Slides from the Atlanta (12th) IDESG plenary, on progress towards the IDESG Functional Requirements for supporting implementable NSTIC principles. From the IDESG Framework Management Office (OASIS).
The Agile UX Equation: Constructing a Powerful, but Lightweight ProcessUserZoom
One of the biggest challenges of designing user experiences in an agile world is fitting into agile processes. Join Dean Barker, VP of UX and Agile coaching at Optum/UnitedHealth Group, as he discusses how to remove the waste from your UX processes for a truly lean foundation.
The Agile UX Equation: How to Implement UserZoom Within Your Agile FrameworkUserZoom
Join Sarah as she walks you through specific examples of how you can leverage UserZoom for UX insights even in the fast-paced world of agile development.
In the world of agile, there is theory and then there is practice. We like to talk about self-organizing teams, asynchronous execution, BDD, TDD, and emergent architecture. We also talk about cross-functional teams: how analysts, testers, architects, technical writers, and UX designers belong on the same team, right next to programmers. It all sounds nice in theory, but how does this work in reality? What do these people actually do? How do they interact? What does it look like? Is there really a pragmatic way to make this work?
In this simulation, a cross-functional team will actually build a piece of software. Every specialist will have a hand in the process. Every specialist will also act as a generalist. Everyone will add value. And as a team, we’ll get something DONE.
This is your opportunity to see agile development in practice, and to bridge the gap between what agilists say and what teams do. And it’s not as new or as difficult as you think – affinity between testers, BA’s, coders, and other team members has really been at the root of effective development practices all along. Let’s just finally acknowledge that it works, demonstrate its capabilities, and encourage it going forward.
This IS agile development.
The Agile UX Equation: Constructing a Powerful, but Lightweight ProcessUserZoom
One of the biggest challenges of designing user experiences in an agile world is fitting into agile processes. Join Dean Barker, VP of UX and Agile coaching at Optum/UnitedHealth Group, as he discusses how to remove the waste from your UX processes for a truly lean foundation.
The Agile UX Equation: How to Implement UserZoom Within Your Agile FrameworkUserZoom
Join Sarah as she walks you through specific examples of how you can leverage UserZoom for UX insights even in the fast-paced world of agile development.
In the world of agile, there is theory and then there is practice. We like to talk about self-organizing teams, asynchronous execution, BDD, TDD, and emergent architecture. We also talk about cross-functional teams: how analysts, testers, architects, technical writers, and UX designers belong on the same team, right next to programmers. It all sounds nice in theory, but how does this work in reality? What do these people actually do? How do they interact? What does it look like? Is there really a pragmatic way to make this work?
In this simulation, a cross-functional team will actually build a piece of software. Every specialist will have a hand in the process. Every specialist will also act as a generalist. Everyone will add value. And as a team, we’ll get something DONE.
This is your opportunity to see agile development in practice, and to bridge the gap between what agilists say and what teams do. And it’s not as new or as difficult as you think – affinity between testers, BA’s, coders, and other team members has really been at the root of effective development practices all along. Let’s just finally acknowledge that it works, demonstrate its capabilities, and encourage it going forward.
This IS agile development.
DOES15 - Randy Shoup - Ten (Hard-Won) Lessons of the DevOps TransitionGene Kim
Randy Shoup, Consulting CTO
DevOps is no longer just for Internet unicorns any more. Today many large enterprises are transitioning from the slow and siloed traditional IT approach to modern DevOps practices, and getting substantial improvements in agility, velocity, scalability, and efficiency. But this transition is not without its challenges and pitfalls, and those of us who have led this journey have the scar tissue to prove it.
A successful transition to DevOps practices ultimately involves changes to organization, to culture, and to architecture. Organizationally, we want to create multi-skilled teams with end-to-end ownership and shared on-call responsibilities. Culturally, we want to prioritize solving problems and improving the product over closing tickets. Architecturally, we want to move to an infrastructure with independently testable and deployable components.
The ten practical lessons outlined in this session synthesize the speaker’s experiences leading teams at eBay, Google, and KIXEYE, as well as from his current consulting practice.
Faster Usability Testing in an Agile World - Agile UX Virtual Summit 2017 by ...Carol Smith
Carol Smith presented "Faster Usability Testing in an Agile World" via webinar during the Agile UX Virtual Summit 2017 by UXPin.
