The document discusses the NASA approach to prioritizing software verification and validation (IV&V) tasks. It describes the Software Integrity Level Assessment Process (SILAP) used to determine the risk level of software components and identify the appropriate set of IV&V tasks. SILAP involves assessing the consequence of potential defects and error potential of software based on factors like developer experience and complexity. The resulting risk scores map to specific IV&V tasks to establish confidence in software fitness for purpose.
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Software Reliability is also an important factor affecting system reliability. ... The high complexity of software is the major contributing factor of Software Reliability problems.
The IEEE 1633 provides practical guidance for developing reliable software and making key decisions that include reliability. There are qualitative and quantitative tasks starting from the beginning of the program until deployment. These methods are applicable for agile and incremental development environments. In fact, they work better in an agile environment. This document has practical step by step instructions for how to identify failure modes and root cause, identify risks that are often overlooked, predict defects before the code is even written, plan staffing levels for testing and support, evaluate reliability during testing, and make a release decision. Examples of the techniques are provided. This document was written by people who have real world experience in making software more reliable while still on time and within budget. It covers software failure modes effects analysis, software fault trees, software defect root cause analysis, reliability predictions, defect density predictions, software reliability benchmarking, software reliability growth estimation, developing a reliability driven test suite, allocating reliability to software, evaluating the portion of the total system failures that will be caused by the software, and managing software for reliability. The working group is chaired by Ann Marie Neufelder who is the global leader in reliable software. The document will be updated in 2023 for the Common Defect Enumeration and relationship with DevSecOps.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Costello kenneth
1. Prioritizing Verification and Validation
Resources on Mission and Safety Critical
IV&V Facility
Software
Kenneth A. Costello, NASA IV&V Program
1
2. Discussion Outline
IV&V Facility
• Quick Overview of the NASA Approach to IV&V
– What is IV&V?
– Objectives
– Goal
• NASA Approach to Determining IV&V Tasking
– Software Integrity Level Assessment Process
– Developing the task list
• Dealing with IV&V Implementation Constraints
– Managing Risk with SILAP
– Slicing the Data
– Data views
• Future
2
3. IV&V Facility
What is IV&V at NASA?
• An engineering discipline employing rigorous methods for evaluating
the correctness and quality of the software product throughout the
software life cycle from a system level viewpoint
• The NASA Software IV&V approach covers not only expected operating
conditions but the full spectrum of the system and its interfaces in the
face of unexpected operating conditions or inputs
• Three nominal aspects are technical, managerial and financial
– Technical – The IV&V Program has its own approach to determining where
to focus analysis activities
– Managerial – The IV&V Program is functionally managed by the NASA
Office of Safety and Mission Assurance while project level management
comes form the IV&V Program
– Financial – The IV&V Program is funded from NASA Corporate General &
Administrative funds for Agency identified high priority Projects
3
4. IV&V Facility
A Lifecycle Approach
• The NASA approach is not end of life cycle testing
• It is a testing approach
• Each task that is performed “tests” a development
artifact ranging from system and software
requirements to source code and test results
• Each task in the NASA IV&V Work Breakdown
Structure is designed to “test” a development
artifact or process
• Testing is throughout the life cycle
4
5. IV&V Facility
Objectives of IV&V
• To find defects within the system with a focus on
software and its interactions with the system
• To make an assessment of whether or not the
system is usable in an operational environment,
again with a focus on the software within the
system
• To identify any latent risks associated with the
software
5
6. IV&V Facility
Ultimate Goal of IV&V
Establish confidence that the software is fit
for its purpose within the context of the
system
• Note that the software may not be free from defects
– That is rarely the case and can be difficult to prove
• However, the software must be sufficient for its intended
use
– The system should be as described by the requirements
– The requirements should be representative of the user’s needs
• The type of use will determine the level of confidence that is
needed
– The consequence of software defect/failure will drive the needed
level of confidence
6
8. Software Integrity Level Assessment Process
IV&V Facility
• The NASA Software Integrity Level Assessment Process
(SILAP)
– Combination of the best of the current processes and best practices
from industry and academia
– The process has been used on over 15 projects and executed
multiple times with excellent results
• Process supports two key goals
– Provides the NASA IV&V Program with a consistent risk-based
approach to determining IV&V tasking
– An extremely effective communication tool with the development
projects
8
9. SILAP Overview
IV&V Facility
• Measure of software goodness
– Software integrity level
• How good (dependable, reliable, etc.) does a software
component need to be in terms of its role in the system
– Understand how the component fits within and
impacts the system
– Understand what is required of that component to
be able to maintain the functionality of the system
– Software integrity level is equivalent to the tolerable level
of risk that is associated with the system.
