The document discusses context-aware software engineering and maintenance using the FastFix approach. It presents FastFix as a way to model context as events involving user interactions with applications and artifacts. FastFix monitors this context to identify software errors and generate patches by correlating events. The approach aims to reduce software maintenance costs for companies and avoid annoying errors for users. It outlines modeling context, applications of context-aware tools, and research challenges in fully realizing the approach.
Assisting Engineers in Switching Artifacts by using Task Semantic and Interac...Walid Maalej
Abstract Recent empirical studies show that software engineers use 5 tools and 14 artifacts on average for a single task. As development work is frequently interrupted and several simultaneous tasks are performed in parallel, engineers need to switch many times between these tools and artifacts. A lot of time gets wasted in repeatedly locating, reopening or selecting the right artifacts needed next. To address this problem we introduce Switch!, a context-aware artifact recommendation and switching tool. Switch! assists engineers in switching artifacts based on the type of the development task and the interaction history.
A Linked Knowledge Base for Simulation LearningIrene Celino
Simulation Learning is a frequent practice to conduct near-real, immersive and engaging training sessions. AI Planning and Scheduling systems are used to automatically create and supervise learning sessions; to this end, they need to manage a large amount of knowledge about the simulated situation, the learning objectives, the participants’ behaviour, etc.
In this paper, we explain how Linked Data and Semantic Web technologies can help the creation and management of knowledge bases for Simulation Learning. We also present our experience in building such a knowledge base in the context of Crisis Management Training.
Assisting Engineers in Switching Artifacts by using Task Semantic and Interac...Walid Maalej
Abstract Recent empirical studies show that software engineers use 5 tools and 14 artifacts on average for a single task. As development work is frequently interrupted and several simultaneous tasks are performed in parallel, engineers need to switch many times between these tools and artifacts. A lot of time gets wasted in repeatedly locating, reopening or selecting the right artifacts needed next. To address this problem we introduce Switch!, a context-aware artifact recommendation and switching tool. Switch! assists engineers in switching artifacts based on the type of the development task and the interaction history.
A Linked Knowledge Base for Simulation LearningIrene Celino
Simulation Learning is a frequent practice to conduct near-real, immersive and engaging training sessions. AI Planning and Scheduling systems are used to automatically create and supervise learning sessions; to this end, they need to manage a large amount of knowledge about the simulated situation, the learning objectives, the participants’ behaviour, etc.
In this paper, we explain how Linked Data and Semantic Web technologies can help the creation and management of knowledge bases for Simulation Learning. We also present our experience in building such a knowledge base in the context of Crisis Management Training.
Conventional software engineering processes are rather transactional and lack a common theory for the involvement of users and their communities. Users are regarded as pure consumers, who are, at most, able to report issues. In the age of easy knowledge access and social media, discounting the users of software might threaten its success. Potentially valuable experiences and volunteered resources get lost. Frustrated users might even meet in social communities to argue against the software and harm its reputation.
The goal of this research is to revolutionize the role of users, dissolving the boundaries to software engineers. We propose a novel framework for increasing the software socialness, being the degree of user and community involvement in the software lifecycle. Our framework consists of a benchmark, a process, and a reference architecture. The benchmark includes metrics for assessing and monitoring software socialness. The process enables engineering teams to systematically gather and exploit user feedback in the software lifecycle. The context aware reference architecture integrates social media into software systems and the engineering infrastructure. It observes users’ interactions while they use the software and proactively collects in situ feedback.
(paper
How Does a Typical Tutorial for Mobile Development look like? - A research paper presented at the 2014 International Conference on Mining Software Repositories. Paper preprint available here: http://mobis.informatik.uni-hamburg.de/research/publications
Business Rules In Practice - An Empirical Study (IEEE RE'14 Paper)Walid Maalej
Business rules represent constraints in a domain, which need to be taken into account either during the development or the usage of a system. Motivated by the knowledge reuse potentials when developing systems within the same domain, we studied business rules in a large software company. We interviewed 11 experienced practitioners on how they understand, capture, and use business rules. We also studied the role of business rules in requirements engineering in the host organization. We found that practitioners have a very broad perception for this term, ranging from flows of business processes to directives for calling external system interfaces. We identified 27 types of rules, which are typically captured as a free text in requirements documents and other project documentation. Practitioners stated the need to capture this tacit form of domain knowledge and to trace it to other artifacts as it impacts all activities in a software engineering project. We distill our results in 17 findings and discuss the implications for researchers and practitioners.