This presentation covers:
- Brief intro to how the IBM Watson Design team runs continuous usability tests and integrates the UX team
- How design work fits into the Agile process via dual track development
- When to run moderated, un-moderated, remote, and in-person studies
- How to effectively communicate UX findings and recommendations
Make User Experience Part of The KPI Conversation With Universal MeasuresUserZoom
Join Dr. Andrea Peer and learn:
-How Universal Measures makes tangible the abstract concept of experience for your organization
-How practitioners can make experience a critical KPI for their organization
-Ways to establish experience score goals for all lines of business
-The benefits Universal Measures brings to executives and stakeholders
How much business agility can an organization achieve? Is this related to the nature of the organization? To its business model, size, culture, geographical distribution, leadership? Yes, certainly all these elements play a fundamental role in how and in how much agility we can expect to have.
You might be surprised to know, though, that there are different ways in which those elements can contribute, which means that business agility is achievable in quite different types of organizations, sometimes unexpectedly.
In this session, we are going to relate part of the journey that the speakers, in their function of business agility coaches, are traveling with one of their clients, Pietro Fiorentini Spa, an Oil&Gas multinational company.
This company is exceptionally well-versed in Lean methods, which they have brought outside of just production and into different functions of the organization, and this has provided them with a great deal of efficiency in what they do.
However, they realize that efficiency (“doing the thing right”) without effectiveness (“doing the right thing”) is worthless or even harmful.
So their quest for business agility is a challenge in preserving all that makes them so efficient and improving, through news processes and ways of collaborating, their effectiveness.
We are going to discuss some of the changes that are being implemented in terms of leadership, self-organization, and team autonomy in several functions, including concrete examples coming form the designing and building of one of their production lines.
We intend to illustrate how business agility goes beyond production (certainly way beyond software production) and can coexist — and be synergetic — with some well-established management approaches.
Originally presented the 12 September 2020 at Agile Business Day, Andrea Provaglio, Paolo Sammicheli, and Andrea Aganetti.
Don't get blamed for your choices - Techorama 2019Hannes Lowette
As developers, we make choices all the time: architecture, frameworks, libraries, cloud providers, etc. And if you’ve been around for a while, you probably ended up regretting at least some of your choices.
In this session, we'll explore the typical pitfalls of making development choices and how to avoid them. By the end of this session, you will be armed to take any decision they will throw at you.
Now, if only there was a way to prove to your peers and superiors that you acquired this skill...
Well, there is! RAD Certification! I'll end my talk by telling you about this awesome certification program!
The Agile Shape-up method for collaborative developments in international con...Daniele Bailo
The presentation shows an innovative Agile approach to enabling software development collaborations in international, distributed teams. Optimal for collaboration in EU projects and other international teams
At our webinar, "Getting Started With MBSE: A Data-Driven Approach With Innoslate," Systems Engineer, Lilleigh Stevie, shared the foundation of MBSE that allows you to easily track your system through the entire lifecycle.
ADVANCING RESEARCH COMPUTING ON CAMPUSES: BEST PRACTICES WORKSHOP - Facilitat...Sean Cleveland Ph.D.
This workshop will discuss what it means to be a facilitator; best methods for outreach, engaging, and assisting researchers; and practices for effective education and training. It is intended for individuals considering facilitation as a career, those new at facilitation, and experienced professionals.
Presented at the Association of Moving Image Archivists' 2013 annual conference, this presentation describes Carnegie Hall's Digital Archives Project and includes information on processes related to its archival digitization, preservation, and digital asset management activities.
Дизайн – это решение проблемы. Продукты, которые мы создаем, хороши ровно настолько, насколько хорошо мы изначально определили и поняли проблемы, которые хотим решить. Когда компания хочет изменить продукт и сделать это быстро, у дизайн команды не так много времени на поиск и предоставление заказчику жизнеспособного решения. В своем докладе я открою секрет, как оставаться на одной волне с заказчиками по поводу ваших пользователей, юзкейсов, бизнес-целей и проблем, найденных в продукте.
В Wrike мы улучшаем наш продукт, работая по системе дизайн-спринтов. Она позволяет нам создавать жизнеспособный, протестированный и валидированный концепт всего за 5 дней. С удовольствием расскажу о том, как это работает.
