Secure Programming: A Way of Life (or Death) Matt Bishop Computer Security Laboratory Dept. of Computer Science University of California at Davis
|
|
- Jasmine Johns
- 8 years ago
- Views:
Transcription
1 Secure Programming: A Way of Life (or Death) Matt Bishop
2 Disclaimer ä All opinions expressed here are not necessarily those of the: ä ä Department of Computer Science ä University of California ä Any other organization mentioned in here ä U.S. government and any of its agencies ä Anyone else you can think of Slide #2
3 Theme: Does It Matter? ä How important is secure coding? ä If it is so important, why aren t we priming the pump seriously? Slide #3
4 Weinberg s Second Law If builders built buildings the way programmers wrote programs... then the first woodpecker to come along would destroy civilization The Psychology of Computer Programming (1971) Slide #4
5 What Exactly Are We Talking About? ä robust programming prevents abnormal termination, unexpected actions ä secure programming satisfies (stated or implicit) security properties ä Example: buffer overflows ä Always non-robust programming ä May or may not be non-secure programming Slide #5
6 Robust vs. Secure Programming Secure programming requires robust programming You can t have realistic security without robustness Slide #6
7 Problem ä We don t build systems that meet security requirements ä We don t write software that is robust ä Some exceptions in special cases ä Many different models for developing software ä Agile, waterfall, rapid prototyping,... Slide #7
8 Quality of Code ä Underlying all this is programming ä When coding, you make assumptions about services, systems, input, output ä Other components you rely on have bugs or may act unexpectedly ä Hard to have robust, secure software when the infrastructure isn t Slide #8
9 Security is Cumulative ä Composing non-secure modules produces non-secure software ä Can ameliorate this with shims to handle non-secure results ä Shims provide the security ä What if they themselves are written, installed, etc. non-securely? ä What if they can be bypassed? Slide #9
10 More Problems ä Refactor code, use external libraries, modules, services ä You inherit their bugs and assumptions! ä Example: RSAREF2 library buffer overflow (1999) ä Affected ssh, anything using that library ä Move code into different environment, assumptions may not hold Slide #10
11 Basic Principles of Robustness ä Paranoia ä Assume maximum stupidity ä Don t hand out dangerous implements ä Can t happen means it can Slide #11
12 Helping Solve the Technical Problem ä Isolate assumptions, make them explicit ä Not just your code, but also about what your code calls ä Allows you to build (informal) preconditions, postconditions for others to use ä Make them part of the documentation (or comments) ä Identify those relating to security explicitly ä Good judgment needed here Slide #12
13 Test to These! ä Make sure your assumptions hold in the environment(s) you intend the software to be used ä If you state them explicitly, users can check them ä Think autoconf to check these on installation ä Warn if not met! Slide #13
14 What Will Drive Improvement? ä Commercial incentives ä Financial savings from not cleaning up so many messes ä Maintenance simpler ä Better reputation (of products, company) ä Easier to bring new programmers, software engineers up to speed on products ä Issues of software liability Slide #14
15 What Will Drive Improvement? ä Government incentives ä Financial savings from not cleaning up so many messes ä Maintenance simple ä Better defenses for national security Slide #15
16 Software Liability ä ä You can t say I m not responsible for anything ä Chain of distribution (ie, supply chain) liability exists now You can limit liability somewhat by defining use, environment ä Then you re liable in that context but (probably) not in others ä It is coming... ä EULAs may not be enforceable ( contracts of adhesion ) Slide #16
17 So What s Holding Us Back? ä Commercial ä No legal liability for bad software ä More expensive to make; longer time to market ä Lack of people who write robust code ä Government ä Need to spend more money to get it ä Need to pay more attention to installation, maintenance, use ä Need to recruit people who can use it well Slide #17
18 So What s Holding Us Back? ä Academic ä Robust coding not seen as integral to programming ä Textbooks loaded with examples of non-robust programming ä Lack of support for enforcing and grading for it in non-introductory classes ä Ties into lack of graders who really know about this ä Lack of faculty who understand robust programming ä And intimidation factor for those who know they don t understand it Slide #18
