Ignorance is not Bliss
•
1 like•403 views
E
ESUGIgnorance is not Bliss - Issues in Open-Source Licensing. Jason Ayers & Julian Fitzell. ESUG 2010.
Report
Share
Report
Share
Download to read offline
Recommended
Tim Nolan
Timothy J. Nolan has over 11 years of experience as an Information Security Officer for a Fortune Global 500 company, where he led security monitoring, intrusion detection, incident response and cyber investigations teams for over 12 years. He is also responsible for security architecture, assessments, policy development, awareness training and custom tool creation. Prior to his current role, Nolan was a senior security analyst and also held director roles in information services and networking.
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Do you ever feel that your trusted security providers are failing to tell you the whole truth? Would you like to hear what they aren't telling you? It is time for intellectual honesty. We entrust the security industry to protect us from unacceptable risk. However, competing vendor priorities often prevent them from sharing and discussing all security truths. Some "Lies of Omission" merely delay countermeasures. More serious "Dirty Secrets" have created and perpetuated unacceptable blind spots and exposure. First, we expose the 7 Dirty Secrets of the Security Industry. Second, we highlight key security trends deserving your attention. Lastly, we will outline practical ways to command intellectual honesty from your trusted security providers.
The Consumerisation of Corporate IT
The document provides an overview of Peter Wood, an expert in ethical hacking and cybersecurity. It discusses the concept of "consumerisation" where employees want to use their personal devices for work purposes. While this raises security concerns for IT departments, the document argues that tightly controlling devices is ineffective and employee expectations around mobility and flexibility will result in loosened corporate control over tools. It outlines some of the mobile security risks at different layers of devices and examples of malware targeting smartphones.
Secure Mobile Working 1.0
A presentation on the challenges of secure mobile working and what to do about them, for Infosec 2007. The data may be getting long in the tooth but the points are still valid today.
Threats And Countermeasures
1) The document discusses emerging threats to enterprise information security like viruses, trojans, intrusions, spamming, phishing, and removable storage devices.
2) It examines how organizations assess these risks in planning, and whether concerns have held them back from taking advantage of technologies.
3) The author argues that effective security requires understanding broader risks, coordination across integration points, and balancing trust with prevention through policies, training, and clear ownership.
Jeff lanza id theft handout business march 2011
This document provides guidelines for organizations to prevent identity theft. It recommends securing physical records with layered access controls and protecting digital media the same as physical records. It also suggests implementing computer security measures like firewalls, encryption, strong passwords that change regularly, and automatic logoffs. Further, it advises establishing policies for handling personal information, training employees, and being cautious over the phone or email to avoid unauthorized access to sensitive data.
Mobile security - Intense overview
This document provides an overview of mobile security threats and discusses mobile security compared to traditional IT security. It covers several topics related to mobile device security including the different security models of mobile operating systems, development language security, and mobile hacking attack vectors. The document is an introduction to mobile security presented by Fabio Pietrosanti, CTO of PrivateWave.
2010: Mobile Security - Intense overview
Intense overview of most mobile security related issues
From Clust Education talk on Security Summit in Milan (Italy):
https://www.securitysummit.it/eventi/view/82
Recommended
Tim Nolan
Timothy J. Nolan has over 11 years of experience as an Information Security Officer for a Fortune Global 500 company, where he led security monitoring, intrusion detection, incident response and cyber investigations teams for over 12 years. He is also responsible for security architecture, assessments, policy development, awareness training and custom tool creation. Prior to his current role, Nolan was a senior security analyst and also held director roles in information services and networking.
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Do you ever feel that your trusted security providers are failing to tell you the whole truth? Would you like to hear what they aren't telling you? It is time for intellectual honesty. We entrust the security industry to protect us from unacceptable risk. However, competing vendor priorities often prevent them from sharing and discussing all security truths. Some "Lies of Omission" merely delay countermeasures. More serious "Dirty Secrets" have created and perpetuated unacceptable blind spots and exposure. First, we expose the 7 Dirty Secrets of the Security Industry. Second, we highlight key security trends deserving your attention. Lastly, we will outline practical ways to command intellectual honesty from your trusted security providers.
The Consumerisation of Corporate IT
The document provides an overview of Peter Wood, an expert in ethical hacking and cybersecurity. It discusses the concept of "consumerisation" where employees want to use their personal devices for work purposes. While this raises security concerns for IT departments, the document argues that tightly controlling devices is ineffective and employee expectations around mobility and flexibility will result in loosened corporate control over tools. It outlines some of the mobile security risks at different layers of devices and examples of malware targeting smartphones.
