Overcoming Barriers to Risk-Based MonitoringBioclinica
Risk-Based Monitoring offers an amazing opportunity, but there are many companies that are hesitant to undertake such an initiative. In this on demand webinar, experts Mireille Zerola and Courtney McBean will discuss common challenges organizations face when transitioning to risk based monitoring and ways to overcome these obstacles.
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
Presentation slides of MSR 2018 article, co-authored by Alexandre Decan, Tom Mens and Eleni Constantinou from University of Mons, Belgium. Research carried out as part of the SECOHealth and SECO-ASSIST research projects. Abstract: Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vul- nerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they affect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.
Download this presentation to learn how workspace design and technology can be brought together to create environments where teams and individuals communicate, work, play, learn and innovate. For more information please visit our website here: http://bit.ly/1iahl59
Operating workloads in the public cloud no longer means trading visibility and threat detection for agility. With Cisco Stealthwatch Cloud, you can protect your workloads across private, multicloud, and hybrid environments.
In this interactive technical session, Cisco engineer John Heintz will show you how this cloud-delivered solution uses entity modeling and machine learning to help you detect threats and protect your data wherever it flows.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9002Djilo
TechWiseTV: http://cs.co/9009DzrjN
How Silicon Valley startups are approaching security differentlyScott Cressman
Presented at Secure 360 in May 2015:
Based on my blog post: 5 Ways Silicon Valley “Startups” Are Approaching Security Differently – Available here: http://blog.opendns.com/2014/09/26/5-ways-silicon-valley-startups-approaching-security-differently
The perimeter is dissolving. Your users are going mobile. The Cloud is descending upon us. However you say it, the IT landscape is definitely changing, and thanks to these seismic shifts, cracks in your security have developed that allow the bad guys in. So if you could start from scratch and design your IT organization again with the benefit of today’s technology, how would you do it differently? I asked that question and got answers from a few of the who’s who of the Silicon Valley “startups” that have experienced explosive growth in recent years. While it may be impossible or impractical to immediately apply these changes to your organization, understanding their approach could give you a valuable window into how your organization may be forced to change in the coming months or years if you hope to be successful securing your IT environment of the future.
Enterprise Lean-Agile: It’s More Than ScrumTechWell
Introducing agile development into a large enterprise is like creating a bubble of sanity in the midst of bedlam. Unless the sanity spreads, the effort is ultimately frustrating, frustrated—and fails. Jeff Marr describes the web of the enterprise ecosystem and presents strategies to build a common agile and lean vocabulary and set of practices within your organization. The lean/agile tenets must be understandable to and appropriate for executive leaders, non-agile product development teams, hardware development, manufacturing, customer support, sales, regulatory compliance, and other elements of the enterprise. Jeff describes how enterprises typically view agile and ways common misconceptions play to your advantage and disadvantage. Finally, Jeff describes an approach to establishing partnerships of mutual interest across the enterprise. If you are a leader, champion, coach, or team member struggling with or preparing for agile adoption in the enterprise, you’ll take away invaluable tips to help you avoid pitfalls, improve communication, and spread the sanity.
Chris Wright, Red Hat Chief Technologist, discussed how the needs of communications service providers are being addressed with an upstream first, open source philosophy. Chris touched on the evolution of network functions from hardware to cloud based, and how the industry can achieve the service availability, security, automation, and scale necessary with a Network Functions Virtualization platform through community innovation.
Welcome to everything the cloud has to offer. Now, you need to keep your apps and workloads secure, without compromising the speed and flexibility of the cloud. This is the new economics of cloud security.
Learn more: https://www.alertlogic.com/neweconomics
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for DevelopersCisco DevNet
In this session, participants will gain an insight into how to deploy a continuous integration environment for application delivery using Cisco OpenStack Private Cloud APIs. The session will cover several open source technologies including Gitlab, Jenkins, Docker, OpenStack Heat, Ansible, and Terraform with the purpose of delivering a simple ReactJS application.
Overcoming Barriers to Risk-Based MonitoringBioclinica
Risk-Based Monitoring offers an amazing opportunity, but there are many companies that are hesitant to undertake such an initiative. In this on demand webinar, experts Mireille Zerola and Courtney McBean will discuss common challenges organizations face when transitioning to risk based monitoring and ways to overcome these obstacles.