• A software component can be associated with risk because
– a failure (or defect) can lead to a threat, or
– its functionality includes mitigation of consequences of initiating
events in the system’s environment that can lead to a threat
9
10. SILAP Overview (2)
IV&V Facility
• Determine overall needed integrity level
• Impact of a defect
– Determine the worse case error (at the software component level)
that has a reasonable or credible fault/failure scenario
– Consider the system architecture and try to understand how that
software fault/failure scenario may affect the system
– This determines the Consequence of the defect
• Probability that the developer may insert an error into a software
component is determined
– Not an assessment of the probability of a failure, but rather the probability
that an error of any type may exist in the operational software
– This determination is known as the Error Potential
10
11. SILAP Overview (3)
IV&V Facility
• These two factors provided a risk-like look at the software
components
– However, there is no relationship defined between Consequence
and Error Potential that results in a risk level
– Rather Consequence and EP are addressed independently of each
other as will be shown later
• This risk-based approach is the prime reason that
communications with development projects have grown
better
• The risk-based approach also allows the process to be
used to define different levels of risk reduction
11
12. Consequence
IV&V Facility
• Consequence consists of the following items
– Human Safety – This is a measure of the impact that a failure of this
component would have on human life
– Asset Safety – This is a measure of the impact that a failure would have on
hardware
– Performance – This is a measure of the impact that a failure would have on
a mission being able to meet its goals
12
13. Error Potential
IV&V Facility
• Error Potential consists of the following items
– Developer Characteristics
• Experience – This is a measure of the system developer’s experience in developing similar
systems
• Organization – This is a measure of the complexity of the organization developing the
system (distance and number of organizations involved tend to increase the probability of
errors being introduced into the system)
– Software/System Characteristics
• Difficulty – This is a measure of the complexity of the software being developed
• Degree of Innovation – This is a measure of the level of innovation needed in order to
develop this system/software
• System Size – This is a measurement of the size of the system in terms of the software (i.e.,
Source Lines of Code)
– Development Process Characteristics
• Formality of the Process – This is a measure of how maturity of the developer’s processes
• Re-use Approach – This is a measure of the level of re-use for the system/software
• Artifact Maturity – This is a measure of the current state of the development documentation
in relation to the state of the overall development project (i.e., the is past critical design
review but the requirements documents are still full of TBDs and incompletes)
13
14. Developing Tasking
IV&V Facility
• Once the scoring is complete a tasking set is developed based on each
individual score
– There is a set of tasking associated with a given Consequence score
– There is a set of tasking associated with a given Error Potential score
• The tasks are then combined into one set of tasks for that component
– The tasks are not exclusive to a given score, i.e., you may have a task that
shows up for the Consequence score and for the Error Potential score
• This results in a matrix of software components and scores that
provides the starting set of requirements or tasks for IV&V on that
project
14
15. SILAP Process
IV&V Facility
• More specific details of the SILAP process can be
found at the NASA IV&V Program IV&V
Management System (IMS) website
• http://ims.ivv.nasa.gov
• Look under the documentation link for Work
Instruction 9-8-1
– At the time of the writing of this presentation the work
instruction had not been approved for publishing
15
16. IV&V Facility
Dealing with Implementation
Constraints
16
17. Managing Risk With SILAP
IV&V Facility
• The SILAP has been used effectively on many different
types of projects and across several iterations
– The process is easy to use and generates data that is
understandable on many levels, i.e., technical and managerial
– The data can also be grouped to provide different views of the risk
associated with a system
– These different views provides differing level of risk reduction but
can still be tuned to meet the goals and objectives of the IV&V
Program
17
18. Managing Risk With SILAP (2)
IV&V Facility
• As an example, the SILAP data can provide viewpoints that allow for
differing levels of financial commitment but still meet the objectives of
the IV&V program (although at the most minimum level)
– The goal in developing the viewpoints was to always keen in mind a desire
to meet our primary objective but with a funding constraint
– Several other options to dealing with a funding constraint were also
explored
– However the approach using SILAP provided the most consistency in
application and management
18
19. Managing Risk with SILAP (3)
IV&V Facility
• The approach to developing the viewpoints was to start with one of the
underlying principles in SILAP; that the identified software components
could be ranked in a priority fashion
– Items of high consequence and error potential were more important than
those of lower values
• The foundation of the process is determining the consequence of a
defect in a software component
– Performing IV&V on items of high consequence is generally more important