Secure Mobile Working 1.0
A presentation on the challenges of secure mobile working and what to do about them, for Infosec 2007. The data may be getting long in the tooth but the points are still valid today.
Threats And Countermeasures
1) The document discusses emerging threats to enterprise information security like viruses, trojans, intrusions, spamming, phishing, and removable storage devices.
2) It examines how organizations assess these risks in planning, and whether concerns have held them back from taking advantage of technologies.
3) The author argues that effective security requires understanding broader risks, coordination across integration points, and balancing trust with prevention through policies, training, and clear ownership.
Jeff lanza id theft handout business march 2011
This document provides guidelines for organizations to prevent identity theft. It recommends securing physical records with layered access controls and protecting digital media the same as physical records. It also suggests implementing computer security measures like firewalls, encryption, strong passwords that change regularly, and automatic logoffs. Further, it advises establishing policies for handling personal information, training employees, and being cautious over the phone or email to avoid unauthorized access to sensitive data.
Mobile security - Intense overview
This document provides an overview of mobile security threats and discusses mobile security compared to traditional IT security. It covers several topics related to mobile device security including the different security models of mobile operating systems, development language security, and mobile hacking attack vectors. The document is an introduction to mobile security presented by Fabio Pietrosanti, CTO of PrivateWave.
2010: Mobile Security - Intense overview
Intense overview of most mobile security related issues
From Clust Education talk on Security Summit in Milan (Italy):
https://www.securitysummit.it/eventi/view/82
Mars
The document discusses Mars, a framework for building native Mac applications using Pharo Smalltalk. Mars uses an Objective-C bridge to communicate between Pharo and Cocoa/CocoaTouch. It follows an MVC architecture, with views as Objective-C controls, controllers handling callbacks between Pharo and Objective-C, and a flexible model adaptor. The document outlines some problems being addressed in Mars and next steps to improve, test and document it further.
Presenting at ESUG
The document discusses best practices for creating effective presentation slides. It recommends that slides should contain no more than 6 bullet points per slide, with text no smaller than 12 point font. Graphics and design are important to engage the audience visually and demonstrate care and customization. Templates should include the presenter's name and date in a consistent footer. The focus of a presentation should be the presenter's story and message, not the slides themselves, which are merely visual aids. Details that are not important to the central message should be removed. Demonstrations can enhance technical topics by bringing facts to life through active examples and description of processes.
Toothpick
Toothpick is a simple logging framework for Smalltalk that separates the concerns of whether, where, and what to log. It includes loggers to define where events are logged, like to the transcript, files, or network. Logging formatters define what is logged, like simple text or XML. Logging policies determine whether an event is logged based on its category and level. The LoggingMultiplexer manages multiple loggers. LoggingEvents contain log messages that are sent to the multiplexer.
Squeak Update
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Non-DIY* Logging
Syslog is a widely used protocol for system logging that uses UDP sockets to pass 1024-octet log messages. The document discusses the syslog protocol, including the key components of senders, receivers, and relays. It then provides examples of using a Smalltalk syslog library called OskSyslog to send, receive, and relay syslog messages.
Objects History
This document discusses objects history, which saves the state of live objects over time efficiently. It allows querying past states and values. Potential applications include version control systems, text editors with undo/redo, and adding execution traces to debug objects' states over time. The author has created prototypes using objects history in Smalltalk environments. Future work includes optimizing objects history and incorporating it into more applications.
Parcels
Parcels are a binary deployment technology for loading and unloading code in a fast and feature-rich way. They can load code into a running system, support class extensions, and have meta-information like versioning and prerequisites. Loading code with parcels is fast because it separates object and reference descriptions into two sections for efficient parsing. Parcels provide a way to package and deploy code that is interactive and supports changing the shape of classes.
Working Smarter, Not Harder
The document discusses Northwater Capital Management's tools, processes, and automation for development. It outlines custom tools created for their Gemstone and VA environments, as well as automation of runtime monitoring, scheduling, nightly processes, issue management, reporting, production and daily releases, and testing. Diagrams and screenshots demonstrate the custom menus, code comparison tools, instance migration, attribute specifications, scheduler, release process, and testing procedures.
What is ethical hacking
The document discusses information security and ethical hacking. It describes how passwords and viruses have become easier to crack over time. Ethical hacking involves finding vulnerabilities to improve security, while black hat hacking exploits them. The document outlines types of hackers, hacking attacks, malware, and career opportunities in information security fields like cyber security, information systems auditing, and network engineering. It provides examples of phishing emails and scams.