How Do Users Like This Feature? A Fine Grained Sentiment Analysis of App Revi...Walid Maalej
App stores allow users to submit feedback for downloaded apps in form of star ratings and text reviews. Recent studies analyzed this feedback and found that it includes information useful for app developers, such as user requirements, ideas for improvements, user sentiments about specific features, and descriptions of experiences with these features. However, for many apps, the amount of reviews is too large to be processed manually and their quality varies largely. The star ratings are given to the whole app and developers do not have a mean to analyze the feedback for the single features. In this paper we propose an automated approach that helps developers filter, aggregate, and analyze user reviews. We use natural language processing techniques to identify fine-grained app features in the reviews. We then extract the user sentiments about the identified features and give them a general score across all reviews. Finally, we use topic modeling techniques to group fine- grained features into more meaningful high-level features. We evaluated our approach with 7 apps from the Apple App Store and Google Play Store and compared its results with a manually, peer-conducted analysis of the reviews. On average, our approach has a precision of 0.59 and a recall of 0.51. The extracted features were coherent and relevant to requirements evolution tasks. Our approach can help app developers to systematically analyze user opinions about single features and filter irrelevant reviews.
Presentation by Luca Berardinelli, Antinisca Di Marco and Flavia Di Paolo at the 2nd Awareness Workshop on Challenges for Achieving Self-awareness in Autonomic Systems @ SASO 2012, Lyon, France
Work-item notifications alert the team collaborating on a work-item about any update to the work-item (e.g., addition of comments, change in status). However, as software professionals get involved with multiple tasks in project(s), they are inundated by too many notifications from the work-item tool. Users are upset that they often miss the notifications that solicit their response in the crowd of mostly useless ones. We investigate the severity of this problem by studying the work-item repositories of two large collaborative projects and conducting a user study with one of the project teams. We find that, on an average, only 1 out of every 5 notifications that are received by the users require a response from them. We propose TWINY -- a machine learning based approach to predict whether a notification will prompt any action from its recipient. Such a prediction can help to suitably mark up notifications and to decide whether a notification needs to be sent out immediately or be bundled in a message digest. We conduct empirical studies to evaluate the efficacy of different classification techniques in this setting. We find that incremental learning algorithms are ideally suited, and ensemble methods appear to give the best results in terms of prediction accuracy.
178 - A replicated study on duplicate detection: Using Apache Lucene to searc...ESEM 2014
Context: Duplicate detection is a fundamental part of issue management. Systems able to predict whether a new defect report will be closed as a duplicate, may decrease costs by limiting rework and collecting related pieces of information. Goal: Our work explores using Apache Lucene for large- scale duplicate detection based on textual content. Also, we evaluate the previous claim that results are improved if the title is weighted as more important than the description. Method: We conduct a conceptual replication of a well-cited study conducted at Sony Ericsson, using Lucene for searching in the public Android defect repository. In line with the original study, we explore how varying the weight- ing of the title and the description affects the accuracy. Results: We show that Lucene obtains the best results when the defect report title is weighted three times higher than the description, a bigger difference than has been previously acknowledged. Conclusions: Our work shows the potential of using Lucene as a scalable solution for duplicate detection.
Based on the results of Serenity project (Framework Programme, from EU), these slides present a security-aware software engineering process. It presents how security must be taken into account in the different phases of software development, including agile development approaches.
Metrics Monitoring Is So Critical - What's Your Best Approach? Wavefront
Metrics monitoring is so critical for modern cloud applications. But can you do it with APM, with a log monitor, or with a specialized metrics platform? Open source or commercial? How are SaaS leaders monitoring their environments with metrics today?
Learn about unified metrics monitoring with real-time analytics, and why it’s the preferred methodology for assuring cloud application environments.
There are several approaches to implementing a metrics-monitoring platform. Depending on where you are on the metrics maturity curve, some platforms are better than others. Learn how to pick the approach that's best for you.
AppFuse is an open source project/application that uses best-of-breed Java open source tools to help you develop web applications quickly and efficiently. Not only does it provide documentation on how to develop light-weight POJO-based applications, it includes features that many applications need out-of-the-box: authentication and authorization, remember me, password hint, skinnability, file upload, Ajax libraries, signup and SSL switching. This is one of the main features in AppFuse that separates it from the other "CRUD Generation" frameworks like Ruby on Rails, Trails and Grails. AppFuse is already an application when you start using it, which means code examples are already in your project. Furthermore, because features already exist, the amount of boiler-plate code that most projects need will be eliminated.