than performing IV&V on items of higher error potential
– Also keep in mind that the tasking associated with each factor,
consequence and error potential, are disjoint and separate
• So with this in mind, not only can components be ranked by a
combination of the two scores, but also by each score individually
19
20. Slicing the Data
IV&V Facility
• Consequence is the foundation
– It is important to examine software components with high consequence
irrespective of their error potential
– It is less important to examine low consequence components irrespective of
their error potential
• Several ranking approaches were developed
• To understand these approaches, there was also a need to understand
some of the details in the criteria for scoring consequence
• In the table on the next page, the shaded areas represent scores of
strong consequence
– In other words, serious or greater injury, permanent loss of an important
part of the spacecraft, or a permanent loss of primary mission data
20
21. Consequence Criteria
IV&V Facility
Consequence
1
2 3 4 5
Human Safety No impact to human Discomfort or nuisance Minor injury or potential Major injury or potential Loss of life
safety for minor injury for major injury
Asset Safety No damage to any s/c Temporary loss to a s/c Permanent loss of non- Permanent loss of Complete loss of
component component primary component primary component vehicle/spacecraft/system
Short-term partial loss of Partial loss of other Complete loss of other
other critical asset critical asset critical asset
Degradation of a non- Degradation of a
primary component primary component
Performance Unable to achieve non- Unable to achieve a Unable to achieve Unable to achieve minimum
primary particular primary multiple mission/science mission/science objectives or
mission/science mission/science objectives minimum success criteria
objective objective
Unrecoverable loss of Unrecoverable loss of
non-primary primary
mission/science data missions/science data
Loss of non-primary Loss of primary capability
capability
21
22. Slicing the Data (2)
IV&V Facility
• Understanding this breakdown between strong and weak
consequences creates a basis for further refining an IV&V approach
• With the primary objective being to provide confidence that the mission
will succeed, we can use the strong consequences as delineators in
this definition
– That is to say, the minimal level of confidence in a mission is defined by
saying that it will not cause a major injury or worse, destroy a major
spacecraft component or the entire spacecraft, or cause the permanent loss
of data or a complete inability to meet one or more mission objectives.
• From this statement several viewpoints were developed based on
differing rankings of consequence and error potential
22
23. Data Views
IV&V Facility
• Each view brings a different level of risk reduction but are easily determined
simply by sorting the scores for components
– Consequence >2 along with EP tasking
– Consequence > 2 with no EP tasking
– No EP tasking
– Performance > 2, Asset safety > 3
– Performance > 2, Asset safety > 3 with no EP tasking
• Note that Performance and Asset safety are called out
– Creates a viewpoint based on the components of Consequence
– This was needed due to the weighting scheme used; combinations of scores exist
that may place the individual component in the shaded area on the previous chart,
but the overall resulting Consequence score may be a 2
– Also note that for the purpose of this example human safety score were not included
• For this presentation, a generic project was developed and the following
potential cost savings were generated based on these scores
• The project had 44 identified software components and the savings are based
on the average cost of performing a given task from the WBS
23
24. Bands of Potential Funding
IV&V Facility
• The cost reduction is
% Savings #of components out
taken against the nominal
Full Tasking - 0 cost for doing all of the
tasking
PF > 2, AS > 3 13% 11
• The components out
EP out 39% 0
column shows the number
PF > 2, AS > 3 and EP out 42% 11 of components removed
form the identified 44
Consequence > 2 40% 29
Consequence > 2 and EP out 50% 29
• In each of these cases, our current belief is that we can still meet the
desire of NASA in providing confidence in the most important portions
of the mission
• It is not the best possible risk reduction, but it meets the minimal
needs of NASA
24
25. The Future of SILAP
IV&V Facility
• The SILAP is the planned approach for determining IV&V tasking for the
future
• Further investigations are also underway to examine the scoring and
document and analyze any trends that can be found
• A tool is currently being developed to allow for the easy capture and
analysis of the scoring data for each individual software component
• Other work is also ongoing to determine how to integrate the results of
SILAP into other views of the systems using various modeling
techniques
– The goal is to provide even greater focus on the critical components of the
system and show how they relate to the success or failure of the system
– Provide a more detailed approach to performing validation of software using
a model based analysis approach
25
26. Questions?
IV&V Facility
• If you have any further questions or comments you can contact
Dr. Butch Caffall, IV&V Program Manager, Director IV&V Facility
NASA IV&V Facility
304 367 8201
Butch.Caffall@nasa.gov
Kenneth Costello, IV&V Program Chief Engineer
NASA IV&V Facility
304 367 8343
Kenneth.A.Costello@nasa.gov
Christina Moats, IV&V Planning and Scoping Lead
NASA IV&V Facility
304 367 8340
Christina.D.Moats@nasa.gov
26