Future Technologies possible today in Copyright 2014 by Capers Jones. All rights reserved.

Size: px
Start display at page:

Download "Future Technologies possible today in 2014. Copyright 2014 by Capers Jones. All rights reserved."

Transcription

1 Future Technologies possible today in 2014 Copyright 2014 by Capers Jones. All rights reserved. Capers Jones, VP and CTO Namcook Analytics LLC Web: Blog: Version 2.0 January 29, 2014 Introduction This paper discusses a number of interesting technical advances that are theoretically already possible in 2014, although in fact not currently available. Hopefully showing the software community what is technically feasible will encourage universities and larger corporations to move more quickly. Assistance for the Deaf using Google Glasses It is possible today to integrate Dragon Naturally Speaking or some other voice-to-text tool into the software packages that run with Google Glasses. This would give deaf people immediate text translations of spoken conversations. Even better, Google translate could also be included for real-time translation from other natural languages such as Spanish, Japanese, Russian, etc. Other assistive features included would be to provide the deaf with visual warnings for things like fire alarms, sirens, and other hazards they might not be able to identify. Ideally Google would cooperate with major hearing associations such as Gift of Hearing to develop the needed capabilities. 1

2 Animated Full-Color Requirements and Design Tool Software applications are dynamic and have no value unless they are running. Software applications also change over time as new features are added. Static diagrams and text are not adequate to design dynamic systems such as major software applications. It is technically possible to build a full-color animated design tool (even 3D is possible) that could handle issues such as performance, security, and application evolution in a dynamic fashion. The design tool would have a variety of supplemental features for things such as simulating viral attacks and also for showing increasing entropy or complexity over time. Current design methods such as UML and state transition diagrams would be the basis for the diagrams, but in a dynamic and moving format in full color. Software provides very powerful design tools for engineering and other fields, but lags in sophisticated design methods for its own applications. Virtual University for Training Software Engineers and others It is technically possible to license one of the virtual reality rendering engines from a game company and use it to construct a virtual university campus. Avatars of students and faculty could interact in a fashion similar to an actual university. Additional features for the virtual university would be integral assistance for blind and deaf students; immediate translation of spoken and written materials into the languages of the students; and also social interactions among the students in something like a virtual social room. The virtual university would also have a world-class library which essentially means access to all current on-line libraries. Unlike a real university, the virtual university could operate 24 hours a day 365 days per year. Major vendors might also provide access to their tools, such as project management tools, static analysis tools, cost estimating tools, etc. Since the technology for doing this exists in 2014 it would be fairly easy to get started. Establishing a Library of Certified Reusable Components Custom designs and manual coding are intrinsically expensive, error prone, and inefficient. It is technically possible to establish a library of certified reusable materials that could be used to construct applications from standard parts in a small fraction of the time required today. A major precursor to being able to do this is a formal taxonomy that identifies the major forms of applications and also the major component parts that go into applications. Currently there are excellent taxonomies for full applications, but no effective taxonomies that drop below that level to the specific features that comprise software applications. Another precursor is that all materials in the library need to be certified to near zero-defect levels and to be proven to be free from virus infections and other forms of malware. Once an application type is identified, the library would include a full bill of materials processor that would show which components would be needed and whether or not they are available from the library or would need custom development. The essential goal is to achieve between 90% and 100% of all applications from standard reusable components rather than from custom design and manual coding. The reusable 2

3 materials would encompass reusable requirements, architecture, design, code, test cases, data structures, and user training information. Intelligent Agents for Project Planning and Estimating It is possible today (and actually being done by Software Risk Master) to use intelligent agents as tools for assisting in project planning and project estimating. The process would start by identifying the specific size, type, and class of software project to be constructed, using multiplechoice menus. Once the application has been placed on a firm taxonomy, the intelligent agents would then aggregate and summarize the results from all similar projects done over the past five years. Further, the intelligent agents would identify common risks such as creeping requirements, quality problems due to bypassing inspections and static analysis, and schedule delays. Assuming that perhaps 50 similar projects have already been done for every new project about to start, the intelligent agents would also identify the methodologies used that had the best quality and lowest costs; the methodologies that caused problems; the most effective programming languages, and other factors that impacted the past projects for good or for ill. Even more the intelligent agents would suggest sources for standard reusable components that can eliminate custom design and manual coding. Software Startup Venture Analysis Engine There is a high failure rate among startup companies and in particular software startup companies. Software Risk Master (SRM) already predicts the number of rounds of venture funding needed to build and market software applications as well as the equity dilution for the founders. However a full startup engine would provide additional information such as guidance about small business loans; information on the best states for start up companies (Rhode Island for example is not very good); tax information; and also information on the non-technical aspects of business startups such as the probable costs of accountants, attorneys, marketing channels, advertizing over various channels, and the other complex topics that entrepreneurs may not know. (In 2010 the state of Rhode Island unwisely entered venture funding and guaranteed almost $100,000,000 to Curt Schilling s Studio 38 game company, which soon went bankrupt leaving the state with a huge bond debt. The state performed no due diligence or risk analysis at all. The author s SRM tool was run retroactively and predicted an 88% chance of failure. It also predicted that $100 million was not enough if maintenance and enhancements were factored into the equation. The idea is to perform these risk predictions before money is committed at the beginning; not after the company has already failed.) 3