In this session, you will learn Seven Simple Reasons to Use AppFuse. If you don't use it to start your own projects, hopefully you will see that it provides much of the boiler-plate code that can be used in Java-based web applications. Since it's Apache Licensed, you're more than welcome to copy/paste any code from it into your own applications.
Also see article published at:
http://www.ibm.com/developerworks/java/library/j-appfuse/index.html
Conventional software engineering processes are rather transactional and lack a common theory for the involvement of users and their communities. Users are regarded as pure consumers, who are, at most, able to report issues. In the age of easy knowledge access and social media, discounting the users of software might threaten its success. Potentially valuable experiences and volunteered resources get lost. Frustrated users might even meet in social communities to argue against the software and harm its reputation.
The goal of this research is to revolutionize the role of users, dissolving the boundaries to software engineers. We propose a novel framework for increasing the software socialness, being the degree of user and community involvement in the software lifecycle. Our framework consists of a benchmark, a process, and a reference architecture. The benchmark includes metrics for assessing and monitoring software socialness. The process enables engineering teams to systematically gather and exploit user feedback in the software lifecycle. The context aware reference architecture integrates social media into software systems and the engineering infrastructure. It observes users’ interactions while they use the software and proactively collects in situ feedback.
(paper
How Does a Typical Tutorial for Mobile Development look like? - A research paper presented at the 2014 International Conference on Mining Software Repositories. Paper preprint available here: http://mobis.informatik.uni-hamburg.de/research/publications
Business Rules In Practice - An Empirical Study (IEEE RE'14 Paper)Walid Maalej
Business rules represent constraints in a domain, which need to be taken into account either during the development or the usage of a system. Motivated by the knowledge reuse potentials when developing systems within the same domain, we studied business rules in a large software company. We interviewed 11 experienced practitioners on how they understand, capture, and use business rules. We also studied the role of business rules in requirements engineering in the host organization. We found that practitioners have a very broad perception for this term, ranging from flows of business processes to directives for calling external system interfaces. We identified 27 types of rules, which are typically captured as a free text in requirements documents and other project documentation. Practitioners stated the need to capture this tacit form of domain knowledge and to trace it to other artifacts as it impacts all activities in a software engineering project. We distill our results in 17 findings and discuss the implications for researchers and practitioners.
How Do Users Like This Feature? A Fine Grained Sentiment Analysis of App Revi...Walid Maalej
App stores allow users to submit feedback for downloaded apps in form of star ratings and text reviews. Recent studies analyzed this feedback and found that it includes information useful for app developers, such as user requirements, ideas for improvements, user sentiments about specific features, and descriptions of experiences with these features. However, for many apps, the amount of reviews is too large to be processed manually and their quality varies largely. The star ratings are given to the whole app and developers do not have a mean to analyze the feedback for the single features. In this paper we propose an automated approach that helps developers filter, aggregate, and analyze user reviews. We use natural language processing techniques to identify fine-grained app features in the reviews. We then extract the user sentiments about the identified features and give them a general score across all reviews. Finally, we use topic modeling techniques to group fine- grained features into more meaningful high-level features. We evaluated our approach with 7 apps from the Apple App Store and Google Play Store and compared its results with a manually, peer-conducted analysis of the reviews. On average, our approach has a precision of 0.59 and a recall of 0.51. The extracted features were coherent and relevant to requirements evolution tasks. Our approach can help app developers to systematically analyze user opinions about single features and filter irrelevant reviews.
Presentation by Luca Berardinelli, Antinisca Di Marco and Flavia Di Paolo at the 2nd Awareness Workshop on Challenges for Achieving Self-awareness in Autonomic Systems @ SASO 2012, Lyon, France
Work-item notifications alert the team collaborating on a work-item about any update to the work-item (e.g., addition of comments, change in status). However, as software professionals get involved with multiple tasks in project(s), they are inundated by too many notifications from the work-item tool. Users are upset that they often miss the notifications that solicit their response in the crowd of mostly useless ones. We investigate the severity of this problem by studying the work-item repositories of two large collaborative projects and conducting a user study with one of the project teams. We find that, on an average, only 1 out of every 5 notifications that are received by the users require a response from them. We propose TWINY -- a machine learning based approach to predict whether a notification will prompt any action from its recipient. Such a prediction can help to suitably mark up notifications and to decide whether a notification needs to be sent out immediately or be bundled in a message digest. We conduct empirical studies to evaluate the efficacy of different classification techniques in this setting. We find that incremental learning algorithms are ideally suited, and ensemble methods appear to give the best results in terms of prediction accuracy.