19 Lack of Resources ä Assurance costs! ä Industry expected to deliver secure, robust products without offset for the extra effort in delivering them ä Academia expected to teach and reinforce robust programming without offset for the extra effort in supporting this Slide #19
20 Lack of People ä Need to teach people how to write robust programming ä Need to emphasize this in the practice, supporting it both in education and industry ä Continuous practice is central to reinforcing, maintaining, extending skills Slide #20
21 Focus for Rest of Talk ä How can industry and government work with academic institutions to do this? ä Carrots, not sticks ä Security tuned to environment, use ä What is secure varies among companies and government organizations ä Everyone lacks resources!!! Slide #21
22 How Do We Teach Secure Programming? ä SESS report has suggestions ä ä Key conclusion: no one sector can improve the state of the practice on its own ä We must all hang together, or we shall all hang separately (B. Franklin) Slide #22
23 Questionable Idea #1: Testing Students Knowledge ä Who creates the tests? ä Who is being tested? ä How do you know that you are testing what is important (that is, the right thing )? ä Who determines what is an acceptable result? ä Teaching for the test, not the material Slide #23
24 Questionable Idea #2: Unsupported Mandates ä The support has to come from somewhere ä It s like a zero-sum game ä What do you want to weaken? ä If you only have so many resources, something will have to give ä You don t want to weaken the core foundation of understanding why certain programming paradigms are critical Slide #24
25 What Can Academia Do? ä Include robustness in evaluation of programs, programming projects ä Create a secure programming clinic ä Like an English clinic, or a writing clinic for law schools ä Provide supplementary material for textbooks, classes ä These should emphasize robust programming Slide #25
26 What Can Industry Do? ä Key is to do more than say it is important ä Make clear that the skills are important for hiring ä Mention their need in job openings ä Preference to those with skill in this also helps Slide #26
27 Work With Students and Faculty ä Internships ä Students love these; good recruiting tool ä Tasks requiring robust programming emphasize its importance to students ä Help teach students ä Review students code ä Team with colleges in senior/capstone projects Slide #27
28 What Will This Do? ä Increase student demand ä If students see it as important, they will ask about it in class, evaluate programs, faculty in part on it ä Increase your visibility ä Good recruiting tools ä A corporate good citizen Slide #28
29 What Has SANS Done? ä SANS has a great track record ä Faculty workshop on exercises for secure programming (Apr. 2008) ä Participation in summits, other forums to promote teaching secure programming, contributing ideas and enthusiasm ä Teaching secure programming in its courses Slide #29
30 What Can SANS Do? ä Convene collaborative strategic planning effort ä Among industry, government, academic leaders ä Identify specific goals; build on SESS results, ideas ä Figure out how to move forward to implement teaching robust programming on a large scale ä Need to set priorities, actions to realize them ä Must be done collaboratively ä That way, the goals and actions are not tied to selfinterest; they have more credibility and community support Slide #30
31 What Can SANS Do? ä Agitate for targeted, sufficient resources to support the plans ä Evaluation mechanism to gauge effectiveness ä Example: if such a plan endorses robust and secure programming for both current students and practitioners, how will we best achieve these goals? ä More immediately: help link practitioners to programs, clinics that need them ä Connecting people is the hardest part of getting support to academic programs Slide #31
32 Government Support ä Act like an industry (see above) ä Government can also fund programs ä Imperative: target funding towards this specific purpose ä That will require funding to be used for supporting robust programming ä If done as adjunct, it is likely to disappear in the main purpose of the funding Slide #32
33 NSF/DHS CAEIAE Program ä Begun in 1997 with 7 universities ä Office of the Assistant Secretary of Defense for Networks and Information Integration does oversight ä Academia funded via IASP (scholarships) and Capacity Building grants ä Program has very limited funding Slide #33