Intellectual Property & Software
This document discusses different types of intellectual property, including patents, copyrights, trademarks, and trade secrets. It addresses how patents can cover software and who needs to be concerned about patent enforcement and patent trolls. Copyrights are discussed as providing the longest protection for software code. Some important court cases involving intellectual property are also mentioned.
Integrated Intrusion Detection Services for z/OS Communications Server
This document discusses integrated intrusion detection services for z/OS Communications Server. It provides an overview of the intrusion detection system, describing the types of events it can detect including scans, attacks against the TCP/IP stack, and interface flooding. It also outlines the policy model and available actions for responding to detected intrusion events.
Protect Your Rights: Managing Intellectual Property Risks
I presented as part of a panel at PAX Dev 2015 that discussed intellectual property risks for video game developers and producers, and how to manage those risks. My focus was on the availability of insurance coverage to protect against IP infringement claims, and how to maximize your insurance once you have it.
2009 patents - presentation
This document discusses patents, copyrights, and licenses as they relate to software. Patents protect processes and ideas, while copyrights protect implementations and code. Licenses are rights-granting agreements between owners and users of software. The document provides examples of patents, copyrights, and different types of software licenses. It also discusses debates around software patentability and key aspects of patent and copyright systems.
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
IBM Security Systems provides innovative security solutions from leading technology vendors in over 10 countries. They specialize in security consulting, testing, auditing, integration, training and support. They were the first certified partner of Q1 Labs in the Baltics, and now work with IBM's security portfolio. The document discusses the need for security intelligence solutions that integrate log management, security information and event management, risk management, network activity monitoring, and other capabilities to provide comprehensive security insights.
The Future of Authentication for IoT
The rapid expansion of the Internet of Things has fostered convenience and connectedness for consumers. It has also opened the door for creative hackers. Recently, hackers used hundreds of thousands of common internet-connected devices in consumers’ homes, without the owners’ knowledge, to launch a DDoS attack that temporarily brought down crucial parts of the internet’s infrastructure.
Attacks in the past have shown that passwords in IoT devices provide insufficient security. Additionally, IoT devices are too constrained for implementing biometric functions.
The question then becomes how to authenticate to such devices and can the industry adopt a standardized approach despite a highly fragmented IoT landscape. This presentation by Rolf Lindemann of Nok Nok Labs, explores how FIDO Authentication can provide convenient and strong authentication in an array of IoT use cases.
Voice Driven User Interface Design
Stephen Aponte Jr.'s presentation from CEWIT2013 is now present online through slideshare! Learn more about voice driven user interface design by reading his slides or you can contact Intelligent Product Solutions at www.intelligentproductsolutions.com for any questions you may have.
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Black Duck by Synopsys
The document discusses open source software use in defense contracting. It notes that open source software use provides benefits like flexibility, innovation, and cost savings but also poses challenges to manage like technical failures, security risks, and intellectual property risks. Data shows around 20% of code bases contain open source software, but over 95% have undisclosed open source and over 50% contain unknown or problematic licenses. The DoD must use open source to get benefits like faster and better software, but also needs contractors that can adequately manage the associated legal, security and quality risks of open source use.So You Got That SIEM. NOW What Do You Do? by Dr. Anton Chuvakin
So You Got That SIEM. Now What Do You Do?
Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin)
Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive."
So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful?
At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.
Cork Open Coffee David Reilly 24 July 09
1. The document discusses the legal framework for software creation and protection under Irish law. Copyright protects the expression of software as a literary work but not the underlying ideas.
2. It outlines the types of intellectual property that can apply to software, including copyright, database rights, design rights and patents. Joint ventures and licensing agreements are discussed as methods of software exploitation.
3. Key considerations for software development agreements are addressed, such as ownership of the software, warranty periods, intellectual property indemnification, and maintenance obligations. Investor expectations and exit strategies are also covered.
eDiscovery Turf Wars: Legal v. IT
Top 5 Legal mistakes that increase the risk of sanctions
Top 5 IT mistakes that can sink your case
How Legal and IT can work together to strengthen your case
Giant bags of mostly water
Securing your IT infrastructure by securing your team - by Konstantin Ryabitsev @ Linux Security Summit 2015
IIPRD - IP-Patent - Creation, Protection, and Commercialization
The document introduces the Institute of Intellectual Property Research & Development and the services they offer related to intellectual property. It discusses the scope of patents and copyrights in India, particularly for software. Key services mentioned include patent application preparation, prosecution, landscape analysis, and litigation support. The institute has alliances with international organizations like the European Patent Office as well as Indian groups like CSIR. It is positioned as offering end-to-end IP services through a team of legal and technical experts.