178 - A replicated study on duplicate detection: Using Apache Lucene to searc...ESEM 2014
Context: Duplicate detection is a fundamental part of issue management. Systems able to predict whether a new defect report will be closed as a duplicate, may decrease costs by limiting rework and collecting related pieces of information. Goal: Our work explores using Apache Lucene for large- scale duplicate detection based on textual content. Also, we evaluate the previous claim that results are improved if the title is weighted as more important than the description. Method: We conduct a conceptual replication of a well-cited study conducted at Sony Ericsson, using Lucene for searching in the public Android defect repository. In line with the original study, we explore how varying the weight- ing of the title and the description affects the accuracy. Results: We show that Lucene obtains the best results when the defect report title is weighted three times higher than the description, a bigger difference than has been previously acknowledged. Conclusions: Our work shows the potential of using Lucene as a scalable solution for duplicate detection.
Based on the results of Serenity project (Framework Programme, from EU), these slides present a security-aware software engineering process. It presents how security must be taken into account in the different phases of software development, including agile development approaches.
Metrics Monitoring Is So Critical - What's Your Best Approach? Wavefront
Metrics monitoring is so critical for modern cloud applications. But can you do it with APM, with a log monitor, or with a specialized metrics platform? Open source or commercial? How are SaaS leaders monitoring their environments with metrics today?
Learn about unified metrics monitoring with real-time analytics, and why it’s the preferred methodology for assuring cloud application environments.
There are several approaches to implementing a metrics-monitoring platform. Depending on where you are on the metrics maturity curve, some platforms are better than others. Learn how to pick the approach that's best for you.
AppFuse is an open source project/application that uses best-of-breed Java open source tools to help you develop web applications quickly and efficiently. Not only does it provide documentation on how to develop light-weight POJO-based applications, it includes features that many applications need out-of-the-box: authentication and authorization, remember me, password hint, skinnability, file upload, Ajax libraries, signup and SSL switching. This is one of the main features in AppFuse that separates it from the other "CRUD Generation" frameworks like Ruby on Rails, Trails and Grails. AppFuse is already an application when you start using it, which means code examples are already in your project. Furthermore, because features already exist, the amount of boiler-plate code that most projects need will be eliminated.
In this session, you will learn Seven Simple Reasons to Use AppFuse. If you don't use it to start your own projects, hopefully you will see that it provides much of the boiler-plate code that can be used in Java-based web applications. Since it's Apache Licensed, you're more than welcome to copy/paste any code from it into your own applications.
Also see article published at:
http://www.ibm.com/developerworks/java/library/j-appfuse/index.html
Proactive cloud service assurance framework for fault remediation in cloud en...IJECEIAES
Cloud resiliency is an important issue in successful implementation of cloud computing systems. Handling cloud faults proactively, with a suitable remediation technique having minimum cost is an important requirement for a fault management system. The selection of best applicable remediation technique is a decision making problem and considers parameters such as i) Impact of remediation technique ii) Overhead of remediation technique ii) Severity of fault and iv) Priority of the application. This manuscript proposes an analytical model to measure the effectiveness of a remediation technique for various categories of faults, further it demonstrates the implementation of an efficient fault remediation system using a rulebased expert system. The expert system is designed to compute a utility value for each remediation technique in a novel way and select the best remediation technique from its knowledgebase. A prototype is developed for experimentation purpose and the results shows improved availability with less overhead as compared to a reactive fault management system.
Learning from Human Repairs Through the Exploitation of Software Repositories ijseajournal
ABSTRACT
Software systems drive our phones, cars, banks, cities, etc. This places a heavy load on software industry
because all these systems must be continuously updated, corrected and extended when users and
consumers express new needs and high quality software is now perceived as a "must have" rather than
"should have". Developers has to do their best to assure that their code has minimal defects.
