DeepSeek, Computing Engineering Study: #DeepRiskAnalysis

Dr. Danny Ha, APC Professor, Chairman and CEO of APC (ISO CB), 29 Jan 2025

DeepSeek is also catching investors off guard because of the low development costs for its AI app, which Wedbush Securities analyst Dan Ives pegged at only $6 million.?

Are there any related frameworks which would help this out?

For example, the Certified Secure Software Lifecycle Professional (CSSLP) and Software Development Life Cycle (SDLC) are essential frameworks in software engineering that focus on secure and efficient software development practices. https://www.blackduck.com/glossary/what-is-sdlc.html

ISO 42001 Artificial Intelligence Management System (AIMS) can significantly help in AI development and deployment in several ways. CAIO would be an important role.

Coding Efficiency*

Efficient coding practices are crucial within the SDLC framework:

Break down code into smaller functions or modules for better maintainability and reusability https://www.skillreactor.io/blog/coding-for-efficiency-tips-to-write-faster-and-cleaner-code/

Optimize code performance by using appropriate data structures and avoiding unnecessary computations

Implement clear naming conventions and consistent coding styles

Leverage AI-assisted coding tools for potential efficiency gains of 10-15% on average

Both CSSLP and SDLC consider software engineering costs as important aspects of their frameworks.

CSSLP and Cost Considerations*

The CSSLP certification emphasizes cost efficiency in secure software development:

It aims to reduce rework costs by addressing source code vulnerabilities earlier in the development cycle

The certification helps professionals develop application security programs that can lead to cost savings for organizations

SDLC and Cost Management*

SDLC explicitly incorporates cost management into its framework:

It provides a structure that allows project managers to see all project timetables and costs, leading to reduced overall costs

The planning phase of SDLC typically includes cost-benefit analysis and resource estimation

SDLC emphasizes clear deadlines and deliverables, which helps in controlling project costs

Cost Tracking in Software Projects*

Both frameworks encourage the use of cost tracking methods:

Tools like Microsoft Project, Trello with cost tracking plugins, or Monday.com can be used to track expenses in real-time

Earned Value Management is a technique used to track actual costs against estimates

Metrics such as cost variance and cost performance index are used to quantify and analyze project costs https://axify.io/blog/what-is-sdlc

Dr. Danny Ha has been teaching CSSLP exam preparation courses in Hong Kong and Singapore since 2014.

"Thank you Danny!!! With your summary and memory aids, the key concepts of the CSSLP are easier to remember. You really nail spot on the key CSSLP topics and concepts!! My revision is much easier!!" -- Mr Luke Woo, CSSLP, PMP, BSc, Software Specialist, Defense Project Team, May 2014

"I was really impressed and its memorable with how you conducted and shared your knowledge during the training. It effectively shows how CSSLP (privacy controls) plays an important role in the software development phases. Your help and guidance is much appreciated. Many Thanks." ~ Mr. Sim, CSSLP, CHFI, BSc, Defense Project Team, September, 2014

*****

AI LLM (Large Language Model) development and system development are indeed related to CSSLP (Certified Secure Software Lifecycle Professional) and SDLC (Software Development Life Cycle). The integration of AI and LLMs is influencing how software is developed and secured throughout its lifecycle

https://ceur-ws.org/Vol-2600/paper2.pdf

https://insights.sei.cmu.edu/blog/application-of-large-language-models-llms-in-software-engineering-overblown-hype-or-disruptive-change/

AI-SDLC Integration

The traditional SDLC is evolving to incorporate AI and machine learning, leading to what some call an AI-SDLC. https://pieces.app/blog/multimodal-ai-bridging-the-gap-between-human-and-machine-understanding

This new approach includes:

1. Customization for AI models that generate output
2. More flexible and iterative processes
3. Continuous learning and improvement cycles

CSSLP and AI Security

CSSLP certification, which focuses on securing the entire software development lifecycle, is becoming increasingly relevant in the context of AI and LLM development.

https://www.isc2.org/Insights/2024/02/Introducing-improved-learning-for-CSSLP

Key aspects include:

• Ensuring security throughout the AI model development process
• Addressing new security challenges posed by AI systems
• Adapting authentication, authorization, and auditing practices for AI-augmented systems

Emerging Practices

New practices are emerging to address the unique challenges of AI in software development:

• SDLC for Prompts: A novel approach to systematically manage the lifecycle of prompts used in AI applications https://salesforcedevops.net/index.php/2023/08/03/sdlc-for-prompts-the-next-evolution-in-enterprise-ai-development/
• AI-augmented SDLC techniques: Using AI-driven tools for code generation, review, and testing https://insights.sei.cmu.edu/blog/application-of-large-language-models-llms-in-software-engineering-overblown-hype-or-disruptive-change/
• Secure development practices for generative AI: Adapting existing frameworks like SSDF (Secure Software Development Framework) for AI contexts https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218A.pdf

These developments highlight the growing intersection between AI, LLM systems, CSSLP principles, and SDLC practices, emphasizing the need for software professionals to adapt their skills and methodologies to this evolving landscape.