4 Software Outsource Contract Analysis Engine The author has worked as an expert witness in a dozen lawsuits where outsource vendors were charged with breach of contract due to delivering non-working software, delivering too many bugs, or not delivering a software product at all. About 5% of outsource agreements end up in court and about 15% are terminated prematurely. Some of the contracts seemed to be flawed. Software Risk Master (SRM) has a special estimating mode that predicts both the odds of outsource litigation and also the probable costs for both the plaintiff and the defendant should litigation occur. It would be desirable to use SRM prior to outsource contracts and show both the client and the vendor what would be needed to achieve a successful outcome with a low probability of litigation and how much they might have to spend on litigation in the event of failure. The three most common problems noted during breach of contract cases were poor quality control, excessive requirements creep combined with poor change control, and extremely lax monitoring of progress by both the vendors and the clients. All of these are avoidable problems if an optimal technology stack is deployed. Software Quality Analysis and Control Engine Most companies that build software depend too much on testing and often bypass defect prevention and pre-test defect removal such as static analysis and testing. It is technically possible to build a sophisticated software quality analysis and control engine that will both predict and measure the results of any combination of defect prevention, pre-test defect removal, and test stages. The Namcook Analytics Software Risk Master (SRM) tool has a working version of such an engine that shows defect prevention, pre-test removal, and six common forms of testing. The same engine can also demonstrate peripheral and secondary quality approaches such as pair programming, use of ISO quality standards, and the use of certified test and quality assurance personnel versus the use of untrained development personnel. The SRM engine predicts defect removal efficiency, defect removal costs, delivered defects, technical debt, cost of quality (COQ), and maintenance, customer support, and lifetime defect repair costs. Cyber Attack Simulation Tool It is technically possible to construct an effective cyber-attack simulation tool that could be used to simulate viruses, denial of service attacks, worms and other threat vectors during software development. This idea is to have a threat analysis engine that stays current and then use the engine as a design aid when building software applications that are likely to be attacked because they manipulate financial, medical, or classified data. The idea is to be able to raise the immunity levels of software to attacks and threat vectors, and also to improve the effectiveness of firewalls, anti-virus packages, and other defensive methods. 4

5 Portfolio Analysis Engine Today in 2014 the software portfolio for a Fortune 500 company might contain 5,000 applications and more than 10,000,000 function points. Some applications are internal; some are COTS packages; and some are cloud based. Because portfolios are taxable assets there is a strong incentive for knowing what is in them; how much they cost to build; and how much they cost to maintain. Additional useful information would be the ages and decay rates of all current applications. Namcook Analytics LLC has a prototype portfolio analysis engine that already does this for several industries. However a full portfolio analysis engine would be pre-loaded with data from at least 50 industry sectors such as manufacturing, banking, health care, insurance, state and municipal governments, and many others. The idea of the engine would be a complete catalog of every application that included the date the application entered the portfolio, a history of changes to the applications, cyber attacks against the applications, number of users, and other key quantitative facts. Quality and defect data would also be included, which may be necessary in the event of litigation for poor quality or breach of contract. The portfolio analysis engine would also provide warnings of aging legacy applications whose maintenance costs are above average and might be in urgent need of renovation or replacement. The value of a portfolio analysis engine goes up with the size of the enterprise. For small companies in one location they can easily understand their portfolios. But for large multi-national corporations with 25 to 50 locations in dozens of countries knowledge of a corporate or even unit portfolios seldom exists. Software Methodology and Best Practice Analysis Engine As of 2014 there are more than 35 different software development methods including agile, extreme programming, pair programming, Rational Unified Process (RUP), Team Software Process (TSP), Merise, Prince2, waterfall and many more. Some methods such as agile are effective for small projects but don t scale up well. Others such as the SEI CMMI approach work well on large systems but are too cumbersome for small companies. Today in 2014 selecting a method resembles joining a cult more than it does making a rational technical decision. It is technically possible to have a methodology selection engine that will use empirical data from completed projects to aid in selecting the optimum set of methodologies for large companies (who always need more than one), and the optimum methodology for specific projects. The data for selection would include quality, schedules, costs, and maintenance information. The author s Software Risk Master (SRM) tool can demonstrate the results of any methodology, but the kind of engine discussed here would move upstream and predict the best methods of combinations of methods for any size project or any form of company or government agency. As soon as the application s size, class, and type are identified the engine would list the best methods in order of effectiveness and also show methods that have led to problems or failure for the same type of application. The idea is to avoid major failures such as Obamacare, the Rhode Island motor vehicle system, the Studio 38 bankruptcy, the Denver Airport fiasco, and other embarrassing software failures caused by mismatches between applications and methodologies. 5