Nowadays technologies evolve rapidly, software suffer from some majors problems. Firstly software
maintainers have to deal with the past (past languages, existing systems, old technologies). It is often
misunderstood and treated as a punishment. Secondly developers have to ensure a good software quality.
To deal with such problems, approaches have been proposed to support software maintenance and reduce
the efforts of developers. One approach commonly adopted is the usage of rules to ensure source code
quality and ease maintenance activities.
We propose in this paper an approach to ease corrective maintenance task and help to improve software
quality by exploiting human knowledge available in software repositories. This approach support
remediation of bad situations; by reducing for example time spent to read, understand and how the code
can be changed.
A Resource Oriented Framework for Context-Aware Enterprise Applicationsruyalarcon
WS-REST 2011.
Second International Workshop on RESTful Design.
Chairs: Cesare Pautasso, Erik Wilde, Rosa Alarcon.
<br>
Frameworks Session. David Duggal and William Malyk.
How Can Software Engineering Support AIWalid Maalej
Flipping the Coin: How can Software & Requirements Engineering Support AI?
During the last decade, the Software Engineering and Requirements Engineering communities have profited much from advances in Machine Learning and in Natural language Processing. Recommender systems, prediction models, and even Bots are nowadays available to support many software and requirements engineering tasks: including quality assurance, documentation, or even code generation and completion.
This talk will focus on the opposite direction. I will discuss recent challenges faced by the Machine Learning/ NLP/ Data Science community and whether/how traditional as well as modern Software and Requirements Engineering can help solve some of them: in order to increase the applicability, acceptance, and reliability of Machine Learning based systems.
Walid Maalej is a professor for informatics and chair for applied software technology at the University of Hamburg, Germany. Currently he is also the Head of the Informatics Department and a member of the Board of Directors of the tech transfer institute HITeC e.V. His main research interests includes human- and data-centered software engineering, requirements engineering, feedback systems, applied machine learning, as well as tech transfer.
Work descriptions are informal notes taken by developers to summarize work achieved in a particular session. Existing studies indicate that maintaining them is a distracting task, which costs a developer more than 30 min. a day. The goal of this research is to analyze the purposes of work descriptions, and find out if automated tools can assist developers in efficiently creating them. For this, we mine a large dataset of heterogeneous work descriptions from open source and commercial projects. We analyze the semantics of these documents and identify common information entities and granularity levels. Information on performed actions, concerned artifacts, references and new work, shows the work management purpose of work descriptions. Information on problems, rationale and experience shows their knowledge sharing purpose. We discuss how work description information, in particular information used for work management, can be generated by observing developers' interactions. Our findings have many implications for next generation software engineering tools.
Paper: Walid Maalej and Hans-Jörg Happel, Can Development Work Describe Itself? In Proceedings of the 7th IEEE Conference on Mining Software Repositories, IEEE CS, 2010.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
2. Summary
of
the
Talk
1
We
model
context
as
a
set
of
events
including
the
interacIon
of
users
with
the
applica?ons
and
the
concerned
arIfacts
2
We
dis?nguish
between
short
term
context
(work
sessions,
intenIons,
problems)
and
long
term
context
(user
experience)
3
Our
research
is
mo?vated
by
so.ware
engineering
work,
but
can
be
easily
extended
to
general
knowledge
work
Maalej,
June.
2011
FastFix
Context
Approach
2
3. Outline
1
MoIvaIon
2
Context
Model
3
ApplicaIons
4
Research
Challenges
Maalej,
June.
2011
FastFix
Context
Approach
3
4. For
Companies:
Reduce
So.ware
Maintance
Costs
(Schach,
2008):
Most
of
the
effort
and
cost
is
spent
on
post-‐delivery
maintenance
based
on
various
data
sources
Average
cost
1976
-‐1981
Average
cost
1992
-‐
1998
33%
25%
Development
67% Development
Maintenance
Maintenance
75%
More
than
90%
of
companies
resources
dedicated
to
soPware
maintenance
(Erlikh,
2000,
IT
Pro)
Maalej,
June.
2011
FastFix
Context
Approach
4
6. FastFix:
Monitoring
Context
for
Remote
So.ware
Maintenance
U
ser
User
User
A
pplica?on
Applica?on
Applica?on
FastFix
Client
FastFix
Server
1:
interact
2:
monitor
3:
iden?fy
errors
4
op?onal:
ask
for
feedback
5:
preprocess
6:
securely
report
7:
replicate
errors
8:
correlate
events
9:
generate
patch
10:
update
11:
self-‐heal
12
op?onal:
inform
Maalej,
June.