More Related Content
Viewers also liked
Mars
The document discusses Mars, a framework for building native Mac applications using Pharo Smalltalk. Mars uses an Objective-C bridge to communicate between Pharo and Cocoa/CocoaTouch. It follows an MVC architecture, with views as Objective-C controls, controllers handling callbacks between Pharo and Objective-C, and a flexible model adaptor. The document outlines some problems being addressed in Mars and next steps to improve, test and document it further.
Presenting at ESUG
The document discusses best practices for creating effective presentation slides. It recommends that slides should contain no more than 6 bullet points per slide, with text no smaller than 12 point font. Graphics and design are important to engage the audience visually and demonstrate care and customization. Templates should include the presenter's name and date in a consistent footer. The focus of a presentation should be the presenter's story and message, not the slides themselves, which are merely visual aids. Details that are not important to the central message should be removed. Demonstrations can enhance technical topics by bringing facts to life through active examples and description of processes.
Toothpick
Toothpick is a simple logging framework for Smalltalk that separates the concerns of whether, where, and what to log. It includes loggers to define where events are logged, like to the transcript, files, or network. Logging formatters define what is logged, like simple text or XML. Logging policies determine whether an event is logged based on its category and level. The LoggingMultiplexer manages multiple loggers. LoggingEvents contain log messages that are sent to the multiplexer.
Squeak Update
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Non-DIY* Logging
Syslog is a widely used protocol for system logging that uses UDP sockets to pass 1024-octet log messages. The document discusses the syslog protocol, including the key components of senders, receivers, and relays. It then provides examples of using a Smalltalk syslog library called OskSyslog to send, receive, and relay syslog messages.
Objects History
This document discusses objects history, which saves the state of live objects over time efficiently. It allows querying past states and values. Potential applications include version control systems, text editors with undo/redo, and adding execution traces to debug objects' states over time. The author has created prototypes using objects history in Smalltalk environments. Future work includes optimizing objects history and incorporating it into more applications.
Parcels
Parcels are a binary deployment technology for loading and unloading code in a fast and feature-rich way. They can load code into a running system, support class extensions, and have meta-information like versioning and prerequisites. Loading code with parcels is fast because it separates object and reference descriptions into two sections for efficient parsing. Parcels provide a way to package and deploy code that is interactive and supports changing the shape of classes.
Working Smarter, Not Harder
The document discusses Northwater Capital Management's tools, processes, and automation for development. It outlines custom tools created for their Gemstone and VA environments, as well as automation of runtime monitoring, scheduling, nightly processes, issue management, reporting, production and daily releases, and testing. Diagrams and screenshots demonstrate the custom menus, code comparison tools, instance migration, attribute specifications, scheduler, release process, and testing procedures.
Viewers also liked (8)
Similar to Ignorance is not Bliss
What is ethical hacking
The document discusses information security and ethical hacking. It describes how passwords and viruses have become easier to crack over time. Ethical hacking involves finding vulnerabilities to improve security, while black hat hacking exploits them. The document outlines types of hackers, hacking attacks, malware, and career opportunities in information security fields like cyber security, information systems auditing, and network engineering. It provides examples of phishing emails and scams.
Intellectual Property & Software
This document discusses different types of intellectual property, including patents, copyrights, trademarks, and trade secrets. It addresses how patents can cover software and who needs to be concerned about patent enforcement and patent trolls. Copyrights are discussed as providing the longest protection for software code. Some important court cases involving intellectual property are also mentioned.
Integrated Intrusion Detection Services for z/OS Communications Server
This document discusses integrated intrusion detection services for z/OS Communications Server. It provides an overview of the intrusion detection system, describing the types of events it can detect including scans, attacks against the TCP/IP stack, and interface flooding. It also outlines the policy model and available actions for responding to detected intrusion events.
Protect Your Rights: Managing Intellectual Property Risks
I presented as part of a panel at PAX Dev 2015 that discussed intellectual property risks for video game developers and producers, and how to manage those risks. My focus was on the availability of insurance coverage to protect against IP infringement claims, and how to maximize your insurance once you have it.
2009 patents - presentation
This document discusses patents, copyrights, and licenses as they relate to software. Patents protect processes and ideas, while copyrights protect implementations and code. Licenses are rights-granting agreements between owners and users of software. The document provides examples of patents, copyrights, and different types of software licenses. It also discusses debates around software patentability and key aspects of patent and copyright systems.