6 Corporate and Government Risk Analysis Engine The Namcook Analytics master catalog of software risks include 210 specific risks. When financial and business risks are added to the mix there about 1,000 major kinds of risks that modern companies and government agencies face: financial risks, legal risks, software failure risks, Sarbanes-Oxley governance risks, customer dissatisfaction risks, employee morale risks, patent litigation risks, and many more. It is technically possible in 2014 to build a corporate risk planning engine that would identify all relevant risks and suggest possible solutions for risk prevention and risk abatement. This would be a true expert system mixed with intelligent agents that would extract current risk information from web sources. The idea is to show every company a weighted total of the major risks they are likely to face over the next 12 months and to suggest the optimum set of risk avoidance and risk mitigation techniques. The Software Risk Master (SRM) tool can do this today for software risks, but there are many other categories of risk such as bankruptcy, Sarbanes-Oxley violations, and threats by patent trolls that also need to be included in a corporate risk analysis engine. Pre-Selected Libraries of e-books for Knowledge Workers There are millions of books in print and it is not easy for knowledge workers to stay current with the latest advances in their field. It is technically possible today in 2014 for intelligent agents to gather titles and reviews of all books and articles on specific topics. Further, new materials could be added as they become available. The catalogs would be organized by occupation groups such as project managers, business analysts, quality assurance, software engineers, test personnel, etc. A basic library of information for each group of knowledge workers would be displayed. Even better might be an intelligent agent abstract service that could provide highlights of the most relevant studies and materials in a condensed form. New employees in major corporations might receive a full set of relevant ebooks as part of their employment. Professional organizations such as the Project Management Institute (PMI) and the International Function Point User s Group (IFPUG) might offer discounts on specific relevant titles or indeed whole collections of relevant books. National Programming Language Archives The software industry currently has a total of almost 3,000 programming languages. New languages such as Go and F# sharp are being developed at rates of more than two per calendar month. Thousands of legacy applications are coded in older languages which are dead or dying such as CORAL and Mumps. There is an urgent need for a university, government agency, or non-profit to assemble materials on all known programming languages including working compilers, debugging tools, text books, and ancillary materials. This would be a resource for teaching maintenance programmers older languages so that critical legacy software can continue to be maintained. The archives would be created as a public service for the software community. 6

7 While a large company such as IBM or Microsoft might do this, they both have vested interests in their own language technologies. Therefore a neutral non-profit or a major university is the most likely organization to attempt archiving older programming languages. Incidentally developers of new languages would be expected to provide the archive facility with working versions as new languages are released to the world. Summary and Conclusions The topics discussed in this short paper are all technically feasible in However it may be some years into the future before the actual tools are fully developed and widely deployed. Some of the ideas discussed here are further elaborated in the chapter on software development in 2049 included in the author s Software Engineering Best Practices, McGraw Hill, The author s more recent books The Economics of Software Quality, Addison Wesley 2012, and The Technical and Social History of Software Engineering, Addison Wesley 2014, also look forward to

Function Points as a Universal Software Metric. Draft 10.0 July 13, 2013. Blog: http://namcookanalytics.com; Web: WWW.Namcook.com

Function Points as a Universal Software Metric. Draft 10.0 July 13, 2013. Blog: http://namcookanalytics.com; Web: WWW.Namcook.com Function Points as a Universal Software Metric Capers Jones, VP and CTO Namcook Analytics LLC Draft 10.0 July 13, 2013 Blog: http://namcookanalytics.com; Web: WWW.Namcook.com Keywords Capers Jones data,