2011
17.06.2011
6
7. Outline
1
MoIvaIon
2
Context
Model
3
ApplicaIons
4
Research
Challenges
Maalej,
June.
2011
FastFix
Context
Approach
7
8. Sources
of
Context
InformaIon
in
FastFix
Context
User Application Environment
Maalej,
June.
2011
FastFix
Context
Approach
8
9. A
Context
Aware
Model
of
Knowledge
Work
Environment
Work
Applica?on
Change
Context
Performed in User
Short-‐term
Context
Long-‐term
Context
Interac?on
concerns
Inten?on
Problem
Experience
Ar?fact
Maalej,
June.
2011
FastFix
Context
Approach
9
11. A
Scratch
of
Context-‐Aware
Tools
Addi?onal
feedback
RecommendaIon
Tool
Interac?on
interact
trigger
Ontoloy
Context
Observer
problem
problem
Problem
ApplicaIon
sensors
ElicitaIon
events
Session-‐
izaIon
Execu?on
OS
ExecuIon
Env.
Ontology
sensors
sensors
update
User
Profile
Maalej,
June.
2011
FastFix
Context
Approach
11
12. Ontologies
Define
the
SemanIcs
of
So.ware
Engineering
Work
concerns
Interac?on
Ar?fact
has
type
has
type
Change
Tool
Class
Read
Other
interac?on
and
Other
ar?fact
Test
Use
Model
types
Email
ac?vity
types
Debug
Specify
Request
Method
Ref:
[Maalej,
MSR’10]
Maalej,
June.
2011
FastFix
Context
Approach
12
13. Type
Inference
for
InteracIons
&
ArIfacts
concerns
member
of
event
SayHello
HelloWord
rdf:type
rdf:type
rdf:type
Create
Method
Class
Method
concerns
event
HelloWord
rdf:type
rdf:type
rdf:type
Browse
Report
bug
Bug
Report
Web
Maalej,
June.
2011
FastFix
Context
Approach
13
14. Short Term
Developer’s
Work:
From
InteracIons
to
IntenIons
Assist
Colleague
on
?
Reusing
Component
C
Fix
Table
Rendering
Bug
?
InteracIon
Current
Granularity
IntenIon
Task
T1:
Implement
XML
Export
Session
Work
Session
1
Work
Session
2
Work
Session
3
Work
Session
4
…
Seman?c
Read Reuse
Impl.
Read
Bug
Seek
Debug
Impl. Test
Close
…
Chat
…
…
interac?on
Task Lib
Class
Report
Info
App Met App Bug
h
Interac?on
Use
Download
Edit
Copy
Paste
Open
Scroll
Edit
Import
Open
Add
Edit
Add
Step
into
Step
into
with
tools
Run ..Read Search .. ...
Write
Scroll
Tool
T1Library
L ist Classpath Method
X
Method
b
Task
Method
a T
URL
b URL
L
Task
Class
URL
Breakpoint Method
x Method
y
Time
Maalej,
June.
2011
FastFix
Context
Approach
14
15. AggregaIon
and
Filtering
of
Context
Long Term
(Simplified
Formula)
Experience
with
a
The
more
frequent
we
The
longer
we
use
an
par?cular
ar?fact
interact
with
an
ar?fact,
the
ar?fact,
the
more
more
experience
we
have
experience
we
have
with
it
with
it
Frequency
DuraIon
Experience
Age
The
older
the
interac?on
with
the
ar?fact,
the
less
experience
we
have
with
it
Ref:
[Maalej,
RSSE
2010]
Maalej,
June.
2011
FastFix
Context
Approach
15
16. Long Term
Experience
Meta
Model
Maalej,
June.
2011
FastFix
Context
Approach
16
17. FastFix
Model
for
Context
ElicitaIon
Maalej,
June.
2011
FastFix
Context
Approach
17
18. Outline
1
MoIvaIon
2
Context
Model
3
ApplicaIons
4
Research
Challenges
Maalej,
June.
2011
FastFix
Context
Approach
18
19. ApplicaIons
of
Context-‐Awareness
Traceability and Tool Integration
(Semi) automatic linking of development artefacts and tool
functionalities
Information Allocation Personal Productivity Management
Filtering of search results and Control and optimization of
extension of queries (semantic search) development time and space
Knowledge Sharing Awareness Creation
A proactive capturing and Context Dissemination of status and
sharing of experiences Aware priority information
Development
Infrastructures
Uses of context of assist developers in these tasks and increase productivity
Maalej,
June.