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
Presentation slides of MSR 2018 article, co-authored by Alexandre Decan, Tom Mens and Eleni Constantinou from University of Mons, Belgium. Research carried out as part of the SECOHealth and SECO-ASSIST research projects. Abstract: Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vul- nerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they affect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.
Download this presentation to learn how workspace design and technology can be brought together to create environments where teams and individuals communicate, work, play, learn and innovate. For more information please visit our website here: http://bit.ly/1iahl59
Operating workloads in the public cloud no longer means trading visibility and threat detection for agility. With Cisco Stealthwatch Cloud, you can protect your workloads across private, multicloud, and hybrid environments.
In this interactive technical session, Cisco engineer John Heintz will show you how this cloud-delivered solution uses entity modeling and machine learning to help you detect threats and protect your data wherever it flows.
Resources:
Watch the related TechWiseTV episode: http://cs.co/9002Djilo
TechWiseTV: http://cs.co/9009DzrjN
How Silicon Valley startups are approaching security differentlyScott Cressman
Presented at Secure 360 in May 2015:
Based on my blog post: 5 Ways Silicon Valley “Startups” Are Approaching Security Differently – Available here: http://blog.opendns.com/2014/09/26/5-ways-silicon-valley-startups-approaching-security-differently
The perimeter is dissolving. Your users are going mobile. The Cloud is descending upon us. However you say it, the IT landscape is definitely changing, and thanks to these seismic shifts, cracks in your security have developed that allow the bad guys in. So if you could start from scratch and design your IT organization again with the benefit of today’s technology, how would you do it differently? I asked that question and got answers from a few of the who’s who of the Silicon Valley “startups” that have experienced explosive growth in recent years. While it may be impossible or impractical to immediately apply these changes to your organization, understanding their approach could give you a valuable window into how your organization may be forced to change in the coming months or years if you hope to be successful securing your IT environment of the future.
Enterprise Lean-Agile: It’s More Than ScrumTechWell
Introducing agile development into a large enterprise is like creating a bubble of sanity in the midst of bedlam. Unless the sanity spreads, the effort is ultimately frustrating, frustrated—and fails. Jeff Marr describes the web of the enterprise ecosystem and presents strategies to build a common agile and lean vocabulary and set of practices within your organization. The lean/agile tenets must be understandable to and appropriate for executive leaders, non-agile product development teams, hardware development, manufacturing, customer support, sales, regulatory compliance, and other elements of the enterprise. Jeff describes how enterprises typically view agile and ways common misconceptions play to your advantage and disadvantage. Finally, Jeff describes an approach to establishing partnerships of mutual interest across the enterprise. If you are a leader, champion, coach, or team member struggling with or preparing for agile adoption in the enterprise, you’ll take away invaluable tips to help you avoid pitfalls, improve communication, and spread the sanity.
Chris Wright, Red Hat Chief Technologist, discussed how the needs of communications service providers are being addressed with an upstream first, open source philosophy. Chris touched on the evolution of network functions from hardware to cloud based, and how the industry can achieve the service availability, security, automation, and scale necessary with a Network Functions Virtualization platform through community innovation.
Welcome to everything the cloud has to offer. Now, you need to keep your apps and workloads secure, without compromising the speed and flexibility of the cloud. This is the new economics of cloud security.
Learn more: https://www.alertlogic.com/neweconomics
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for DevelopersCisco DevNet
In this session, participants will gain an insight into how to deploy a continuous integration environment for application delivery using Cisco OpenStack Private Cloud APIs. The session will cover several open source technologies including Gitlab, Jenkins, Docker, OpenStack Heat, Ansible, and Terraform with the purpose of delivering a simple ReactJS application.
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
This talk is from DevSecOps Singapore, June 29th, 2017.
Continuous Delivery and Security are traveling companions if we want them to be. This talk highlights how to make that happen in three areas of the delivery pipeline.
Devs are from Mars, Ops are from Venus, Maish Saidel-Keesing, CiscoDevOpsDays Tel Aviv
Developers and Operations people are different creatures – sometimes they seem that they come from a totally different planet. They think differently – have different outlooks on life, on how tasks should be managed, and how an infrastructure should be managed. Can the twain meet? This session will discuss the intricate differences between the two species, and how one should bridge the gaps between them – so that your company can make true use of a Devops culture – and take your company to a whole different level.