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
IBM Security Systems provides innovative security solutions from leading technology vendors in over 10 countries. They specialize in security consulting, testing, auditing, integration, training and support. They were the first certified partner of Q1 Labs in the Baltics, and now work with IBM's security portfolio. The document discusses the need for security intelligence solutions that integrate log management, security information and event management, risk management, network activity monitoring, and other capabilities to provide comprehensive security insights.
The Future of Authentication for IoT
The rapid expansion of the Internet of Things has fostered convenience and connectedness for consumers. It has also opened the door for creative hackers. Recently, hackers used hundreds of thousands of common internet-connected devices in consumers’ homes, without the owners’ knowledge, to launch a DDoS attack that temporarily brought down crucial parts of the internet’s infrastructure.
Attacks in the past have shown that passwords in IoT devices provide insufficient security. Additionally, IoT devices are too constrained for implementing biometric functions.
The question then becomes how to authenticate to such devices and can the industry adopt a standardized approach despite a highly fragmented IoT landscape. This presentation by Rolf Lindemann of Nok Nok Labs, explores how FIDO Authentication can provide convenient and strong authentication in an array of IoT use cases.
Voice Driven User Interface Design
Stephen Aponte Jr.'s presentation from CEWIT2013 is now present online through slideshare! Learn more about voice driven user interface design by reading his slides or you can contact Intelligent Product Solutions at www.intelligentproductsolutions.com for any questions you may have.
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...Black Duck by Synopsys
The document discusses open source software use in defense contracting. It notes that open source software use provides benefits like flexibility, innovation, and cost savings but also poses challenges to manage like technical failures, security risks, and intellectual property risks. Data shows around 20% of code bases contain open source software, but over 95% have undisclosed open source and over 50% contain unknown or problematic licenses. The DoD must use open source to get benefits like faster and better software, but also needs contractors that can adequately manage the associated legal, security and quality risks of open source use.So You Got That SIEM. NOW What Do You Do? by Dr. Anton Chuvakin
So You Got That SIEM. Now What Do You Do?
Anton Chuvakin, Principal, Security Warrior Consulting (@anton_chuvakin)
Many organization that acquired Security Information and Event Management (SIEM) tools and even simpler log management tools have realized that they are not ready to use many of the advanced correlation features, despite promises that "they are easy to use" and "totally intuitive."
So, what should you do to achieve success with SIEM? What logs should you collect? Correlate? Review? How do you use log management as a step before SIEM? What process absolutely must be built before SIEM purchase becomes successful?
At this presentation, you will learn from the experience of those who did not have the benefit of learning from other's mistakes. Also, learn a few tips on how to "operationalize" that SIEM purchase you've made. And laugh at some hilarious stories of "SIEM FAIL" of course! As a bonus track, how to revive a FAILED SIEM deployment you inherited at your new job will be discussed.
Cork Open Coffee David Reilly 24 July 09
1. The document discusses the legal framework for software creation and protection under Irish law. Copyright protects the expression of software as a literary work but not the underlying ideas.
2. It outlines the types of intellectual property that can apply to software, including copyright, database rights, design rights and patents. Joint ventures and licensing agreements are discussed as methods of software exploitation.
3. Key considerations for software development agreements are addressed, such as ownership of the software, warranty periods, intellectual property indemnification, and maintenance obligations. Investor expectations and exit strategies are also covered.
eDiscovery Turf Wars: Legal v. IT
Top 5 Legal mistakes that increase the risk of sanctions
Top 5 IT mistakes that can sink your case
How Legal and IT can work together to strengthen your case
Giant bags of mostly water
Securing your IT infrastructure by securing your team - by Konstantin Ryabitsev @ Linux Security Summit 2015
IIPRD - IP-Patent - Creation, Protection, and Commercialization
The document introduces the Institute of Intellectual Property Research & Development and the services they offer related to intellectual property. It discusses the scope of patents and copyrights in India, particularly for software. Key services mentioned include patent application preparation, prosecution, landscape analysis, and litigation support. The institute has alliances with international organizations like the European Patent Office as well as Indian groups like CSIR. It is positioned as offering end-to-end IP services through a team of legal and technical experts.
Threat Modeling for the Internet of Things
A presentation made in several public events in 2015 about the threats related to the Internet of Things, and how modeling can be used as a way to manage mitigation methods.
Entrepreneurship Chap 8
This document discusses intellectual property and provides guidance on developing, managing, protecting, and exploiting intellectual property. It covers various types of intellectual property including patents, copyrights, trademarks, and trade secrets. It also discusses best practices for commercializing intellectual property, obtaining patents, protecting intellectual property on the internet, and legal considerations around intellectual property.