34 NSF Education and Human Resources ä Scholarships for Service supports graduate students ä Capacity building funds to improve state of education in computer security ä Secure programming projects funded here are prototypes ä Focus on tool development, building awareness ä Funding not large Slide #34
35 NSF Funding Sources ä Program funded in the Commerce/Justice/ Science appropriations bill ä Could add extra funding targeted to secure programming projects specifically ä Focus for NSF alone should be on experimental projects to learn what works, what doesn t, and under what conditions Slide #35
36 Critical Warning About NSF Augment NSF s budget to cover this Otherwise, the state of computer security (and other research) will degrade, impairing our nation s strengths in science and technology as well as other areas Slide #36
37 National Initiative for Cybersecurity Education ä Run by Dept. of Education and NSF ä Being transferred to NIST ä Mission: bolster formal cybersecurity education programs encompassing kindergarten through 12th grade, higher education and vocational programs Slide #37
38 More About NICE ä Component 2 includes developing a cybersecurity capable workforce ä Analogy between teaching cybersecurity and subjects like reading, writing, science, mathematics ä Analogy with writing good English seems appropriate ä Seems to be a natural program to drive this Slide #38
39 Key Point ä Build on existing programs ä Understand that academia is a different environment completely ä Business models don t work well because the end product is intangible Slide #39
40 A Really, Really Important Point! ä Academic institutions are rarely governed hierarchically ä Example: UC has an administration and an Academic Senate ä The Senate, not the administration, has responsibility for the curriculum Effect: no-one can order faculty to teach something in a particular way Slide #40
41 Conclusion ä The state of practice can, and must, change ä Teaching robust programming, and nothing more, will not help ä The marketplace must also change, as must current practice ä The public will be the main driver ä Unfortunately, probably through lawsuits... Slide #41
Security Education for the new Generation
Security Education for the new Generation SESSION SESSION ID: ID: MASH-W02 Wednesday, Feb 26, 9:20 AM @ WEST 3018 Jacob West Chief Technology Officer HP Enterprise Security Products Matt Bishop Professor
More informationParticipants: Introduction:
National Conversation A Trusted Cyber Future Discussion Led by Dan Massey, CSD Program Manager Moderator: Joe Gersch (Secure 64) Department of Homeland Security Science and Technology Directorate (DHS
More informationEducation and Workforce Development in the High End Computing Community
Education and Workforce Development in the High End Computing Community The position of NITRD s High End Computing Interagency Working Group (HEC-IWG) Overview High end computing (HEC) plays an important
More informationHow To Develop An Application
What is Application Lifecycle Management? David Chappell Sponsored by Microsoft Corporation Copyright 2014 Chappell & Associates Defining application lifecycle management (ALM) isn t easy. Different people
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationHow to Activate People to Adopt Data Governance
How to Activate People to Adopt Data Governance Awareness, Ownership and Accountability A whitepaper by First San Francisco Partners 2010 Copyright First San Francisco Partners How to Activate People to
More informationTesting, What is it Good For? Absolutely Everything!
Testing, What is it Good For? Absolutely Everything! An overview of software testing and why it s an essential step in building a good product Beth Schechner Elementool The content of this ebook is provided
More informationINTERNET USAGE AND THE POTENTIAL EFFECT IN YOUR MANAGEMENT OF YOUR PATENT PROGRAM. Steven D. Hemminger. Lyon & Lyon, LLP
INTERNET USAGE AND THE POTENTIAL EFFECT IN YOUR MANAGEMENT OF YOUR PATENT PROGRAM Steven D. Hemminger Lyon & Lyon, LLP {1} Much has been written and said about the Internet and the benefits for a company
More informationHow to Study Mathematics Written by Paul Dawkins
How to Study Mathematics Written by Paul Dawkins Before I get into the tips for how to study math let me first say that everyone studies differently and there is no one right way to study for a math class.
More information02-201: Programming for Scientists
1. Course Information 1.1 Course description 02-201: Programming for Scientists Carl Kingsford Fall 2015 Provides a practical introduction to programming for students with little or no prior programming
More informationIs there a Crisis in Nuclear and Radiochemistry Education in the U.S.?
