Saturday, May 18, 2024
HomeSoftware EngineeringThe Prime 10 Weblog Posts of 2023

The Prime 10 Weblog Posts of 2023


Each January on the SEI Weblog, we current the ten most-visited posts of the earlier 12 months. This 12 months’s high 10 highlights our work in quantum computing, software program modeling, massive language fashions, DevSecOps, and synthetic intelligence. The posts, which had been revealed between January 1, 2023, and December 31, 2023, are offered under in reverse order primarily based on the variety of visits.

#10 Contextualizing Finish-Consumer Wants: How you can Measure the Trustworthiness of an AI System

by Carrie Gardner, Katherine-Marie Robinson, Carol J. Smith, and Alexandrea Steiner

As potential functions of synthetic intelligence (AI) proceed to broaden, the query stays: will customers need the expertise and belief it? How can innovators design AI-enabled merchandise, companies, and capabilities which are efficiently adopted, moderately than discarded as a result of the system fails to fulfill operational necessities, equivalent to end-user confidence? AI’s promise is certain to perceptions of its trustworthiness.

To highlight just a few real-world situations, think about:

  • How does a software program engineer gauge the trustworthiness of automated code era instruments to co-write purposeful, high quality code?
  • How does a health care provider gauge the trustworthiness of predictive healthcare functions to co-diagnose affected person situations?
  • How does a warfighter gauge the trustworthiness of computer-vision enabled menace intelligence to co-detect adversaries?

What occurs when customers don’t belief these techniques? AI’s means to efficiently companion with the software program engineer, physician, or warfighter in these circumstances is dependent upon whether or not these finish customers belief the AI system to companion successfully with them and ship the end result promised. To construct acceptable ranges of belief, expectations have to be managed for what AI can realistically ship.

This weblog put up explores main analysis and classes discovered to advance dialogue of how you can measure the trustworthiness of AI so warfighters and finish customers basically can notice the promised outcomes.

Learn the put up in its entirety.

#9 5 Greatest Practices from Business for Implementing a Zero Belief Structure

by Matthew Nicolai, Nathaniel Richmond, and Timothy Morrow

Zero belief (ZT) structure (ZTA) has the potential to enhance an enterprise’s safety posture. There’s nonetheless appreciable uncertainty concerning the ZT transformation course of, nevertheless, in addition to how ZTA will in the end seem in apply. Current govt orders M-22-009 and M-21-31 have accelerated the timeline for zero belief adoption within the federal sector, and plenty of personal sector organizations are following go well with. In response to those govt orders, researchers at the SEI’s CERT Division hosted Zero Belief Business Days in August 2022 to allow business stakeholders to share details about implementing ZT.

On this weblog put up, which we tailored from a white paper, we element 5 ZT finest practices recognized throughout the two-day occasion, talk about why they’re important, and supply SEI commentary and evaluation on methods to empower your group’s ZT transformation.

Learn the put up in its entirety.

#8 The Problem of Adversarial Machine Studying

by Matt Churilla, Nathan M. VanHoudnos, and Robert W. Beveridge

Think about driving to work in your self-driving automobile. As you strategy a cease signal, as a substitute of stopping, the automobile quickens and goes by the cease signal as a result of it interprets the cease signal as a pace restrict signal. How did this occur? Despite the fact that the automobile’s machine studying (ML) system was educated to acknowledge cease indicators, somebody added stickers to the cease signal, which fooled the automobile into pondering it was a 45-mph pace restrict signal. This easy act of placing stickers on a cease signal is one instance of an adversarial assault on ML techniques.

On this SEI Weblog put up, I study how ML techniques may be subverted and, on this context, clarify the idea of adversarial machine studying. I additionally study the motivations of adversaries and what researchers are doing to mitigate their assaults. Lastly, I introduce a primary taxonomy delineating the methods by which an ML mannequin may be influenced and present how this taxonomy can be utilized to tell fashions which are strong in opposition to adversarial actions.

Learn the put up in its entirety.

#7 Play it Once more Sam! or How I Discovered to Love Massive Language Fashions

by Jay Palat

“AI is not going to exchange you. An individual utilizing AI will.”

-Santiago @svpino

In our work as advisors in software program and AI engineering, we are sometimes requested concerning the efficacy of AI code assistant instruments like Copilot, GhostWriter, or Tabnine primarily based on massive language mannequin (LLM). Current innovation within the constructing and curation of LLMs demonstrates highly effective instruments for the manipulation of textual content. By discovering patterns in massive our bodies of textual content, these fashions can predict the subsequent phrase to put in writing sentences and paragraphs of coherent content material. The priority surrounding these instruments is robust – from New York colleges banning the usage of ChatGPT to Stack Overflow and Reddit banning solutions and artwork generated from LLMs. Whereas many functions are strictly restricted to writing textual content, just a few functions discover the patterns to work on code, as properly. The hype surrounding these functions ranges from adoration (“I’ve rebuilt my workflow round these instruments”) to worry, uncertainty, and doubt (“LLMs are going to take my job”). Within the Communications of the ACM, Matt Welsh goes as far as to declare we’ve reached The Finish of Programming.” Whereas built-in growth environments have had code era and automation instruments for years, on this put up I’ll discover what new developments in AI and LLMs imply for software program growth.