AZBIA & Traklight present "New Year, New Business" Open House
This document provides an overview of strategies for protecting business ideas and intellectual property (IP). It discusses why IP is important, as IP theft costs US companies $250 billion annually. The document outlines different types of IP including patents, copyrights, trademarks, and trade secrets. It provides case studies and assessments to help businesses identify their IP. Key strategies discussed include identifying IP, protecting IP through registration and agreements, and addressing ownership, timing, and location challenges. The document emphasizes the importance of securing IP through technical founder agreements, outsourcing agreements, and non-compete agreements. It provides resources for IP assistance and stresses the importance of safeguarding IP through ongoing protection.
Remote Worker Series (Episode 1)
The document summarizes a webinar about maintaining oversight of company assets and remote workers. It introduces the speakers and discusses how the rise of remote work due to COVID-19 has impacted organizations. Challenges of remote work mentioned include lack of visibility into endpoints, application deployment, security, and providing adequate support. The webinar then presents Ivanti Asset Management as a solution that provides unified IT management, asset visibility, and insight into systems from a centralized dashboard. It collects data from multiple sources to monitor assets across their lifecycles. The presentation concludes with a Q&A and announcement of a free trial offer of Ivanti's remote work solutions.
Security Testing for Testing Professionals
Today’s software applications are often security critical, making security testing an essential part of a software quality program. Unfortunately, most testers have not been taught how to effectively test the security of the software applications they validate. Join Jeff Payne as he shares what you need to know to integrate effective security testing into your everyday software testing activities. Learn how software vulnerabilities are introduced into code and exploited by hackers. Discover how to define and validate security requirements. Explore effective test techniques for assuring that common security features are tested. Learn about the most common security vulnerabilities and how to identify key security risks within applications, and use testing to mitigate them. Understand how to security test applications—both web- and GUI-based—during the software development process. Review examples of how common security testing tools work and assist the security testing process. Take home valuable tools and techniques for effectively testing the security of your applications going forward.
Introduction to Intellectual Property
This lecture includes introduction to intellectual property. Types of IP, Trade Secret, Software Piracy, Open Source Software.
Similar to Ignorance is not Bliss (20)
Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server
Protect Your Rights: Managing Intellectual Property Risks
Protect Your Rights: Managing Intellectual Property Risks
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
Defense Federal Acquisition Regulation Supplement; Open Source Software Publi...
So You Got That SIEM. NOW What Do You Do? by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do? by Dr. Anton Chuvakin
IIPRD - IP-Patent - Creation, Protection, and Commercialization
IIPRD - IP-Patent - Creation, Protection, and Commercialization
AZBIA & Traklight present "New Year, New Business" Open House
AZBIA & Traklight present "New Year, New Business" Open House
More from ESUG
Workshop: Identifying concept inventories in agile programming
This document discusses the development of a concept inventory to identify common misconceptions in agile programming and object-oriented development. The project aims to strengthen collaboration between INRIA/Lille and ÉTS/UQAM by creating a concept inventory that can be used to improve teaching of agile development with object-oriented languages like TypeScript, JavaScript, and Pharo. The methodology involves identifying misconceptions, proposing a concept inventory, and validating it in courses by measuring understanding before and after instruction. A workshop will help identify initial misconceptions in Smalltalk/Pharo by capturing them in a collaborative tool.
Technical documentation support in Pharo
This document proposes integrating documentation into the Pharo language metamodel and environment to improve documentation support. It suggests making documentation first-class citizens in Pharo by providing built-in support and a minimal API, which would allow tight integration with development tools and future extensions without requiring grammar changes or large efforts. This could improve documentation quality by enabling direct references between code and documentation and automatic logging of documentation usage.
The Pharo Debugger and Debugging tools: Advances and Roadmap
This document outlines advances and the roadmap for debugging tools in Pharo. It discusses recent improvements to the debugging infrastructure, including architectural changes and new debugging commands. It also describes upcoming work, such as additional infrastructure improvements, an emergency debugger, support for meta-object protocols, a redesigned user experience, a remote debugger, and improved documentation. The document concludes by inviting participants to help evaluate new debugging experiments.
Sequence: Pipeline modelling in Pharo
The document describes Sequence, a pipeline modeling and discrete event simulation framework developed in Pharo Smalltalk. Sequence allows describing system resources, building blocks that use those resources, assembling scenarios from blocks, collecting information during simulated runs, and interactively exploring system traces. The framework implements a discrete event simulation engine with event streams that model periodic processes and resources. Sequence provides tools for evaluating system performance through simulation before complete hardware is available.