Is there a Crisis in Nuclear and Radiochemistry Education in the U.S.? Heino Nitsche University of California at Berkeley and Lawrence Berkeley National Laboratory ANS Embedded Topical Meeting- Isotopes
More informationTHE THREE ASPECTS OF SOFTWARE QUALITY: FUNCTIONAL, STRUCTURAL, AND PROCESS
David Chappell THE THREE ASPECTS OF SOFTWARE QUALITY: FUNCTIONAL, STRUCTURAL, AND PROCESS Sponsored by Microsoft Corporation Our world runs on software. Every business depends on it, every mobile phone
More informationSoftware Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC) Supriyo Bhattacharjee MOF Capability Maturity Model (CMM) A bench-mark for measuring the maturity of an organization s software process CMM defines 5 levels of process
More informationLessons Learned in Software Testing
Lessons Learned in Software Testing An excellent book covering a range of testing topics Practical rather than academic In the next few lectures, we ll discuss some of the key lessons from this book, and
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationGPL, MIT, BSD, GEHC (and me)
GPL, MIT, BSD, GEHC (and me) Introduction to Open Source Therese Catanzariti author reproduce literary employer COPYRIGHT OWNER commission work for hire has the exclusive right to distribute prepare derivatives
More informationIntroduction. Introduction. Software Engineering. Software Engineering. Software Process. Department of Computer Science 1
COMP209 Object Oriented Programming System Design Mark Hall Introduction So far we ve looked at techniques that aid in designing quality classes To implement a software system successfully requires planning,
More informationOnline Safety for Middle and High School
Online Safety for Middle and High School Presented by Warren County Schools Technology Department 2010-2011 Internet & Technology Safety The purpose of this presentation is to TEACH YOU about INTERNET
More informationQuarterly Mobile Apps, Business Intelligence, & Database. BILT Meeting June 17, 2014. Meeting Minutes
Quarterly Mobile Apps, Business Intelligence, & Database BILT Meeting June 17, 2014 Meeting Minutes :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
More informationHealthcare Costs in the USA. They do things big over here
2 Prologue Healthcare Costs in the USA They do things big over here 4 Spending 5 Spending Societal Implications Medical expenses involved in 62% of all bankruptcies. Costs negate average wage increase
More informationEnsure Everyone Travels the Path of High Expectations
PRINCIPALS LEAD THE WAY FOR PK-3: Early Investment Strong Alignment Better Results A P R I L 2 0 0 6 Ensure Everyone Travels the Path of High Expectations Baldwin Academy La Puente, California Bonnie Wilson,
More informationSummit on Education in Secure Software Final Report
Summit on Education in Secure Software Final Report Dr. Diana L. Burley The George Washington University Dr. Matt Bishop University of California, Davis GW: UCD: Report GW-CSPRI-2011-7 Technical Report
More informationHow to Outsource Without Being a Ninnyhammer
How to Outsource Without Being a Ninnyhammer 5 mistakes people make when outsourcing for profit By Jason Fladlien 2 Introduction The way everyone does outsourcing is patently wrong, and this report is
More information4 Common Rookie Project Manager Mistakes and How to Avoid Them
4 Common Rookie Project Manager Mistakes and How to Avoid Them Rookie project managers often fall victim to costly mistakes and errors that can derail a project and significantly impact one s project management
More informationIn Response to Section 942 of the National Defense Authorization Act for Fiscal Year 2014 (Public Law 113-66) Terry Halvorsen DoD CIO
A Department of Defense Report on the National Security Agency and Department of Homeland Security Program for the National Centers of Academic Excellence in Information Assurance Education Matters In
More informationEvaluation of the ICAN Early Language Development Programme
Evaluation of the ICAN Early Language Development Programme Case study: Essex Summary of the impact and value of the ELDP This case study provides an overview of how the Early Language Development Programme
More informationHow To Be A Successful Supervisor
Quick Guide For Administrators Based on TIP 52 Clinical Supervision and Professional Development of the Substance Abuse Counselor Contents Why a Quick Guide?...2 What Is a TIP?...3 Benefits and Rationale...4
More informationSoftware Development Offshore Outsourcing: Protecting IP A White Paper by Jack Olson
Software Development Offshore Outsourcing: Protecting IP A White Paper by Jack Olson August, 2014 Austin, Texas Concerns for IP protection when using offshore outsourcing for software development always
More informationGlobal Manufacturing Company Reduces Malware Infections by 46%
Global Manufacturing Company Reduces Malware Infections by 46% Wombat s Security Education Platform is changing behaviors, reducing infections, and lowering remediation costs The Challenge A large international
More informationTUSKEGEE CYBER SECURITY PATH FORWARD
TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,
More informationTen Guiding Principles for the Use of Technology in Learning
Ten Guiding Principles for the Use of Technology in Learning Introduction Ontario colleges, universities, secondary schools, the Ministry of Training, Colleges and Universities, the Ministry of Education,
More informationSpring 2013 Structured Learning Assistance (SLA) Program Evaluation Results
Crafton Hills College RRN 682 July 2013 Research Brief Spring 2013 Structured Learning Assistance (SLA) Program Evaluation Results Prepared by Lorena Guadiana Summary of Main Findings 85% of respondents
More informationCutting to the chase What do you need to get accepted to an economics PhD program?