Agile 2013: Pat Reed and I discussing Scrum and Compliance Laszlo Szalvay
To become a mainstream methodology, Agile had to overcome many potential obstacles. The first was geography…One of today’s most daunting obstacles is compliance, often bringing heavyweight documentation, required procedures that are very waterfall-ish, complex approval work flows, and complicated approval processes begins Compliance Is A Hurdle, Not A Barrier, To Agile a Forrester Research paper published in July 2011.
This presentation will walk attendees through the problem of why organizations trying to manage a software development life cycle or PMO in a heavily regulated industry are fraught with challenges (e.g. externally mandated documentation levels, limiting the requirements and scope of the Product Owner, morale of employees). The presenters will discuss the fact that many of the external compliance standards (FASB, MAS, FSOC) are vague, and worse yet not written with the software development team in mind. In fact one of the risks is the interpretation of policy or external compliance standard remains on the business or with an executive (through personal / fiduciary guarantees). For example, authors of US Federal legislation (e.g. Dodd Frank Act) do not specifically consider software development when writing laws and are often ignorant to the downstream effects of said legislation for a development team based in Russia or India. When asked for clarifications the FSOC does not know enough about software development to provide clear and concise answers and the amount of documentation in the said legislation can be (a) in the thousands of pages and (b) within living documents.
DOES15 - Randy Shoup - Ten (Hard-Won) Lessons of the DevOps TransitionGene Kim
Randy Shoup, Consulting CTO
DevOps is no longer just for Internet unicorns any more. Today many large enterprises are transitioning from the slow and siloed traditional IT approach to modern DevOps practices, and getting substantial improvements in agility, velocity, scalability, and efficiency. But this transition is not without its challenges and pitfalls, and those of us who have led this journey have the scar tissue to prove it.
A successful transition to DevOps practices ultimately involves changes to organization, to culture, and to architecture. Organizationally, we want to create multi-skilled teams with end-to-end ownership and shared on-call responsibilities. Culturally, we want to prioritize solving problems and improving the product over closing tickets. Architecturally, we want to move to an infrastructure with independently testable and deployable components.
The ten practical lessons outlined in this session synthesize the speaker’s experiences leading teams at eBay, Google, and KIXEYE, as well as from his current consulting practice.
Faster Usability Testing in an Agile World - Agile UX Virtual Summit 2017 by ...Carol Smith
Carol Smith presented "Faster Usability Testing in an Agile World" via webinar during the Agile UX Virtual Summit 2017 by UXPin.
This presentation covers:
- Brief intro to how the IBM Watson Design team runs continuous usability tests and integrates the UX team
- How design work fits into the Agile process via dual track development
- When to run moderated, un-moderated, remote, and in-person studies
- How to effectively communicate UX findings and recommendations
Make User Experience Part of The KPI Conversation With Universal MeasuresUserZoom
Join Dr. Andrea Peer and learn:
-How Universal Measures makes tangible the abstract concept of experience for your organization
-How practitioners can make experience a critical KPI for their organization
-Ways to establish experience score goals for all lines of business
-The benefits Universal Measures brings to executives and stakeholders
How much business agility can an organization achieve? Is this related to the nature of the organization? To its business model, size, culture, geographical distribution, leadership? Yes, certainly all these elements play a fundamental role in how and in how much agility we can expect to have.
You might be surprised to know, though, that there are different ways in which those elements can contribute, which means that business agility is achievable in quite different types of organizations, sometimes unexpectedly.
In this session, we are going to relate part of the journey that the speakers, in their function of business agility coaches, are traveling with one of their clients, Pietro Fiorentini Spa, an Oil&Gas multinational company.
This company is exceptionally well-versed in Lean methods, which they have brought outside of just production and into different functions of the organization, and this has provided them with a great deal of efficiency in what they do.
However, they realize that efficiency (“doing the thing right”) without effectiveness (“doing the right thing”) is worthless or even harmful.
So their quest for business agility is a challenge in preserving all that makes them so efficient and improving, through news processes and ways of collaborating, their effectiveness.
We are going to discuss some of the changes that are being implemented in terms of leadership, self-organization, and team autonomy in several functions, including concrete examples coming form the designing and building of one of their production lines.
We intend to illustrate how business agility goes beyond production (certainly way beyond software production) and can coexist — and be synergetic — with some well-established management approaches.