Migration process from monolithic to micro frontend architecture in mobile ap...
This document discusses migrating a monolithic mobile application called CARL Touch to a micro frontend architecture. It presents a migration process involving three steps: 1) analysis of the monolithic codebase, 2) identification of potential micro frontends, and 3) transformation of the codebase to implement the identified micro frontends. Previous experiments at Berger-Levrault involving two teams migrating CARL Touch provided insights. The proposed process uses static and dynamic analysis, code visualization and clustering techniques to help identify optimal micro frontends and transform the codebase in a semi-automated manner.
Analyzing Dart Language with Pharo: Report and early results
This document summarizes an analysis of the Dart programming language using tools in the Pharo environment. It describes generating a parser for Dart using SmaCC, which produces an AST. It also details defining a Famix meta-model for Dart and the Chartreuse-D importer that creates a FamixDart model from the AST. Future work is outlined, including improving SmaCCDart, continuing to develop the FamixDart meta-model, and handling dynamic types when importing associations. The goal is to analyze Dart and explore modeling Flutter applications.
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
This document summarizes research on transpiling Pharo classes to JavaScript using ECMAScript 5 versus ECMAScript 6. It finds that transpiling to ES6 provides benefits like significantly faster load times, improved benchmark performance up to 43%, and more idiomatic code compared to ES5. However, fully emulating Smalltalk semantics like metaclass inheritance remains challenging when targeting JavaScript.
A Unit Test Metamodel for Test Generation
The document presents an approach for automated test generation from software models and execution traces. Key aspects of the approach include using metamodels to represent the codebase, values, and desired unit test structure. Models are built from the codebase and traces, then transformations are applied to generate unit tests conforming to the test metamodel. Abstract syntax trees are used to export the generated tests to code. The approach aims to generate tests that are relevant, readable and maintainable without relying on existing tests. An example demonstrates generating a JUnit test from an application class.
Creating Unit Tests Using Genetic Programming
Genetic programming is used to generate unit tests by evolving test code via genetic algorithms to maximize coverage. Tests are represented as chromosomes of object and message statements. The genetic algorithm selects tests based on coverage, combines tests through crossover, and replaces tests in the population over generations to find optimal test sequences. Future work includes improving path exploration and comparing with other test generation tools.
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded execution and continuation-passing style (CPS) allow for smooth switching between execution modes in Zag Smalltalk. Threaded execution interprets code as a sequence of addresses like bytecode but is 2.3-4.7 times faster, while CPS passes continuations explicitly like in functional languages and is 3-5 times faster than bytecode. Both approaches allow fallback to debugging. The implementation shares context and stack between modes to easily switch with proper object structures.
Exploring GitHub Actions through EGAD: An Experience Report
This document summarizes an experience report on exploring GitHub Actions through EGAD, a tool for GitHub Action analysis. It discusses three key lessons learned: 1) Composing a story by documenting tasks and linking documentation to code, 2) Navigating custom views to conduct research, and 3) Supporting onboarding of researchers by assigning mentors, scheduling meetings, and encouraging use of resources. EGAD takes workflow YAML files, wraps them in a domain model to provide context, and allows inspecting examples to fully explore the GitHub Actions domain model.
Pharo: a reflective language A first systematic analysis of reflective APIs
This document analyzes the reflective features and APIs in Pharo, a reflective programming language. It presents a catalog of Pharo's reflective APIs and analyzes how they relate to metaobjects. The analysis highlights areas for potential improvement, such as providing solutions for intercession on state reads/writes and addressing constraints when changing an object's class. The document contributes to understanding Pharo's reflective design and its evolution over time.
Garbage Collector Tuning
The document discusses garbage collector tuning for applications with pathological allocation patterns. It begins by explaining the motivation and issues caused by pathological patterns, such as applications taking over an hour and a half to run. It then provides an overview of garbage collection and how allocation patterns can impact performance. The document dives into two specific tuning techniques - increasing the full GC threshold to prevent premature full GCs from being triggered, and increasing the tenuring threshold to avoid large objects residing in the remembered set and slowing down scavenges. These tunings resulted in significant performance improvements for the sample DataFrame application, reducing the run time from over an hour and a half to around seven minutes.
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
This document discusses improving garbage collection performance in Pharo through object lifetime profiling. It presents Illimani, a lifetime profiler developed for Pharo. Illimani was used to profile the lifetimes of objects created when loading a large DataFrame. The profiling revealed that most objects had short lifetimes, suggesting the garbage collector could be tuned. Tuning the garbage collector parameters based on the lifetime profiles improved the performance of loading the DataFrame.