A Guide for UCSB Undergraduates Considering a PhD in Economics Dick Startz An economics PhD can be the portal to a satisfying and rewarding career. In this Guide we tell you a little bit about getting
More informationModule 12: The Job Search Process Transcript
Module 12: The Job Search Process Transcript The Employers Problem (video clip 1) To understand how to look for a job, you need to understand the perspective of the people whose attention you re trying
More information[STAFF WORKING DRAFT]
S:\LEGCNSL\LEXA\DOR\OI\PARTIAL\CyberWD..xml [STAFF WORKING DRAFT] JULY, 0 SECTION. TABLE OF CONTENTS. The table of contents of this Act is as follows: Sec.. Table of contents. Sec.. Definitions. TITLE
More informationHow to start research and how to present it?
How to start research and how to present it? Peter Kondor Budapest, CEU, 2010 Introduction What is research? How to start? How to present it? How to make it a paper? The main purpose of workshop to provide
More informationGetting Started with Kanban Paul Klipp
Getting Started with Kanban Paul Klipp kanbanery 2 Contents 3/ Getting Started with Kanban 4/ What is Kanban? 7/ Using Kanban Does kanban apply to me? How can it help me? What will I have to change? 10/
More informationDepartment of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus
Department of Computer & Information Sciences INFO-450: Information Systems Security Syllabus Course Description This course provides a deep and comprehensive study of the security principles and practices
More informationTOP 5 MYCAA MYTHS: WHICH ONE IS STANDING BETWEEN YOU AND A REWARDING NEW CAREER?
TOP 5 MYCAA MYTHS: WHICH ONE IS STANDING BETWEEN YOU AND A REWARDING NEW CAREER? MyCAA is an education funding program for military spouses going back to school. There s tons of buzz surrounding this program
More informationTHE OPTIMIZER HANDBOOK:
THE OPTIMIZER HANDBOOK: LEAD SCORING Section 1: What is Lead Scoring? Picture this: you re selling vehicles, and you have a list that features over two hundred different leads, but you re only allowed
More informationTO MEMBERS OF THE COMMITTEE ON EDUCATIONAL POLICY: DISCUSSION ITEM FUNDING UNIVERSITY OF CALIFORNIA GRADUATE ACADEMIC STUDENTS EXECUTIVE SUMMARY
E2 Office of the President TO MEMBERS OF THE COMMITTEE ON EDUCATIONAL POLICY: For Meeting of DISCUSSION ITEM FUNDING UNIVERSITY OF CALIFORNIA GRADUATE ACADEMIC STUDENTS EXECUTIVE SUMMARY There has been
More informationBy Paula Rome, Senior TestTrack Product Manager
By Paula Rome, Senior TestTrack Product Manager Copyright 2011 Seapine Software, Inc. This work is licensed under the Creative Commons Attribution-Noncommercial- No Derivative Works 3.0 United States License.
More informationIdentify the underlying principles of Quality Matters TM (QM) Use the QM Rubric and scoring system Apply QM standards
Quality Matters After this workshop, you will be able to: Identify the underlying principles of Quality Matters TM (QM) Use the QM Rubric and scoring system Apply QM standards Setting the tone In one sentence...
More informationGRADUATE SCHOOL. Should I go? When to go? Where? Tests Applying SMITH COLLEGE CAREER DEVELOPMENT OFFICE
SMITH COLLEGE CAREER DEVELOPMENT OFFICE GRADUATE SCHOOL Should I go? When to go? Where? Tests Applying NORTHAMPTON, MA 413-585-2582 F:413-585-2596 WWW.SMITH.EDU/CDO SHOULD I GO? There are two good reasons
More informationSoftware Process for QA
Software Process for QA Basic approaches & alternatives CIS 610, W98 / M Young 1/7/98 1 This introduction and overview is intended to provide some basic background on software process (sometimes called
More informationSmall-scale P2P File-sharing for the Academic Environment. Julita Vassileva University of Saskatchewan Computer Science Department MADMUC Lab
Small-scale P2P File-sharing for the Academic Environment Julita Vassileva University of Saskatchewan Computer Science Department MADMUC Lab Contents Motivation for the need of P2P filesharing in Academia
More informationA Capability Maturity Model (CMM)
Software Development Life Cycle (SDLC) and Development Methods There are some enterprises in which a careful disorderliness is the true method. Herman Melville Capability Maturity Model (CMM) A Capability
More informationWhy Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault. Best Practices Whitepaper June 18, 2014
Why Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault Best Practices Whitepaper June 18, 2014 2 Table of Contents LIVING UP TO THE SALES PITCH... 3 THE INITIAL PURCHASE AND SELECTION
More informationEngineering Process Software Qualities Software Architectural Design
Engineering Process We need to understand the steps that take us from an idea to a product. What do we do? In what order do we do it? How do we know when we re finished each step? Production process Typical
More informationAnnuities: Basics You Need to Know Last update: May 14, 2014
Summary Annuities: Basics You Need to Know Last update: May 14, 2014 The key feature of most annuities is the promise to provide you an income for life, no matter how long you live. This paper explains
More informationQuality Management Systems. Compliance Driven or Quality Driven?