*****

Incorporating AI into the Software Development Life Cycle (SDLC) presents several significant challenges:

Technical Challenges

1. Integration complexity: Aligning AI capabilities with existing architecture and workflows without disrupting operations https://selleo.com/blog/what-are-the-challenges-of-integrating-ai-into-existing-saas-platforms
2. Code quality and reliability: AI-generated code may introduce errors and bugs, requiring thorough code reviews https://www.deloitte.com/uk/en/Industries/technology/blogs/2024/the-future-of-coding-is-here-how-ai-is-reshaping-software-development.html
3. Maintainability: AI can produce unnecessarily complex or verbose code, complicating future debugging efforts
4. Compatibility issues: AI-generated code may not align seamlessly with project architecture, coding standards, or conventions

Data and Training Challenges

1. Data dependency: AI models require extensive, relevant datasets for training, which may not always be readily available 2.
2. Data privacy and security: Concerns about storing sensitive information offsite, especially with cloud-based AI solutions 3.
3. Bias in training data: Outdated or biased data can lead to the generation of code based on deprecated practices or obsolete libraries 1.

Skill and Adoption Challenges

1. Skill gap: Developers may lack necessary experience or knowledge of AI tools and their implications 7.
2. Resistance to change: Teams may be reluctant to adopt new AI-driven processes 11.
3. Over-reliance on AI: Risk of developers becoming too dependent on AI, potentially hindering critical thinking and creativity 10.

Ethical and Legal Concerns

1. Intellectual property protection: Safeguarding AI innovations and training data 3.
2. Transparency issues: AI models often operate as "black boxes," making it difficult to understand their decision-making process 4.
3. Ethical considerations: Ensuring the ethical use of AI in handling sensitive tasks 12.

Cost and Resource Challenges

1. High implementation costs: Integrating AI technologies can be expensive, particularly for SMEs 7.
2. Computing resources: Training custom AI models requires significant computational power 13.

Quality Assurance and Testing

1. Increased testing complexity: The need for more rigorous testing to verify AI-generated code functionality 4.
2. Debugging difficulties: If developers rely too heavily on AI-generated code they don't fully understand, debugging becomes challenging 4.

Addressing these challenges requires a strategic approach, including robust supervision protocols, continuous learning, and adaptation of existing frameworks to accommodate AI in the SDLC.

ISO 42001 Artificial Intelligence Management System (AIMS) can significantly help in AI development and deployment in several ways:

Structured Framework for AI Governance

ISO 42001 provides a comprehensive framework for establishing, implementing, maintaining, and improving an AI management system12. This structured approach helps organizations:

• Integrate AI management with existing organizational processes
• Ensure alignment of AI systems with ethical principles and regulatory requirements
• Implement consistent policies and procedures for AI development and deployment

Risk Management and Impact Assessment

The standard emphasizes:

• Systematic AI risk assessment throughout the lifecycle https://www.centraleyes.com/iso-42001-impact-ai-development/
• AI impact assessment to evaluate consequences on individuals and societies https://www.centraleyes.com/iso-42001-impact-ai-development/
• Identification and mitigation of potential safety risks associated with AI systems https://www.isms.online/iso-42001/

This focus on risk and impact helps organizations proactively address potential issues before they become problematic.

Ethical and Responsible AI Development

ISO 42001 promotes the development of trustworthy AI by addressing key perspectives16:

• Accountability
• Transparency
• Fairness and non-discrimination
• Privacy
• Reliability
• Safety
• Explainability
• Environmental impact

By considering these aspects, organizations can ensure their AI systems are developed and deployed responsibly.

Continuous Improvement and Performance Optimization

The standard encourages:

• Regular independent audits of the AIMS 3
• Continuous monitoring and improvement of AI systems 17
• Performance evaluation and management review 16

This focus on ongoing assessment and improvement helps organizations maintain high standards for their AI systems over time.

Enhanced Trust and Compliance

Implementing ISO 42001 can:

• Demonstrate commitment to ethical AI practices to stakeholders 3
• Facilitate compliance with legal and regulatory requirements, including the EU AI Act 3 17
• Improve trust among customers, suppliers, regulators, and employees 3

By adhering to ISO 42001, organizations can position themselves as responsible leaders in AI development and deployment, potentially gaining a competitive advantage in the market.

*****

For Cantonese classes on ISO 42001 AIMS LI LA 2-day course, CCAIO course, CSSLP exam prep course, or CISSP exam prep course, please visit https://www.apciso.com/onlinecourse. To schedule a free 40-minute consultation via Zoom with Dr. Danny Ha, Professor APC, make an appointment through WhatsApp at +852 9494 5357. #dannyharemark