1、How I Learned to Stop Worrying and Love Vibe CodingSecurity Edition Im Jon Zeolla Founder,SANS Instructor SEC540(Cloud Native),SEC545(GenAI)Open Source(CNCF,ASF,OpenSSF,)Conference Organizer Pittsburgh,PAStep 1:Build a Baseline Design your repo structure Write Instructions for your AI tools to follo
2、w Use preferred tooling for builds,tests,and deploys Implement tests Make updates easy Build pipelines for CI,CD,and security scansAI Native PythonStep 2:Spec Driven DevelopmentSpecifications:GherkinFeature:Create itemScenario:Happy path Given I have a valid JWT And a payload name:Widget,price:9.99
3、When I POST to/api/v1/items Then the response code is 201 And the body has fields id(uuid),created_at(ISO 8601)And name=Widget and price=9.99Scenario:Validation failure Given a payload name:,price:-1 When I POST to/api/v1/items Then the response code is 400 And the body explains missing/invalid fiel
4、dsScenario:Unauthorized Given no Authorization header When I POST to/api/v1/items Then the response code is 401Specifications:EARSEasy Approach to Requirements SyntaxUbiquitous requirementsState driven requirementsEvent driven requirementsOptional feature requirementsUnwanted behaviour requirementsC
5、omplex requirementsSpecifications:EARSWhen an authenticated client submits a valid JSON payload name:string,price:decimal to POST/api/v1/items,the Items API shall create the item and respond 201 Created with body id:UUID,created_at:ISO-8601,name,price.When the JSON payload is missing required fields
6、 or violates constraints(e.g.,empty name,negative price,wrong type,or max length exceeded),the Items API shall respond 400 Bad Request with a field-level error list(Problem Details JSON).When the request lacks a valid Authorization:Bearer (missing,expired,malf