2011
Context-‐Aware
Development
Infrastructures
19
20. Organize
Work
by
Using
Task
Context
(IntenIons)
Fix Bug In XML Export Prepare My Talk at Powerset
Process Bank Transactions Experiment the iPhone SDK
• You don’t have to predefine tasks
• Your tasks are discovered automatically during the actual work
Maalej,
June.
2011
Context-‐Aware
Development
Infrastructures
20
21. Tracing
Related
ArIfacts
from
IntenIon
Details
(in
MacIntent)
Maalej,
June.
2011
FastFix
Context
Approach
21
22. SemanIc
Search
for
Distributed
InformaIon
(in
WinIntent)
Maalej,
June.
2011
FastFix
Context
Approach
22
24. FastFix
Error
Handling
Strategies
Recommend
error report
Generate
Recordable symptoms error report
FastFix
focus
Replicate
fault
Show
Error complexity
Reproducible error context
information
Recommend
causes to
engineer
Inform user
Known causes about
error causes
Recommend
solution to
engineer
Recommend
Known solution fix to user
Generate
Patch
Automatically resolvable Self-heal
Maalej,
June.
2011
Strategy complexity
25. Detect
and
Describe
Error
SituaIons
FastFix Error Reporting
The application MOSKitt quit unexpectedly.
FastFix will send an error report to the maintenance
center that includes information necessary to fix the
problem as soon as possible. Your personal data will
not be contained in the report.
Once a fix for the problem is identified it will be
automatically sent to you.
Steps to reproduce:
1. Open MOSKitt
2. Import data file (file data obfuscated)
3. Click button named “btn_Transform”
Send
Maalej,
June.
2011
FastFix
Context
Approach
25
26. Context
Augmented
Fault
ReplicaIon
GUI Replay Context
MOSKitt User Interface: Graphical Context View:
User Application Both
Granularity
level
+ A1
B1
C1 C2
-
Search: Graphic Text
Fault Replay
Use these elements to control the fault replay.
Back Play Forward Stop Step In Step Out
Maalej,
June.
2011
FastFix
Context
Approach
26
27. Context
Augmented
Debugging
Condition Position
CPU Load > 75 % Line 4
User Type = Beginner Line 159
NONE Line 13
Context View:
Granularity User Application Both
level
+ +
A1
B1
Fault Replay
Use these elements to control the fault replay.
C1 C2
--
Back Play Forward Stop Step In Step Out
Maalej,
June.
2011
FastFix
Context
Approach
27
28. Error
Cause
and
Error
SoluIon
RecommendaIon
Unhandled Exception in MOSKitt (Automatic Report)
FastFix component
Similar Error Reports Recommendation (FastFix)
Unhandled Exception, org.moskitt.transform,
btn_Transform
FastFix recommends the following similar error reports:
1. Ticket #123: Unhandled Exception in MOSKitt (Automatic Report) - 95% - ASSIGNED
2. Ticket #47: Moskitt crashed while I was importing a model - 67% - CLOSED (FIXED)
3. Ticket #98: Unhandled exception - 65% - ASSIGNED
FastFix Error Report Recommendation
Error Cause Recommendation (FastFix)
Cause Probability
Third party component failure 98% Show solution...
Usability failure 45% Show solution...
Configuration error 12% Show solution...
Maalej,
June.
2011
FastFix
Context
Approach
28
FastFix Error Cause Recommendation
29. Error
Cause
and
Error
SoluIon
RecommendaIon
Control
System behavior of method1:
Error Cause Detected in method1
Self-Heal: Auto-Create Control Objective
Import Control Objective
Objectives
Self-Healing Control Objective
preventing method5:
5
Any event but method1
Maalej,
June.
2011
FastFix
Context
Approach
29
30. Outline
1
MoIvaIon
2
Conceptual
Model
3
ApplicaIons
4
Research
Challenges
Maalej,
June.
2011
FastFix
Context
Approach
30
31. Challenges
of
Context
Awareness
Efficient
InstrumentaIon
How
can
heterogeneous
Privacy
ProtecIon
Context
Modeling
tools
be
efficiently
How
can
we
protect
users’
How
can
we
model
abstract
instrumented?
privacy
while
collec?ng
no?on
of
context
to
support
sensi?ve
informa?on?