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

SOFTWARE ESTIMATING RULES OF THUMB. Version 1 - April 6, 1997 Version 2 June 13, 2003 Version 3 March 20, 2007

SOFTWARE ESTIMATING RULES OF THUMB. Version 1 - April 6, 1997 Version 2 June 13, 2003 Version 3 March 20, 2007 SOFTWARE ESTIMATING RULES OF THUMB Version 1 - April 6, 1997 Version 2 June 13, 2003 Version 3 March 20, 2007 Abstract Accurate software estimating is too difficult for simple rules of thumb. Yet in spite

More information

SOFTWARE QUALITY IN 2012: A SURVEY OF THE STATE OF THE ART

SOFTWARE QUALITY IN 2012: A SURVEY OF THE STATE OF THE ART Namcook Analytics LLC SOFTWARE QUALITY IN 2012: A SURVEY OF THE STATE OF THE ART Capers Jones, CTO Web: www.namcook.com Email: Capers.Jones3@GMAILcom May 1, 2012 SOURCES OF QUALITY DATA Data collected

More information

the state of the practice Variations in Software Development Practices

the state of the practice Variations in Software Development Practices focus the state of the practice invited article Variations in Software Development Practices Capers Jones, Software Productivity Research My colleagues and I at Software Productivity Research gathered

More information

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,

More information

EVALUATING SOFTWARE METRICS AND SOFTWARE MEASURMENT PRACTICES. Version 4.0 March 14, 2014. Capers Jones, VP and CTO; Namcook Analytics LLC

EVALUATING SOFTWARE METRICS AND SOFTWARE MEASURMENT PRACTICES. Version 4.0 March 14, 2014. Capers Jones, VP and CTO; Namcook Analytics LLC EVALUATING SOFTWARE METRICS AND SOFTWARE MEASURMENT PRACTICES Version 4.0 March 14, 2014 Capers Jones, VP and CTO; Namcook Analytics LLC Web: www.namcook.com Blog: http://namcookanalytics.com Email: Capers.Jones3@Gmail.com

More information

Managed Security Services

Managed Security Services Proactive Real-Time Monitoring and Risk Management Managed Security Services NCS Group Offices Australia Bahrain Brunei China Dubai Hong Kong SAR Korea Malaysia Philippines Singapore Sri Lanka Understanding

More information

Optimizing Software Development: Pattern matching, Dynamic visualization, and Reusable components to exceed 100 Function Points per Month

Optimizing Software Development: Pattern matching, Dynamic visualization, and Reusable components to exceed 100 Function Points per Month Optimizing Software Development: Pattern matching, Dynamic visualization, and Reusable components to exceed 100 Function Points per Month Version 2.0 April 2, 2013 Abstract Capers Jones, VP and CTO Namcook

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Business Analysis with Financial concepts

Business Analysis with Financial concepts Business Analysis with Financial concepts Summer 2010 WHAT MAKES A GREAT BUSINESS ANALYST? Why this course is different? Traditional courses in business analysis and design usually cover only the theoretical

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,

More information

Software Cost Estimating Methods for Large Projects

Software Cost Estimating Methods for Large Projects Software Cost Estimating Methods for Large Projects Capers Jones Software Productivity Research, LLC For large projects, automated estimates are more successful than manual estimates in terms of accuracy

More information

Software Project Management Tools. Draft 5.0 June 28, 2013

Software Project Management Tools. Draft 5.0 June 28, 2013 Software Project Management Tools Draft 5.0 June 28, 2013 Keywords: Software project management, software sizing, software cost estimating, software schedule planning, software quality estimating, software

More information

Fidelis XPS Tech Talk: Preventing Cyber Attacks With Real-Time Threat Intelligence. June 2010 Version 1.0 PAGE 1 PAGE 1

Fidelis XPS Tech Talk: Preventing Cyber Attacks With Real-Time Threat Intelligence. June 2010 Version 1.0 PAGE 1 PAGE 1 Fidelis XPS Tech Talk: Preventing Cyber Attacks With Real-Time Threat Intelligence June 2010 Version 1.0 PAGE 1 PAGE 1 Contents Introduction... 3 Fidelis XPS Feed Manager... 4 Fidelis XPS Policy: A Primer...

More information

Data Center Security in a World Without Perimeters

Data Center Security in a World Without Perimeters www.iss.net Data Center Security in a World Without Perimeters September 19, 2006 Dave McGinnis Director of MSS Architecture Agenda Securing the Data Center What threats are we facing? What are the risks?

