The document discusses NASA's independent review process for programs and projects. It aims to ensure the highest probability of mission success. Key points:
1. Independent reviews are conducted by Standing Review Boards at each project life-cycle milestone to objectively assess technical approach, schedule, resources, risk, and management approach.
2. Reviews provide independent validation of projects' readiness to proceed and reassure stakeholders that commitments can be delivered. Preparing for reviews allows holistic project examination.
3. Reviews follow NASA governance involving senior management, technical authorities, and decision authorities. Standing Review Boards comprised of independent experts conduct the actual reviews.
4. The process helps ensure projects receive independent assurance they are on
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
20240609 QFM020 Irresponsible AI Reading List May 2024
Ortiz.james
1. You Can’t Grade Your Own
Homework
Dr. James Ortiz, Deputy Director
Independent Program Assessment Office
Sixth Annual NASA
Program Management Challenge 2009
February 25, 2009
Page 1
2. Goal
The NASA independent review process helps ensure the
highest probability of mission success to Programs and
projects.
Page 2
3. Topics addressed
• What is an independent life-cycle review ?
• Why do we do independent reviews?
• Who is involved?
• What is the Standing Review Board (SRB) ?
• How are independent reviews done?
• Why can’t you grade your own homework?
• Summary
Page 3
4. What is an Independent Life - Cycle
Review ?
• A review of Programs and projects at each life-cycle milestone
performed by competent individuals who are not dependent or
affiliated with the Program or project and who do not have an
organizational or personal interest or stake in the results of the review
• The review objectively assesses:
– Adequacy and credibility of the technical approach (requirements,
architecture, design)
– Schedule
– Resources
– Cost
– Risk
– Management approach
– Compliance with Agency policy (NPR 7120.5, NPR 7123.1)
– Readiness to proceed to the next phase
• The results of the independent review are advisory to the
Program/project and to the decision authority
Page 4
5. Why Do We Do Independent Reviews?
1. Agency wants Program/projects to receive independent assurance
that they are on-track
2. NASA senior management wants:
– Independent validation at key decision points of the
Program/project’s readiness to proceed into the next phase of
its life-cycle
– Externally-imposed impediments to Program/project success
are being removed
3. Agency needs to provide external stakeholders assurance we can
deliver to our commitments
4. Significant additional benefit is that preparation for the review
milestone allows for a holistic examination by the Program/project
and the review team
Page 5
6. Who Is Involved?
• Per the Agency governance structure, the independent life-
cycle review process is implemented as a collaborative effort
between:
– Agency Senior Management
– Center Management
– Technical Authorities (TA)
– Program/Project Management
Decision Authority Technical Authority
Associate
Administrator
Center
NASA AA MDAA NASA CE PA&E
Director
Programs Approve Approve Approve Approve
Establish Category 1
SRB, Approve Approve Concur Approve Approve
Projects
Develop
ToR.
Approve Category 2
Approve Approve Approve*
Chairperso Projects
n, RM, and
Other
Board
Members Category 3
Approve Approve
Projects
Page 6
7. What is the SRB?
(NPR 7120.5 & SRB Handbook)
• Independent life-cycle reviews are conducted by a Standing
Review Board (SRB)
– The SRB has a single chairperson and a NASA review manager
– The SRB remains intact, with the goal of having the same core
membership, for the duration of the Program or project
– Board members must be independent of the programmatic and
technical authority chain of command for the Program/project
– Board members are free from organizational and personal conflict of
interests
– The main attributes of SRB members are currency, competence and
independence
• SRBs provide the Agency a non-advocate, objective, and
competent assessment of the Program/project as it advances
through its key decision points (KDP)
Page 7
9. How Is It Done?
(IPAO process)
I N P U T S
P/p Documentation
Agency Review Agency/Directorate/Centers Cost & Schedule SRB Briefings to Minutes/Decisions/Actions
Schedule Documentation & Documentation Program/Project
Review Chair Requirements Program/Project
Nomination Briefings
PLANNING PREPARING REVIEWING REPORTING CLOSING-OUT
Verbal Pre-Briefings to P/p Review Closeout
Monitor Agency Initiate Contact and Determine Receive CADRe Inputs
Write one-page summary Customer
Baseline Program/ Review Budget SRB Kick-Off Meetings
Write the Report Feedback
Project Review Identify and obtain approval of Attend Reviews
Prepare the Summary Develop Lessons
Determine IPAO SRB Chair/RM/SRB members Attend Site Visit
Briefings Learned
Review Budget Determine funding mechanism Develop ICE/ICA/ISA
Present the Briefings: Process Review
Review Assignments Develop the TOR
- Program/ project and Improvement
Develop Schedule/Logistics
- CMC Administrative
of the Review
- MD PMC Close-out
Develop the Cost Plan
- APMC (if required) Team Recognition
Develop the Schedule Plan
P R O D U C T S
Individual Review Budget ICE/ICA/ISA One Page Summary Review Summary
RM/CA/SA Assignments ToR, Cost Plan, Schedule Plan SRB Findings SRB Report Contracts Close-out by
Chair and Team Nomination RFA RRD Report COTR
and Guidance Letters Recommendations SRB Briefings Review Records
Review Schedule
RRD Report
Contract Task Statement
Process improvements
R&R for SRB
Page 9
10. Recent improvements
• The following diagram of the SRB “engagement” timeline approved by
the Agency Program Management Council (APMC) resulted from
process improvement activities jointly performed between IPAO,
Mission Directorates, Programs, and the Office of the Chief Engineer
(OCE).