What
unique
scenarios?
What
is
Major
research
are
acceptable
trade-‐offs?
part
of
the
context?
challenges
on
context-‐
Context
RepresentaIon
AggregaIon
and
Processing
awareness
Can
we
efficiently
represent
How
can
we
aggregate
data
and
knowledge
and
Context
context
for
different
levels
of
enable
reasoning
and
SessionizaIon
granularity?
Can
we
measure
seman?c
interpreta?on?
and
compare
subjec?ve
How
can
we
“package”
context
like
experience?
context
events?
How
can
a
context
switch
be
detected?
[Maalej,
Roadmap
2010]
Maalej,
June.
2011
FastFix
Context
Approach
31
32. For
more
informaIon
1. W
Maalej,
Inten?on-‐Based
Tool
Integra?on
of
SoPware
Engineering
Tools,
Dr.
Hut
Verlag
2010
(available
at
amazon.de)
2. W
Maalej
,
Task
First
or
Context
First?
Tool
Integra?on
Revisited.
In
Proceedings
of
the
24th
IEEE/ACM
Interna?onal
Conference
on
Automated
SoPware
Engineering,
2009
3. W.
Maalej
and
H-‐J
Happel,
Can
Development
Work
Describe
Itself?
In
Proceeding
of
6th
IEEE
Interna?onal
Conference
on
Mining
SoPware
Repositories,
2010
4. W
Maalej
et
al.
When
Users
Become
Collaborators,
In
OOPSLA
2009
Maalej,
June.
2011
FastFix
Context
Approach
32
34. Summary
of
the
Talk
1
We
model
context
as
a
set
of
events
including
the
interacIon
of
users
with
the
applica?ons
and
the
concerned
arIfacts
2
We
dis?nguish
between
short
term
context
(work
sessions,
intenIons,
problems)
and
long
term
context
(user
experience)
3
Our
research
is
mo?vated
by
so.ware
engineering
work,
but
can
be
easily
extended
to
general
knowledge
work
Maalej,
June.
2011
FastFix
Context
Approach
34
35. Contact
Dr.
Walid
Maalej
TUM
maalejw@cs.tum.edu
Maalej,
June.
2011
FastFix
Context
Approach
35
37. Today’s
Challenges
of
So.ware
Projects
Daily Change"
• Change in design, requirements
and project settings"
• Knowledge ages
2 Information Overload
quickly"
1 • Immense information
“Multiple” Distribution!
sources"
• Outsourcing, offshoring,
Four dynamic • Diverse and complex
open source, multi- and increasing technologies, frameworks
organizational projects" factors and requirements"
• Problems in coordination,
3
knowledge sharing "
• Problems in efficiency " 4
High Competition!
• Short “time to market”"
• Highest productivity, flexibility and
quality is required
Maalej,
June.
2011
FastFix
Context
Approach
37
38. Advantages
of
Using
SemanIc
Web
Technologies
Informa?on
mapping
Ontologies
facilitate
seman?c
mapping
of
heterogeneous
informa?on
Logical
constructs
defining
synonyms,
homonyms,
composites,
specializa?on
…
Advanced
querying
Inclusion
of
seman?cs,
inference-‐ability,
and
powerful
querying
constraints
Informal
evolu?on
of
knowledge
Post-‐structuring
of
informa?on
Unified
resource
iden?fica?on
URIs
have
a
global
scope
URIs
support
mul?ple
versions
and
representa?ons
of
a
resource
Defacto
Standards
Largely
adopted
by
the
industry
Maalej,
June.
2011
FastFix
Context
Approach
38
39. Short Term
What
is
Context?
Used Artifacts
Developer’s Changed
Work Session
Interactions Artifacts
Read Artifacts
Context is the set of all events and information, which can be
observed or interpreted during knowledge work, except those
events and pieces of information that constitute the change
Maalej,
June.
2011
FastFix
Context
Approach
39
40. What
are
IntenIons?
cause
Inten?on
An
inten?on
is
a
context
object
that
describes:
The
conscious
striving
towards
a
work
goal
The
goal
itself,
being
the
output
of
the
work
Inten?ons
underlay
a
causal
model
Maalej,
June.
2011
FastFix
Context
Approach
40