More information

VARIATIONS IN SOFTWARE DEVELOPMENT PATTERNS. June 24, 2013 Draft 3.0

VARIATIONS IN SOFTWARE DEVELOPMENT PATTERNS. June 24, 2013 Draft 3.0 VARIATIONS IN SOFTWARE DEVELOPMENT PATTERNS June 24, 2013 Draft 3.0 Keywords Activity-based costs, Capers Jones data, function points, Namcook Analytics data, software costs, software development, software

More information

TRADITIONAL VS MODERN SOFTWARE ENGINEERING MODELS: A REVIEW

TRADITIONAL VS MODERN SOFTWARE ENGINEERING MODELS: A REVIEW Year 2014, Vol. 1, issue 1, pp. 49-56 Available online at: http://journal.iecuniversity.com TRADITIONAL VS MODERN SOFTWARE ENGINEERING MODELS: A REVIEW Singh RANDEEP a*, Rathee AMIT b a* Department of

More information

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

White Paper: Leveraging Web Intelligence to Enhance Cyber Security White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

Quantifying Software Failures and Disasters, Part 3: 2000-2012

Quantifying Software Failures and Disasters, Part 3: 2000-2012 Copyright 2012 by Capers Jones. All rights reserved. Quantifying Software Failures and Disasters, Part 3: 2000-2012 Version 2.0 September 12, 2012 Copyright 2012 by Capers Jones. All Rights reserved. This

More information

TRITON APX. Websense TRITON APX

TRITON APX. Websense TRITON APX TRITON APX Unified protection and intelligence against Advanced Threats and data theft Your organization is faced with an increasing number of Advanced Threats that lead to data theft, denial of service

More information

Trends and Innovation with Service Reuse, Cloud and Big Data

Trends and Innovation with Service Reuse, Cloud and Big Data Trends and Innovation with Service Reuse, Cloud and Big Data Presented by : Ajay Budhraja ME (Engg), MS (Mgmt), PMP, CICM, CSM, ECM (Master) AIIM, SOA(IBM), RUP (IBM), ITIL-F, CMMI, Security+ Copyright

More information

Improving Cyber Security Risk Management through Collaboration

Improving Cyber Security Risk Management through Collaboration CTO Corner April 2014 Improving Cyber Security Risk Management through Collaboration Dan Schutzer, Senior Technology Consultant, BITS Back in March 2013, I wrote a CTO Corner on Operational and Cyber Risk

More information

SOFTWARE QUALITY IN 2002: A SURVEY OF THE STATE OF THE ART

SOFTWARE QUALITY IN 2002: A SURVEY OF THE STATE OF THE ART Software Productivity Research an Artemis company SOFTWARE QUALITY IN 2002: A SURVEY OF THE STATE OF THE ART Capers Jones, Chief Scientist Emeritus Six Lincoln Knoll Lane Burlington, Massachusetts 01803

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Software Engineering. Software Processes. Based on Software Engineering, 7 th Edition by Ian Sommerville

Software Engineering. Software Processes. Based on Software Engineering, 7 th Edition by Ian Sommerville Software Engineering Software Processes Based on Software Engineering, 7 th Edition by Ian Sommerville Objectives To introduce software process models To describe three generic process models and when

More information

A SHORT HISTORY OF SOFTWARE ESTIMATION TOOLS. Version 12.0 August 26, 2013

A SHORT HISTORY OF SOFTWARE ESTIMATION TOOLS. Version 12.0 August 26, 2013 A SHORT HISTORY OF SOFTWARE ESTIMATION TOOLS Version 12.0 August 26, 2013 Keywords Activity-based costs, Capers Jones data, function points, Namcook Analytics data, software costs, software development,

More information

GOING BEYOND BLOCKING AN ATTACK

GOING BEYOND BLOCKING AN ATTACK Websense Executive Summary GOING BEYOND BLOCKING AN ATTACK WEBSENSE TRITON VERSION 7.7 Introduction We recently announced several new advanced malware and data theft protection capabilities in version

More information

The Worksoft Suite. Automated Business Process Discovery & Validation ENSURING THE SUCCESS OF DIGITAL BUSINESS. Worksoft Differentiators

The Worksoft Suite. Automated Business Process Discovery & Validation ENSURING THE SUCCESS OF DIGITAL BUSINESS. Worksoft Differentiators Automated Business Process Discovery & Validation The Worksoft Suite Worksoft Differentiators The industry s only platform for automated business process discovery & validation A track record of success,

More information

Geriatric Issues of Aging Software Capers Jones Software Productivity Research, LLC. Software Sustainment. What Is Software Maintenance?