Cisco - Revamping and Standardizing Global Marketing and Sales ContentCorporate Visions
Find out what happens when a company with thousands of salespeople and channel partners, and tens of thousands of pieces of marketing content, created by hundreds of different product groups and business units, decides to create content that is consistent and supports the right actions in the field. Thierry will discuss Cisco’s global effort to create less, but more relevant content, in order to help deliver better sales impact.
The rules of the game in IT are changing rapidly and companies facing these market transitions are looking for ways to build an intelligent network platform that can help lines of business capture new business opportunities. Cisco Borderless Networks is the architecture that allows enterprise of any size, to leverage technology transitions through our portfolio of services - rich, secure, and efficient products and solutions. Customers are able to connect anyone, anywhere, anytime, and on any device – securely, reliably, and seamlessly.
Learn how and why John McDonough contributes to Ansible and how you can too. We’ll arm you with what you need to know, things like Python, Git, and YAML.
Rome 2017: Building advanced voice assistants and chat botsCisco DevNet
If it takes minutes to code a simple bot, building professional bots represents quite a challenge. Soon you realize you need serious programming and API architecture experience but also “Bot” specific skills. In this session, we'll first show the code of advanced Chat and Voice interactions, and then explore the challenges faced when building advanced Bots (Context storage, NLP approaches, Bot Metadata, OAuth scopes), and discuss interesting opportunities from latest industry trends (Bot platforms, Serverless, Microservices). This talk is about showing the code and sharing lessons learned.
How to Build Advanced Voice Assistants and ChatbotsCisco DevNet
Learn more about the CodeMotion Voice Machine and Cisco DevNet Chatbot. Understand what a typical bot journey is and where to go to get more information about Cisco Spark and Tropo.
Cisco Spark and Tropo and the Programmable WebCisco DevNet
Learn how Cisco Spark and Tropo collaboration features can be easily combined with hundreds of cloud APIs to build sophisticated, flexible workflows via a new breed of programmable web solutions from 'Integration Platform as a Service (iPaaS)' partners like Built.io, Zapier and IFTTT. This session covers multiple real-world Cisco+iPaaS use-cases, and includes a hands-on walk-through demonstrating how to build a Spark+Tropo sample application using Built.io.
Watch the BRK-DEV2004 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92557&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
Device Programmability with Cisco Plug-n-Play SolutionCisco DevNet
Cisco Open Plug-n-Play solution allows customers to reduce the costs associated with deployment/installation of network devices, increase the speed and reduce the complexity of deployments without compromising the security. Using Cisco Plug-n-Play solution, customers can do Zero Touch Installs of Cisco gear in various deployment scenarios and deployment locations.
Watch the DevNet 2052 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=91108&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
Building a WiFi Hotspot with NodeJS: Cisco Meraki - ExCap APICisco DevNet
Captive Portals, also known as Splash Pages, are a common requirement for guest WiFi. Captive portals typically deliver branding, a terms of service and a simple login process before authenticating the client onto the network. By leveraging the Meraki ExCap API, developers can customize this experience based on their requirements. This deep dive will walk through the various API options: Click-through vs Sign-on Splash page Programming a Click-through and Sign-on (w/ RADIUS) using NodeJS Programming a Click-through with Node-RED Leveraging OAuth for social login support.
Watch the DevNet 2049 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92727&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
Application Visibility and Experience through Flexible NetflowCisco DevNet
The world of applications is changing rapidly in the enterprise; from the way applications are increasingly hosted in the cloud, the diverse nature of apps and to the way they are consumed by many devices. The need for organizations and network administrators is to focus on "Fast IT" - "Innovation in the Enterprise" is growing, which means having to spend less time on daily operations, maintenance and troubleshooting and more time on delivering business value with newer services. Cisco AVC with its NBAR2 technology is designed to detect applications and measure application performance through measuring round trip time, retransmission rates, jitter, delay, packet loss, MoS, URL statistics etc. Those details are transmitted using Flexible Netflow/IPFIX, so partners could leverage the data for application usage reporting, performance reporting and troubleshooting application issues to deliver best possible application experience.
Watch the DevNet 2047 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92664&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
The WAN Automation Engine (WAE) is a software platform that provides multivendor and multilayer visibility and analysis for service provider and large enterprise networks. It plays a critical role in answering key questions of network resource availability, and when appropriate can automate and simplify Traffic Engineering mechanisms such as RSVP-TE and Segment Routing. This session will focus on use-cases and APIs for developers.