Originally presented the 12 September 2020 at Agile Business Day, Andrea Provaglio, Paolo Sammicheli, and Andrea Aganetti.
Don't get blamed for your choices - Techorama 2019Hannes Lowette
As developers, we make choices all the time: architecture, frameworks, libraries, cloud providers, etc. And if you’ve been around for a while, you probably ended up regretting at least some of your choices.
In this session, we'll explore the typical pitfalls of making development choices and how to avoid them. By the end of this session, you will be armed to take any decision they will throw at you.
Now, if only there was a way to prove to your peers and superiors that you acquired this skill...
Well, there is! RAD Certification! I'll end my talk by telling you about this awesome certification program!
The Agile Shape-up method for collaborative developments in international con...Daniele Bailo
The presentation shows an innovative Agile approach to enabling software development collaborations in international, distributed teams. Optimal for collaboration in EU projects and other international teams
At our webinar, "Getting Started With MBSE: A Data-Driven Approach With Innoslate," Systems Engineer, Lilleigh Stevie, shared the foundation of MBSE that allows you to easily track your system through the entire lifecycle.
ADVANCING RESEARCH COMPUTING ON CAMPUSES: BEST PRACTICES WORKSHOP - Facilitat...Sean Cleveland Ph.D.
This workshop will discuss what it means to be a facilitator; best methods for outreach, engaging, and assisting researchers; and practices for effective education and training. It is intended for individuals considering facilitation as a career, those new at facilitation, and experienced professionals.
Presented at the Association of Moving Image Archivists' 2013 annual conference, this presentation describes Carnegie Hall's Digital Archives Project and includes information on processes related to its archival digitization, preservation, and digital asset management activities.
Дизайн – это решение проблемы. Продукты, которые мы создаем, хороши ровно настолько, насколько хорошо мы изначально определили и поняли проблемы, которые хотим решить. Когда компания хочет изменить продукт и сделать это быстро, у дизайн команды не так много времени на поиск и предоставление заказчику жизнеспособного решения. В своем докладе я открою секрет, как оставаться на одной волне с заказчиками по поводу ваших пользователей, юзкейсов, бизнес-целей и проблем, найденных в продукте.
В Wrike мы улучшаем наш продукт, работая по системе дизайн-спринтов. Она позволяет нам создавать жизнеспособный, протестированный и валидированный концепт всего за 5 дней. С удовольствием расскажу о том, как это работает.
Agile 2013: Pat Reed and I discussing Scrum and Compliance Laszlo Szalvay
To become a mainstream methodology, Agile had to overcome many potential obstacles. The first was geography…One of today’s most daunting obstacles is compliance, often bringing heavyweight documentation, required procedures that are very waterfall-ish, complex approval work flows, and complicated approval processes begins Compliance Is A Hurdle, Not A Barrier, To Agile a Forrester Research paper published in July 2011.
This presentation will walk attendees through the problem of why organizations trying to manage a software development life cycle or PMO in a heavily regulated industry are fraught with challenges (e.g. externally mandated documentation levels, limiting the requirements and scope of the Product Owner, morale of employees). The presenters will discuss the fact that many of the external compliance standards (FASB, MAS, FSOC) are vague, and worse yet not written with the software development team in mind. In fact one of the risks is the interpretation of policy or external compliance standard remains on the business or with an executive (through personal / fiduciary guarantees). For example, authors of US Federal legislation (e.g. Dodd Frank Act) do not specifically consider software development when writing laws and are often ignorant to the downstream effects of said legislation for a development team based in Russia or India. When asked for clarifications the FSOC does not know enough about software development to provide clear and concise answers and the amount of documentation in the said legislation can be (a) in the thousands of pages and (b) within living documents.
Towards an Agile Foundation for the Creation and Enactment of Software Engine...Brian Elvesæter
B. Elvesæter, M. Striewe, A. McNeile, and A.-J. Berre, "Towards an Agile Foundation for the Creation and Enactment of Software Engineering Methods: The SEMAT Approach", paper presentation at PMDE 2012, Kongens Lyngby, Denmark, 3 July 2012.
If You Build It, They Will Come: Building a Faculty Development Hub in Bright...D2L Barry
Slides used for webinar, May 9, 2017 for the Brightspace Teaching and Learning Community.