Geriatric Issues of Aging Software Capers Jones Software Productivity Research, LLC. Software Sustainment. What Is Software Maintenance? Maintenance Engineering Lagging Average Leading Software Sustainment Capers Jones Software Productivity Research, LLC. Software has been a mainstay of business and government operations for more than 50

More information

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT

QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT QUANTITATIVE MODEL FOR INFORMATION SECURITY RISK MANAGEMENT Rok Bojanc ZZI d.o.o. rok.bojanc@zzi.si Abstract: The paper presents a mathematical model to improve our knowledge of information security and

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

Visible Business Templates An Introduction

Visible Business Templates An Introduction Engineering the Enterprise for Excellence Visible Business Templates An Introduction By Graham Sword Principal, Consulting Services This document provides an introductory description of Visible Business

More information

Key Evolutions of ERP

Key Evolutions of ERP Fusion Application Adoption - A Paradigm Shift from the Legacy ERP G. Brett Beaubouef, PMP, CISA CARDINAL POINT SOLUTIONS The evolution of ERP implementations has just taken a giant leap forward! This

More information

Types of cyber-attacks. And how to prevent them

Types of cyber-attacks. And how to prevent them Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

Harnessing the power of software-driven innovation. Martin Nally IBM Rational CTO IBM Fellow and VP

Harnessing the power of software-driven innovation. Martin Nally IBM Rational CTO IBM Fellow and VP Harnessing the power of software-driven innovation Martin Nally IBM Rational CTO IBM Fellow and VP We have entered a new wave of innovation Innovation The Industrial Revolution Age of Steam and Railways

More information

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by

More information

Automated Financial Reporting (AFR) Version 4.0 Highlights

Automated Financial Reporting (AFR) Version 4.0 Highlights Automated Financial Reporting (AFR) Version 4.0 Highlights Why Do 65% of North American CAT Dealers Use AFR? Without formal training, our CFO conducted quarterly statement reviews with all of our operating

More information

Huawei Network Edge Security Solution

Huawei Network Edge Security Solution Huawei Network Edge Security Huawei Network Edge Security Solution Enterprise Campus Network HUAWEI TECHNOLOGIES CO., LTD. Huawei Network Edge Security Solution Huawei Network Edge Security 1 Overview

More information

Software Project Management Practices: Failure Versus Success

Software Project Management Practices: Failure Versus Success This article is derived from analysis of about 250 large software projects at or above 10,000 function points in size that were examined by the author s company between 1995 and 2004. (Note that 10,000

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

Making Windows Secure by Design

Making Windows Secure by Design Making Windows Secure by Design Bromium and Microsoft Partner to Advance Security With Micro-Virtualization Introduction Bromium has reinvented endpoint security by using a new approach to defeating breaches

More information

Content Security: Protect Your Network with Five Must-Haves

Content Security: Protect Your Network with Five Must-Haves White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as

More information

October 2014. Application Control: The PowerBroker for Windows Difference

October 2014. Application Control: The PowerBroker for Windows Difference Application Control: The PowerBroker for Windows Difference October 2014 1 Table of Contents Introduction... 4 The Default-Deny Approach to Application Control... 4 Application Control s Dependence on

More information

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016 Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious

More information

White. Paper. Rethinking Endpoint Security. February 2015

White. Paper. Rethinking Endpoint Security. February 2015 White Paper Rethinking Endpoint Security By Jon OItsik, Senior Principal Analyst With Kyle Prigmore, Associate Analyst February 2015 This ESG White Paper was commissioned by RSA Security and is distributed

More information

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Anatomy of Cyber Threats, Vulnerabilities, and Attacks Anatomy of Cyber Threats, Vulnerabilities, and Attacks ACTIONABLE THREAT INTELLIGENCE FROM ONTOLOGY-BASED ANALYTICS 1 Anatomy of Cyber Threats, Vulnerabilities, and Attacks Copyright 2015 Recorded Future,

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

IBM Tivoli Netcool network management solutions for enterprise

IBM Tivoli Netcool network management solutions for enterprise IBM Netcool network management solutions for enterprise The big picture view that focuses on optimizing complex enterprise environments Highlights Enhance network functions in support of business goals

More information

Company Profile. First Page. Previous Page. Next Page. Last Page. A Member of Harel Mallac Group

