe out there.

Edwin Kwan
Low-Code/No-Code: Boon or Bane for App Security?

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastThe demand for new software is exploding, but traditional coding is slow and expensive. Low-code/no-code development offers a solution by letting users create apps with minimal coding. But is it secure?

This is Edwin Kwan from Sydney, Australia.

Low-code/no-code platforms use drag-and-drop interfaces or pre-built components to simplify app creation. This lets non-programmers build basic apps, freeing up professional developers for complex tasks. This allows for faster development, allowing businesses to innovate quicker, and it also improves workflow and efficiency as anyone can build an app.

There are some security concerns, though. There is low visibility. Low-code/no-code platforms are often from external vendors, making it difficult to access their security posture. The pre-built code might also have vulnerabilities that get replicated across applications.

So what can we do about it?

– First, use platforms from trusted vendors with strong security reputations.

– Next, maintain a software inventory that includes low-code/no-code platforms and apps built with them.

– Third, understand where sensitive data resides and how those apps handle it.

– Lastly, educate users on security implications.

Low-code/no-code is here to stay. By understanding the advantages and addressing the security risks, organizations can leverage them for faster and more efficient app development without compromising security.


Tracy (Trac) Bannon
LowCode/NoCode:Yellow Brick Road or Highway To Hell?

Trac Bannon, Contributing Journalist, It's 5:05 Podcast

In our evolving world of software architecture, the burgeoning low-code/no-code landscape presents itself as a paradoxical “choose your own adventure.” Is it the culmination of efficiency and accessibility, or a deceptive path leading to unforeseen complexities and constraints?

Hello, this is Trac Bannon providing my point of view from Camp Hill, Pennsylvania.
The low-code/no-code revolution proclaims a democratization of development, heralding a new era where creativity, not just coding prowess, governs the creation of digital realms. The allure is undeniable: a swift journey from concept to execution, empowering those beyond the IT citadel to forge their own applications.

Yet, this accessibility comes with its caveats. There are choices and trade-offs, just like Dorothy picked the shortcut through the forest and ran into the flying monkeys. In that final push to Oz, the poppies sure looked harmless!
Beneath the surface of drag-and-drop simplicity lies a potential quagmire of limitations. Customization, the soul of custom-made software, often finds itself shackled, replaced with configuration. Database schemas can lock away data in such a convoluted manner that extracting it seems hopeless, and moving on to a new platform becomes a bridge too far.
The very essence of integration, a cornerstone of software architecture, morphs into a Sisyphean ordeal challenging the harmony of the existing technology in the ecosystem. In the shadows of the underlying code, Out of sight, but not out of relevance, hide unknown algorithms and dependencies. The quality and robustness of this concealed foundation remains pivotal. This black-boxing should drive a Renaissance in how we perceive, evaluate, and harness low-code/no-code platforms.

As software architects, we stand at this intersection of developer-generated code or democratized software creation contemplating that trajectory of low-code/no-code. Will it pave a yellow brick road towards innovation and inclusivity, or will it veer off into a labyrinth of compromise and complexity down the less desirable highway?

The evolution of low-code/no-code platforms is inevitable, but its integration into the fabric of technology demands a nuanced approach. It beckons a transformation in our architectural paradigms and alignment of tools with vision, ensuring that the low-code/no-code journey enhances, not ensnares, the creative and technical enterprise. We need to embrace the power of our professional developers, as well as our citizen developers. They both bring valuable mindsets.
I believe we will see an intersection of low-code/no-code with the current rise of platform engineering for custom development. Why? Because the purpose of a digital platform is to codify leading practices, provide opinionated guidance, and quite frankly, keep humans from making mistakes. With the injection of AI and the eventual autonomous AI agents, the entire face of software engineering, development, and delivery will change.

I gotta say that it is so curious to me that the low-code/no-code crowd has been embracing the use of AI and ML for years. Well before the custom development folks got excited by the GPT craze, the mindset for the citizen developers has always been to embrace new ideas to simplify and accelerate the delivery of value.

As IT, we will need to help the citizen developer to engage with IT and not avoid us causing shadow IT issues. IT needs to have an open mindset and provide reasonable guidance- not draconian standards and harsh change control boards. We need to navigate this with discernment, embracing digital platform potentials while vigilantly mitigating its pitfalls.
The road or the highway ahead is still under construction, a blend of promise and precaution in this journey. Our architectural acumen will not only adapt, but will redefine the contours of innovation and efficacy in this digital era.

Something to noodle on.

Olimpiu Pop
When to use Low Code and No Code?

Olimpiu Pop, Contributing Journalist“Low-code/no-code platforms bring speed and ubiquity to the development of new things. But how should we look at them? What are the benefits?

– First of all, speed and efficiency. Low-code platforms dramatically reduce the time and complexity of developing new applications. By offering pre-built templates and drag-and-drop interfaces, they enable developers and non-developers alike to create applications quickly, enhancing productivity and bringing ideas to market faster.

– Less time means cost reduction. These platforms can significantly lower development costs. By minimizing the need for specialized coding skills, companies can save on hiring expert developers and allocate resources more efficiently across their projects.

– Last but not least, it means democratization of development. Local platforms make app development accessible to a wider audience, including those without formal programming expertise. This democratization fosters innovation across various levels of an organization, allowing more individuals to contribute to the digital transformation process.

But there are also cons:

-Security risks. The simplicity of local platforms can also be their Achilles heel. The reliance on pre-built components and third-party integrations can introduce vulnerabilities if these elements are unregularly updated or securely configured, making applications susceptible to cyberattacks.

– They have a limit to customization and scalability. While low-code platforms excel at rapidly deploying applications, they might not offer the same level of customization or scalability as traditional development methods. This can lead to challenges in adapting applications to evolving business needs or handling large-scale user bases.

– Last but not least, we can see an over-dependence and lock-in. There is a risk of becoming too dependent on a specific low-code platform, leading to vendor lock-in. This over-dependence can limit flexibility, making it difficult to migrate to other solutions or integrate with external systems without significant effort and cost.

All in all, I think they are a good tool to have for particular use cases. Even though, sometimes, it means that the written solution has to be dropped and recreated in another local platform. A particular point where I can see them being useful is building internal tools, or even for fast prototyping.

Let’s not forget that even in the field of software development, the penetration of security practices is still limited. So whenever you do that, make sure that security is also covered.

Olimpiu Pop reported from KubeCon Paris.

Hillary Coover: Thanks for listening to Point of View Friday. If you like what you heard, please subscribe to “It’s 5:05” on your favorite podcast platform. It’s 5:05 is a Sourced Network Production based in New York City. This is your host, Hillary Coover. Have a wonderful weekend.