Path to Orion PDR
DAC SRB observer role
11/08 5/09 “one pager” by Project, includes Plan to KDP
S/S Reviews
Internal
6/09 8/09 Project PDR
8/09 RFAs Findings
SRB assessment of
entry criteria to SRB Site “One pager” + 1 day (joint activity)
Project/Program Review ‐ Quick status
PMR Rev 1 ‐ Only big issues, not concerns/observations
11/08 3/09 4/09 8/09 ‐ Initial ICE
SRB
l‐‐‐‐l PDR/NAR KDP
1 – 6 l ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐ ‐l
mos 5‐10 days 30 days
Integrated
‐ Tech
‐ Cost
“Pre‐work” ‐ Sched Briefings: P/p, CMC, DPMC, APMC
‐ Risk
Model Development
Joint with IPAO/Project Independent Life Cycle Review (ILCR)
ICA/ICE/ISA reconciliations
Page 10
11. Life-Cycle Review Success Criteria
1. Alignment with and contributing to Agency needs, goals, and
objectives, and the adequacy of requirements flow-down from those
2. Adequacy of technical approach as defined by NPR 7123.1 entrance
and success criteria
3. Adequacy of schedule
4. Adequacy of estimated costs (total and by fiscal year), including
Independent Cost Analyses (ICAs) and Independent Cost Estimates
(ICEs), against approved budget resources
5. Adequacy/availability of resources other than budget
6. Adequacy of risk management approach and risk
identification/mitigation
7. Adequacy of management approach
Page 11
12. Summary: Why You Can’t Grade Your
Own Homework?
• The independent life-cycle review supports the NASA Administrator’s
Charge: “You can not grade your own homework regardless of the
position you hold as part of the Program or project”
• The independent life-cycle review process is an integral part of the
Agency’s check and balances built into the NASA governance structure
and complements the programmatic and technical lines of command
and authority
• It is implemented by Standing Review Boards (SRBs) staffed with
members that are current, competent and independent
• Its processes are continuously assessed for improvement by IPAO and
its stakeholders
• The independent life-cycle review process helps ensure the highest
probability of success of the Agency’s Program and projects
Page 12
14. Terminology
• Program
– A strategic investment by a Mission Directorate or Mission Support Office that has a
defined architecture and/or technical approach, requirements, funding level, and a
management structure that initiates and directs one or more projects. A Program
defines a strategic direction that the Agency has identified as critical.
• Project
– A specific investment identified in a Program Plan having defined requirements, a life-
cycle cost, a beginning, and an end. A project yields new or revised products that
directly address NASA’s strategic needs.
• Standing Review Board (SRB)
– The entity responsible for conducting independent reviews of the Program/project per
the life-cycle requirements. The SRB is advisory and is chartered to objectively assess
the material presented by the Program/project at a specific review.
• Decision Authority (DA)
– The Agency’s responsible individual who authorizes the transition of a program/project
to the next life-cycle phase.
• Key Decision Point (KDP)
– The event at which the Decision Authority determines the readiness of a
Program/project to progress to the next phase of the life cycle (or to the next KDP).
Page 14
17. Governing Documentation
NPD 1000.0
NPD 1000.3
NPD 1000.5
Engineering NPD Program Mgt. OSMA NPD Health and Mission Support
Office NPDs
NPD Medical NPD
NPR 7123.1 and Other NPR 7120.5 and OSMA NPRs NID 1240-41 and Support Org
Engineering NPRs other PM NPRs OCHMO NPRs NPRs
Health &
Engineering Program/Project SMA MSO Functional
Medical
Requirements Mgmt Requirements Requirements Requirements
Requirements
Mission Directorate Center Engineering &
Programmatic Management
Requirements Policies and
Practices
Program Plans
Project Plans
Page 17