Company Profile. First Page. Previous Page. Next Page. Last Page. A Member of Harel Mallac Group Company Profile A Member of Harel Mallac Group First Table of Contents Who are we? 3 Our Services 4-11 Key Differentiators 11 Contact Us 12 Who are we? Founded in the early 1970 s, Mauritius Computing

More information

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst

More information

The Web AppSec How-to: The Defenders Toolbox

The Web AppSec How-to: The Defenders Toolbox The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Cloud Workload Planning and Placement: A New Opportunity

Cloud Workload Planning and Placement: A New Opportunity Cloud Workload Planning and Placement: A New Opportunity Table of Contents 3 Challenges 4 Gravitant s Unique Approach 4 cloudmatrix Overview 5 How Does it Work? 5 Application Screener 6 Cloud Compare 6

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

Future Threat Landscape - How will technology evolve and what does it mean for cyber security? James Hanlon CISSP, CISM Security Strategist Office of the CTO EMEA Future Threat Landscape - How will technology evolve and what does it mean for cyber security? Think > What does the future of technology

More information

PRODUCT MANUFACTURER S PROFESSIONAL LIABILITY, INCLUDING COMPUTER NETWORK SECURITY, PRIVACY, MULTIMEDIA AND ADVERTISING LIABILITY APPLICATION

PRODUCT MANUFACTURER S PROFESSIONAL LIABILITY, INCLUDING COMPUTER NETWORK SECURITY, PRIVACY, MULTIMEDIA AND ADVERTISING LIABILITY APPLICATION PRODUCT MANUFACTURER S PROFESSIONAL LIABILITY, INCLUDING COMPUTER NETWORK SECURITY, PRIVACY, MULTIMEDIA AND ADVERTISING LIABILITY APPLICATION NOTICE: THE POLICY FOR WHICH THIS APPLICATION IS MADE IS A

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

Laws of Software Engineering Circa 2014. Version 7.0 February 17, 2014. Capers Jones, VP and CTO, Namcook Analytics LLC.

Laws of Software Engineering Circa 2014. Version 7.0 February 17, 2014. Capers Jones, VP and CTO, Namcook Analytics LLC. Laws of Software Engineering Circa 2014 Version 7.0 February 17, 2014 Capers Jones, VP and CTO, Namcook Analytics LLC. Copyright 2014 by Capers Jones. All rights reserved. Introduction Software development

More information

Next-Generation Firewalls: Critical to SMB Network Security

Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more

More information

Session-1: Business Enterprise Applications- Overview

Session-1: Business Enterprise Applications- Overview Session-1: Business Enterprise Applications- Overview Important Points to Note All Participating colleges are requested to mute your telephone lines during the webinar session. Participants are requested

More information

Practical Threat Intelligence. with Bromium LAVA

Practical Threat Intelligence. with Bromium LAVA Practical Threat Intelligence with Bromium LAVA Practical Threat Intelligence Executive Summary Threat intelligence today is costly and time consuming and does not always result in a reduction of successful

More information

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise HP ENTERPRISE SECURITY Protecting the Instant-On Enterprise HP SECURITY INTELLIGENCE AND RISK MANAGEMENT PLATFORM Advanced Protection Against Advanced Threats 360 Security Monitoring to Detect Incidents

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Small Business Development Opportunity: Healthcare CyberSecurity

Small Business Development Opportunity: Healthcare CyberSecurity Small Business Development Opportunity: Healthcare CyberSecurity 1 TABLE OF CONTENT Sections Pages Healthcare Cybersecurity Background Issues 3 Market Analysis 5 Private Investment Activities 8 Health

More information

Enterprise software risk reduction

Enterprise software risk reduction Enterprise software risk reduction Danny Lieberman dannyl@software.co.il www.software.co.il August 2006 ABSTRACT Operational risk is the risk of loss resulting from inadequate or failed internal processes,

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information

SOFTWARE DEFECT ORIGINS AND REMOVAL METHODS. Capers Jones, Vice President and Chief Technology Officer. Draft 5.0 December 28, 2012

SOFTWARE DEFECT ORIGINS AND REMOVAL METHODS. Capers Jones, Vice President and Chief Technology Officer. Draft 5.0 December 28, 2012 SOFTWARE DEFECT ORIGINS AND REMOVAL METHODS Capers Jones, Vice President and Chief Technology Officer Namcook Analytics LLC www.namcook.com Draft 5.0 December 28, 2012 Abstract The cost of finding and