Presenters: Ashley Riddle and Amanda Dills, Oklahoma City University
Description: How do we make faculty training accessible and its impact measurable? This webinar introduces one solution: A faculty development hub created using the Awards tool, Release Conditions, and enhanced content in D2L. Takeaways include a hub planning checklist and a course template they can upload and customize for their own learning environments.
NSTIC IDESG Baseline Requirements for Security, Privacy, UX and InteropJames Bryce Clark
Developed in the US-NIST-sponsored "IDESG" program as the consensus product of over 100 identity, privacy, security, UX, standards and apps experts in 2015. OASIS staffed this project and served as primary editor.
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
Shared with permission from author. Analysis from individual members of OASIS, presented at a recent meeting of the OASIS Cyber Threat Intelligence TC (the development platform for STIX/TAXII). Extracted from a broader set posted to: https://lists.oasis-open.org/archives/cti/201601/msg00000/_cybersecurity_act_reference-model_1.1.pptx
This information is provided for information, but does not represent the output or official views of OASIS or its technical committees..
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...James Bryce Clark
Thoughts as DHS takes STIX and TAXII through the open standards process - from the WorldBank / OASIS Borderless Cybersecurity conference. Author = Richard Struse
OASIS PMRM overview and tools #EIC2014: Sabo and JanssenJames Bryce Clark
OASIS Privacy Management Reference Model TC (#PMRM) presentation about #standards for #privacy policy implementation, enforcement and modelling methods: by Gershon Janssen and John Sabo at #EIC2014 (European Identity Conference) in Munich, May 2014. Source: https://lists.oasis-open.org/archives/pmrm/201405/msg00004.html
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
4. 4
You Are Here
(not a complete picture, but illustrative)
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment
5. You Are Here
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment
Staff
help
Staff
help
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
6. You Are Here
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment
Staff
help
Staff
help
Staff
help
Staff
help
7. You Are Here
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
8. You Are Here
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
9. You Are Here
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
Staff
help
10. You Are Here
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment
21. 21
Draft SECURITY Requirements
6. Credentials and associated tokens are granted to the appropriate
and intended user(s) only.
7. There are clear processes, policies, and procedures in place for the
execution of identity functions.
8. End users have access to the policies and procedures in place for
the execution of identity functions.
9. The confidentiality and integrity of authentication data are
protected. Data (such as passwords and passphrases) used for
authentication are never stored in plaintext.
10. User control of the token is proven during the authentication
process.
11. Users must be able to choose authentication mechanisms that are
stronger than single factor passwords and passphrases and are
commensurate with the level of risk associated with the
transaction.
27. 27
Draft PRIVACY Requirements
7. Organizations shall determine the necessary quality of data used in identity
assurance solutions based on the risk of that transaction, including to the
individuals involved.
8. When terminating business operations or overall participation in the Identity
Ecosystem, organizations shall, while maintaining the security of individuals'
information, transfer it upon their request and destroy it unless they request
otherwise.
9. Organizations shall be accountable for conformance to these requirements,
and provide mechanisms for auditing, validation, and verification.
10. Organizations shall provide effective redress mechanisms for, and advocacy
on behalf of, individuals who believe their rights under these requirements
have been violated.
11. Where individuals make choices regarding the treatment of their information
(such as to restrict particular uses), those choices shall be automatically
applied to all parties downstream from the initial transaction.
12. Organizations shall, where feasible, utilize identity solutions that enable
transactions that are anonymous, anonymous with validated attributes,
pseudonymous, and/or uniquely identified.
32. You Are Here
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment
47. You Are Here
6/30/2014 12/31/2014 6/30/2015 12/31/2015 6/30/2016
Strategy & IDEF
Plan
Committee Requirements
Committee Requirements
Committee Requirements
P P P P P P …
TFTM
work
TFTM 3rd party assessment planning
UX 3rd party assessment planning
Other (?) 3rd party assessment planning
Standards adoption
policy Std StdStdStd
StdStdStd
StdStdStd …
Other Projects …
P
TFTM self‐assessment planning
UX self‐assessment planning
Other (?) self‐assessment planning
Committee Requirements
Committee Requirements
Committee Requirements
TFTM
work
Iterated Requirements
Iterated Requirements
Iterated Requirements
StdStdStd
Enabling projects
Enabling projects
Enabling projects
… Enabling projects
Enabling projects
Enabling projects
Preliminary set; self‐assessment Full set; 3rd party assessment