Pharo DataFrame: Past, Present, and Future
This document discusses the past, present, and future of Pharo DataFrames. It began as a student project but has evolved into a mature project with dedicated engineers, improving performance and adding functionality. Future plans include further performance enhancements, adding more functionality, better integration with other Pharo projects, and support for big data. Evaluation of DataFrames is also planned.
thisContext in the Debugger
This document discusses issues with thisContext in the Pharo debugger not correctly representing the execution context and being the DoIt context instead. This was fixed in Pharo12 by making thisContext a variable object that is wrapped in a DoItVariable, so the debugger context is used. When inspecting or doing DoIt, the doIt Variable is pushed and read to provide the proper execution context.
Websockets for Fencing Score
This document proposes using websockets to display fencing scores and a chronometer from an arena server to mobile phones over the internet in real-time. It includes links to video examples of a chronometer display and photos from fencing competitions.
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
This document discusses PharoJS, which allows developers to develop applications in Pharo and then export them to run as JavaScript applications. PharoJS enables 100% of Pharo code to be executed during development, and then 100% of that same code is exported to JavaScript to be executed in production. The document also briefly mentions deployment options for exported PharoJS applications like GitHub Pages and GitHub Actions.
Advanced Object- Oriented Design Mooc
The document contains testimonials from participants of the Pharo MOOC praising its effectiveness at teaching object-oriented design. It also announces an upcoming advanced design MOOC that will have over 60 lectures, slides, videos and an exercise booklet. Finally, it provides links to the course websites and encourages people to stay tuned for the new MOOC.
A New Architecture Reconciling Refactorings and Transformations
This document discusses reconciling refactorings and transformations in software engineering. It proposes a new architecture where refactorings decorate transformations by checking preconditions and composing multiple transformations. Refactorings ensure transformations are applied safely while transformations focus on model changes. Open questions remain around precondition handling and composition semantics. The goals are to reduce duplication, support custom refactorings/transformations, and provide a modern driver-based user interface.
More from ESUG (20)
Workshop: Identifying concept inventories in agile programming
Workshop: Identifying concept inventories in agile programming
The Pharo Debugger and Debugging tools: Advances and Roadmap
The Pharo Debugger and Debugging tools: Advances and Roadmap
Migration process from monolithic to micro frontend architecture in mobile ap...
Migration process from monolithic to micro frontend architecture in mobile ap...
Analyzing Dart Language with Pharo: Report and early results
Analyzing Dart Language with Pharo: Report and early results
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Transpiling Pharo Classes to JS ECMAScript 5 versus ECMAScript 6
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Threaded-Execution and CPS Provide Smooth Switching Between Execution Modes
Exploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience Report
Pharo: a reflective language A first systematic analysis of reflective APIs
Pharo: a reflective language A first systematic analysis of reflective APIs
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
Improving Performance Through Object Lifetime Profiling: the DataFrame Case
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
ShowUs: PharoJS.org Develop in Pharo, Run on JavaScript
A New Architecture Reconciling Refactorings and Transformations
A New Architecture Reconciling Refactorings and Transformations
Recently uploaded
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Northern Engraving | Nameplate Manufacturing Process - 2024
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
The Microsoft 365 Migration Tutorial For Beginner.pptx
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Essentials of Automations: Exploring Attributes & Automation Parameters
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Leveraging the Graph for Clinical Trials and Standards
Katja Glaß
OpenStudyBuilder Community Manager - Katja Glaß Consulting
Marius Conjeaud
Principal Consultant - Neo4j
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Dmitrii Kamaev, PhD
Senior Product Owner - QIAGEN
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Recently uploaded (20)
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Ignorance is not Bliss
- 1. Ignorance is not Bliss Issues in Open-Source Licensing Jason Ayers & Julian Fitzell Cincom Systems
- 2. Why does this whole mess matter?
- 3. “We’ll deal with it when it comes up...” Why?
- 4. It’s all about the copyright Why?
- 5. Concepts
- 12. IP Licensing
- 13. Derivative Works
- 14. Going the extra mile
- 16. Why? FOSS Licensing is Evolving Ownership is Control
- 17. So... Know your Contributors! Ownership is Control
- 18. Other Uses Ownership is Control
- 19. Understand your Risk as a User
- 22. Understand your Risk as a Developer
- 23. Pollution of your IP Developer Risks
- 26. Must be tested in court Risks
- 27. CINCOM and the Quadrant Logo are registered trademarks of Cincom Systems, Inc. All other trademarks belong to their respective companies. © 2010 Cincom Systems, Inc. All rights reserved Panel Discussion