More information

Visualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC

Visualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC Visualization, Modeling and Predictive Analysis of Internet Attacks Thermopylae Sciences + Technology, LLC Administrative POC: Ms. Jeannine Feasel, jfeasel@t-sciences.com Technical POC: George Romas, gromas@t-sciences.com

More information

SPEAR PHISHING AN ENTRY POINT FOR APTS

SPEAR PHISHING AN ENTRY POINT FOR APTS SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing

More information

WHITE PAPER SPON. A Cloud-Client Architecture Provides Increased Security at Lower Cost. Published January 2012 SPONSORED BY

WHITE PAPER SPON. A Cloud-Client Architecture Provides Increased Security at Lower Cost. Published January 2012 SPONSORED BY WHITE PAPER N A Cloud-Client Architecture Provides Increased Security at Lower Cost An Osterman Research White Paper Published January 2012 SPONSORED BY sponsored by! SPON sponsored by Osterman Research,

More information

White Paper. Software Development Best Practices: Enterprise Code Portal

White Paper. Software Development Best Practices: Enterprise Code Portal White Paper Software Development Best Practices: Enterprise Code Portal An Enterprise Code Portal is an inside the firewall software solution that enables enterprise software development organizations

More information

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications

More information

Unleash Competitive Advantage through Software Lifecycle Integration

Unleash Competitive Advantage through Software Lifecycle Integration Unleash Competitive Advantage through Software Lifecycle Integration In partnership with Introduction Software has become a key competitive differentiator in nearly every industry. This is why many companies

More information

Predictive Cyber Defense A Strategic Thought Paper

Predictive Cyber Defense A Strategic Thought Paper Predictive Cyber Defense A Strategic Thought Paper Don Adams Vice President, Chief Technology Officer, Worldwide Government TIBCO Software Federal, Inc 2 Summary The art and science of multi-sensor data

More information

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.

More information

Crossing the DevOps Chasm

Crossing the DevOps Chasm SOLUTION BRIEF Application Delivery Solutions from CA Technologies Crossing the DevOps Chasm Can improved collaboration and automation between Development and IT Operations deliver business value more

More information

The Four-Step Guide to Understanding Cyber Risk

The Four-Step Guide to Understanding Cyber Risk Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated

More information

Applying the National Intelligence Process to Information Security

Applying the National Intelligence Process to Information Security WHITEPAPER Applying the National Intelligence Process to Information Security The Intelligence approach to information security is growing in popularity, but many are still struggling to define. Red Canary

More information

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. February 2013 1 Executive Summary Adnet is pleased to provide this white paper, describing our approach to performing

More information

Basic Unified Process: A Process for Small and Agile Projects

Basic Unified Process: A Process for Small and Agile Projects Basic Unified Process: A Process for Small and Agile Projects Ricardo Balduino - Rational Unified Process Content Developer, IBM Introduction Small projects have different process needs than larger projects.

More information

Anatomy of an Enterprise Software Delivery Project

Anatomy of an Enterprise Software Delivery Project Chapter 2 Anatomy of an Enterprise Software Delivery Project Chapter Summary I present an example of a typical enterprise software delivery project. I examine its key characteristics and analyze specific

More information

Protecting Data with a Unified Platform

Protecting Data with a Unified Platform Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

More information

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Plan-Driven Methodologies

Plan-Driven Methodologies Plan-Driven Methodologies The traditional way to develop software Based on system engineering and quality disciplines (process improvement) Standards developed from DoD & industry to make process fit a

More information

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks White Paper Executive Summary Around the world, organizations are investing massive amounts of their budgets

More information

IBM Rational AppScan: Application security and risk management

IBM Rational AppScan: Application security and risk management IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM

More information

5 Reasons CIOs are Adopting Cloud Computing in 2010 Application Development that s 5 Times Faster at 1/2 the Cost

5 Reasons CIOs are Adopting Cloud Computing in 2010 Application Development that s 5 Times Faster at 1/2 the Cost 5 Reasons CIOs are Adopting Cloud Computing in 2010 Application Development that s 5 Times Faster at 1/2 the Cost WHITE PAPER Contents Introduction... 2 Why choose cloud computing?... 2 1. Delivers faster

More information

Technology Brief Demystifying Cloud Security

Technology Brief Demystifying Cloud Security Demystifying Cloud Security xo.com Demystifying Cloud Security Contents Introduction 3 Definition of the cloud 3 Cloud security taxonomy 4 Cloud Infrastructure Security 5 Tenant- based Security 5 Security

More information