Watch the DevNet 2035 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92720&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
Cisco's Open Device Programmability Strategy: Open DiscussionCisco DevNet
Cisco DNA is an open and extensible, software-driven architecture built on a set of design principles with the objective of providing:
- Insights & Actions to drive faster business innovation
- Automaton & Assurance to lower IT costs and complexity while meeting business and user expectations
- Security & Compliance to reduce risk as the organization continues to expand and grow. The architecture extends to Cisco network elements.
This session will focus on the open, model-driven, programmable interfaces available across Cisco's network elements which enable you to leverage and extend your network through applications that directly access the routers and switches in your network.
Watch the DevNet 1028 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=91041&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Cisco DevNet
In this small group, hands-on workshop session you'll learn how to write your first Python application that uses YANG, NETCONF and , RESTCONF to access operational and configuration data on a device.
Watch the DevNet 2044 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92725&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
NETCONF & YANG Enablement of Network DevicesCisco DevNet
A technical discussion and a demo showing how Tail-f's ConfD management agent can be used to implement NETCONF and YANG, the industry-leading solution for providing a programmable management interface in a network element. ConfD is recognized as the best-in-breed embedded software for implementing management functions in network elements, including physical devices and virtualized network functions (VNF) for NFV.
This Workshop is a best fit for engineers who are involved in the design and development of embedded software for network devices. Attendees will gain a basic understanding of what NETCONF and YANG are and how ConfD provides a solution for embedding this technology in the network devices. More information about ConfD can be found at: https://developer.cisco.com/site/confD/
Watch the DevNet 1216 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92703&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
UCS Management APIs A Technical Deep DiveCisco DevNet
Underneath the UCS API Python SDK, Powershell Libraries and VMware and OpenStack plugins there is the UCS XML API itself. This session will go deep into the API and explain how the SDK, Libraries and plugins actually communicate with UCS components. We will cover API session management, queries, query filters, configuration methods, functions and event subscription. Understanding the low-level UCS APIs and Object Model will enable you to build your own programmatic interface into your UCS environments in the language you like on the platform of your choosing.
Watch the DevNet 3003 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=91099&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
The DevOps model is rapidly transforming IT operations and development practices. But what are the precursors necessary to implement DevOps? To achieve an agile, virtualized, and highly automated IT environment, what technological requirements need to be in place? OpenStack has the potential to facilitate DevOps implementation and practices at several different layers in the data center. In this session we'll quickly discuss what DevOps is, then discuss many components that are logically required to move towards DevOps in your environment. Finally we'll explore in depth several ways OpenStack can provide these baseline components.
Watch the DevNet 1104 replay from the Cisco Live On-Demand Library at: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=92695&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
What is Tropo, how do you use it, and what can you use it for? In this session, you'll learn how Tropo works, see some real-life examples, and learn how to create your own voice and SMS applications in minutes.
Watch the DevNet 1023 replay from the Cisco Live On-Demand Library at:https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=91050&backBtn=true
Check out more and register for Cisco DevNet: http://ow.ly/jCNV3030OfS
DevNet Express - Spark & Tropo API - Lisbon May 2016Cisco DevNet
Direct from the Cisco DevNet Lisbon Portugal Express event in May 2016. Learn about Cisco DevNet, Spark and Tropo APIs any why there's never been a better time to innovate with Cisco.
Direct from DevNet@TAG in Milan and Rome in May 2016! Learn about Cisco DevNet, Spark and Tropo APIs any why there's never been a better time to innovate with Cisco.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
= The Cathedral and the Bazaar, Eric S Raymond
With more eyes, all bugs become shallow.
Release early, release often.
Cultivate your community.
= Snort
Started as 1200 lines of code written in a weekend
Release every two weeks, 26 releases in a year
Marty wrote 2000 emails in the first year
Very active community
Can’t speak too much about its development, but also an active community
What it does bring to us is hundreds of thousands of samples every day
Like snort, other projects use this code, expanding its user base and providing us samples and detections
Throw away early version 5 years ago
Many of the original features were added to snort mainline over the years
Back, and better than ever
Multithreading
Improved rule language
Improved configuration
Still Open Source
Sourcefire didn't sell Snort, we sold everything but snort
manageability
scalability
performance
automation
support