Quality Management Systems Compliance Driven or Quality Driven? Written by N. Richard Puglielli Page 1 of 7 Overview ISO standards have been around for quite some time now and the concept behind these
More informationPreventing Liability for Foreign Products A PLP Primer By Kenneth Ross
Preventing Liability for Foreign Products A PLP Primer By Kenneth Ross Recently, there have been news stories almost every day about new and continuing safety issues with Chinese made products, including
More informationA Model for Integrating Data Science with the Liberal Arts: Responding to Workforce Demands
A Model for Integrating Data Science with the Liberal Arts: Responding to Workforce Demands Brian Fitzgerald, CEO January 6, 2016 2015 BHEF About the Business Higher Education Forum The Business Higher
More informationUNIVERSITY OF ROCHESTER William E. Simon Graduate School of Business Administration. Proposal for a Clinical Faculty Track
Contents: UNIVERSITY OF ROCHESTER William E. Simon Graduate School of Business Administration Proposal for a Clinical Faculty Track 1. Rationale and Objectives of the Proposal 2. The Simon School Mission
More informationNICE 2015 Conference
NICE 2015 Conference Mission: Impossible? How to Advance the Skills of the Cyber Workforce When You ve Got Quality and Speed but Aren t Cheap November 4, 2015 Presenters: Allison Frankoski, Program Director
More informationCommon Myths About Personal Injury and Wrongful Death Cases 1. By B. Keith Williams
Common Myths About Personal Injury and Wrongful Death Cases 1 By B. Keith Williams There are several myths about accident cases and the attorneys that handle them. It is important to keep these myths in
More informationManaging Technical Debt
Managing Technical Debt Steve McConnell www.construx.com Copyright Notice These class materials are 2007-2013 by Steven C. McConnell and Construx Software Builders, Inc. All Rights Reserved. No part of
More informationGNU LIBRARY GENERAL PUBLIC LICENSE. Preamble
GNU LIBRARY GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1991 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute
More informationPhase 2 The System Specification
Team W2 Video-Conferencing-Based Classroom Extension Sergio Bana Andrew Carland Matt Dyson Sarah Jordan Andrew Wantuch Phase 2 The System Specification 1 P a g e TABLE OF CONTENTS 1. INTRODUCTORY PROBLEM
More informationOverview. Software engineering and the design process for interactive systems. Standards and guidelines as design rules
Overview Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering Iterative design and prototyping Design rationale A. Dix, J.
More informationScheduling is a DRAG
Scheduling is a DRAG Better project management does not mean making schedules longer but rather making projects shorter. By William R. Duncan and Stephen A. Devaux Most organizations have realized that
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationPROMOTION & TENURE SYMPOSIUM
PROMOTION & TENURE SYMPOSIUM DR. NICHOLAS P. JONES A Conversation with the Provost FRIDAY, OCTOBER 16, 2015 9:45 a.m. 10:30 a.m. FOSTER AUDITORIUM, PATERNO LIBRARY 2 Good morning! Thank you for the kind
More informationDesigning and Implementing Your Communication s Dashboard: Lessons Learned
Designing and Implementing Your Communication s Dashboard: Lessons Learned By Katie Delahaye Paine President, Paine & Partners Contact Information: Katie Delahaye Paine CEO KDPaine & Partners Durham, NH
More informationBlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION
BlacKnight Cyber Security international A BUSINESS / MARKETING PRESENTATION The BlacKnight Mission To provide proven techniques and innovative learning services to help organizations detect, deter and
More informationImproving Employee Satisfaction in Healthcare through Effective Employee Performance Management
Improving Employee Satisfaction in Healthcare through Effective Employee Performance Management Introduction The following quotes are comments made by HR professionals from U.S. healthcare providers who
More informationUnderstanding Agile Project Management
Understanding Agile Project Management Author Melanie Franklin Director Agile Change Management Limited Overview This is the transcript of a webinar I recently delivered to explain in simple terms what
More informationMARYLAND S FOCUS SCHOOLS LEADERSHIP COMMUNITY OF PRACTICE
MARYLAND S FOCUS SCHOOLS LEADERSHIP COMMUNITY OF PRACTICE In May 2012, the Maryland State Department of Education (MSDE) was granted a Waiver from NCLB, which they had to implement beginning in June. MSDE
More informationEncouraging, Documenting and Recognizing Excellence in Academic Leadership
Encouraging, Documenting and Recognizing Excellence in Academic Leadership Overview Like many other institutions, Rutgers has a significant challenge when it comes to recruiting and retaining faculty members
More informationImproving Diversity in the Atmospheric Sciences
Improving Diversity in the Atmospheric Sciences Quinton L. Williams Chair, Department of Physics, Atmospheric Sciences and Geoscience Jackson State University President, National Society of Black Physicists
More informationSECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.
SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,
More informationCSE391: Cloud Computing CSE 391: Cloud Computing
CSE 391: Cloud Computing Introduction Course Overview Course Topics Grading Logistics Academic Integrity Policy Today s Lecture Course Overview (1/2) Caveat 1: This is a special topics elective. Caveat
More informationPreparing for Grad School
Department of Psychology Preparing for Grad School University of California, Davis 2012 Advising: 141 Young Hall Which degree? Which grad school? Adapted from a piece by Associate Dean for Student Affairs,
More informationCode Qualities and Coding Practices
Code Qualities and Coding Practices Practices to Achieve Quality Scott L. Bain and the Net Objectives Agile Practice 13 December 2007 Contents Overview... 3 The Code Quality Practices... 5 Write Tests
More informationManaging Wealth Means Managing Expectations
Managing Wealth Means Managing Expectations The term wealth management is so overused it has become a cheap marketing slogan and is in danger of losing its true meaning. It sounds sexy, so it gets tossed
More informationWHY THE WATERFALL MODEL DOESN T WORK
Chapter 2 WHY THE WATERFALL MODEL DOESN T WORK M oving an enterprise to agile methods is a serious undertaking because most assumptions about method, organization, best practices, and even company culture
More informationWhat mathematical optimization can, and cannot, do for biologists. Steven Kelk Department of Knowledge Engineering (DKE) Maastricht University, NL
What mathematical optimization can, and cannot, do for biologists Steven Kelk Department of Knowledge Engineering (DKE) Maastricht University, NL Introduction There is no shortage of literature about the
More informationChapter 24 - Quality Management. Lecture 1. Chapter 24 Quality management
Chapter 24 - Quality Management Lecture 1 1 Topics covered Software quality Software standards Reviews and inspections Software measurement and metrics 2 Software quality management Concerned with ensuring
More informationTestimony of Professor Lance J. Hoffman Computer Science Department The George Washington University Washington, D.C. Before the
Testimony of Professor Lance J. Hoffman Computer Science Department The George Washington University Washington, D.C. Before the U. S. Senate Committee on Commerce, Science, and Transportation Subcommittee
More informationThe Student/Library Collaborative: Toward Transformative Mobile Library Service
Interim Performance Report Narrative for LG-07-11-0339-11 The Student/Library Collaborative: Toward Transformative Mobile Library Service As stated in the grant proposal, the main purpose of this grant
More informationMeanings of different Social Services meetings
Meanings of different Social Services meetings Your Advocate will talk to you before a meeting to find out what you want to say, in case you don t want to talk yourself. Your Advocate can talk to you after
More informationUNDERSTANDING YOUR ONLINE FOOTPRINTS: HOW TO PROTECT YOUR PERSONAL INFORMATION ON THE INTERNET
UNDERSTANDING YOUR ONLINE FOOTPRINTS: HOW TO PROTECT YOUR PERSONAL INFORMATION ON THE INTERNET SPEAKING NOTES FOR GRADES 4 TO 6 PRESENTATION SLIDE (1) Title Slide SLIDE (2) Key Points It can be really
More informationSERVING BASIC WRITERS: ONE COMMUNITY COLLEGE'S MISSION STATEMENTS
Sallyanne H. Fitzgerald SERVING BASIC WRITERS: ONE COMMUNITY COLLEGE'S MISSION STATEMENTS ABSTRACT: Various factors combined to move a California community college towards creating a mission statement
More informationJason F. Sikorski, Ph. D. Marisa Mealy, Ph. D Marianne Fallon, Ph. D.
Jason F. Sikorski, Ph. D. Marisa Mealy, Ph. D Marianne Fallon, Ph. D. Nerve Racking Uncertainty about the future is always tough Psychology graduate programs are very competitive Confusing at Times What
More informationHow To Make Consulting Cloud Consulting Profitable
Cloud Consulting - Applying Leading IT Practices to Human Capital by Marion McGovern, Founder & CEO M Squared Consulting, Inc. msquared.com 2010 M Squared Consulting, Inc. All rights reserved. Introduction
More informationContracting for Agile Software Projects
Contracting for Agile Software Projects Author: Peter Stevens As a customer or supplier of software services at the beginning of a Software Development Project, you know that there is too much at stake
More informationEffective Employee Incentive Programs Bring Out The Best In Your Firm
Effective Employee Incentive Programs Bring Out The Best In Your Firm By Lisa A. Rozycki 2006 All Rights Reserved An incentive program is a planned activity designed to motivate people to achieve predetermined
More informationGPL, MIT, BSD, OSS (and me)
GPL, MIT, BSD, OSS (and me) Introduction to Open Source Therese Catanzariti OSS encourages code distribution (so you can sell epensive things on top of code OSS is risky! OSS saves engineering time and
More informationBecome Debt Free. $1,000 to start an Emergency Fund. Pay off all debt using the Debt Snowball. 3 to 6 months of expenses in savings
Become Debt Free $1,000 to start an Emergency Fund Pay off all debt using the Debt Snowball 3 to 6 months of expenses in savings Invest 15% of household income into Roth IRAs and pre-tax retirement College
More informationLearning and Analytics: Business Briefing
Business Briefing SUCCESSFACTORS / Business Briefing : Business Briefing Why learning with analytics bridges the gaps in your workforce s capabilities, improves performance and delivers a quantifiable
More informationRapid software development. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 17 Slide 1
Rapid software development Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 17 Slide 1 Objectives To explain how an iterative, incremental development process leads to faster delivery of
More informationRe: Assembly Approval of New Degree Title: Master of Finance (MF) at UC San Diego
UNIVERSITY OF CALIFORNIA, ACADEMIC SENATE BERKELEY DAVIS IRVINE LOS ANGELES MERCED RIVERSIDE SAN DIEGO SAN FRANCISCO SANTA BARBARA SANTA CRUZ Bill Jacob Telephone: (510) 987-9303 Fax: (510) 763-0309 Email:
More information10 YEARS OF QUALITY ASSURANCE: ACHIEVEMENTS AND IMPERATIVES
10 YEARS OF QUALITY ASSURANCE: ACHIEVEMENTS AND IMPERATIVES Quality Assurance in Online Education Towards a Culture of Assessment Dr. Hilroy A. Thomas, Associate Dean/Associate Professor, St. Thomas University,
More informationTop 10 Tips for Successful Software Development Management
71% of the software projects do not succeed! Top 10 Tips for Successful Software Development Management by Jack Bicer Here are some time tested guidelines that have been used extensively to deliver web
More informationThe Demanding Job of An ILIT Trustee
The Demanding Job of An ILIT Trustee Good day. Thank you for coming. The subject of my remarks today is The Demanding Job of An ILIT Trustee. An ILIT is short-hand or a nickname for an Irrevocable Life
More informationCcybersecurity Education
Ccybersecurity Education The Obstacle and Challenges Panel Discussion Summer Workshop on Cyber Security Education for Community College Faculty in West Texas Texas Tech University August 13, 2013 COMPUTER
More informationFiduciary Duty in Support of Responsible Investment
CONVENING REPORT Fiduciary Duty in Support of Responsible Investment January 14, 2015 Introduction On January 14, 2015, the Initiative for Responsible Investment held a Convening to discuss Fiduciary Duty
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationSue Louscher Executive Director, Strategic Partnerships and Government Programs College of Engineering The University of Akron Akron, OH, USA
Introducing The Nation s First Bachelor of Science Degree in Corrosion Engineering and the National Center for Education and Research on Corrosion and Materials Performance Sue Louscher Executive Director,
More informationDRAFT (February 7, 2000) Bert Garza. Faculty and Office for Computing and Information Science: Administrative and Management Structure
DRAFT (February 7, 2000) Bert Garza Faculty and Office for Computing and Information Science: Administrative and Management Structure BACKGROUND The Information Revolution is transforming society creating
More information