Learn the put up in its entirety.

#6 How you can Use Docker and NS-3 to Create Life like Community Simulations

by Alejandro Gomez

Typically, researchers and builders have to simulate numerous forms of networks with software program that will in any other case be onerous to do with actual gadgets. For instance, some {hardware} may be onerous to get, costly to arrange, or past the abilities of the workforce to implement. When the underlying {hardware} isn’t a priority however the important features that it does is, software program is usually a viable various.

NS-3 is a mature, open-source networking simulation library with contributions from the Lawrence Livermore Nationwide Laboratory , Google Summer season of Code, and others. It has a excessive diploma of functionality to simulate numerous sorts of networks and user-end gadgets, and its Python-to-C++ bindings make it accessible for a lot of builders.

In some instances, nevertheless, it isn’t ample to simulate a community. A simulator may want to check how knowledge behaves in a simulated community (i.e., testing the integrity of Consumer Datagram Protocol (UDP) site visitors in a Wi-Fi community, how 5G knowledge propagates throughout cell towers and consumer gadgets, and many others. NS-3 permits such sorts of simulations by piping knowledge from faucet interfaces (a characteristic of digital community gadgets offered by the Linux kernel that cross ethernet frames to and from consumer area) into the operating simulation.

This weblog put up presents a tutorial on how one can transmit dwell knowledge by an NS-3-simulated community with the added benefit of getting the data-producing/data-receiving nodes be Docker containers. Lastly, we use Docker Compose to automate advanced setups and make repeatable simulations in seconds.

Learn the put up in its entirety.

#5 5 Challenges to Implementing DevSecOps and How you can Overcome Them

by Joe Yankel and Hasan Yasar

Traditionally, software program safety has been addressed on the mission degree, emphasizing code scanning, penetration testing, and reactive approaches for incident response. Not too long ago, nevertheless, the dialogue has shifted to this system degree to align safety with enterprise goals. The best end result of such a shift is one by which software program growth groups act in alignment with enterprise objectives, organizational danger, and resolution architectures, and these groups perceive that safety practices are integral to enterprise success. DevSecOps, which builds on DevOps rules and locations extra deal with safety actions all through all phases of the software program growth lifecycle (SDLC), may also help organizations notice this preferrred state. Nevertheless, the shift from project- to program-level pondering raises quite a few challenges. In our expertise, we’ve noticed 5 frequent challenges to implementing DevSecOps. This SEI Weblog put up articulates these challenges and gives actions organizations can take to beat them.

Learn the put up in its entirety.

#4 Utility of Massive Language Fashions (LLMs) in Software program Engineering: Overblown Hype or Disruptive Change?

by Ipek Ozkaya, Anita Carleton, John E. Robert, and Douglas Schmidt (Vanderbilt College)

Has the day lastly arrived when massive language fashions (LLMs) flip us all into higher software program engineers? Or are LLMs creating extra hype than performance for software program growth, and, on the identical time, plunging everybody right into a world the place it’s onerous to tell apart the peerlessly shaped, but generally pretend and incorrect, code generated by synthetic intelligence (AI) applications from verified and well-tested techniques?

This weblog put up, which builds on concepts launched within the IEEE paper Utility of Massive Language Fashions to Software program Engineering Duties: Alternatives, Dangers, and Implications by Ipek Ozkaya, focuses on alternatives and cautions for LLMs in software program growth, the implications of incorporating LLMs into software-reliant techniques, and the areas the place extra analysis and improvements are wanted to advance their use in software program engineering.

Learn the put up in its entirety.

#3 Rust Vulnerability Evaluation and Maturity Challenges

by Garret Wassermann and David Svoboda

Whereas the reminiscence security and security measures of the Rust programming language may be efficient in lots of conditions, Rust’s compiler could be very specific on what constitutes good software program design practices. At any time when design assumptions disagree with real-world knowledge and assumptions, there may be the opportunity of safety vulnerabilities–and malicious software program that may make the most of these vulnerabilities. On this put up, we’ll deal with customers of Rust applications, moderately than Rust builders. We’ll discover some instruments for understanding vulnerabilities whether or not the unique supply code is offered or not. These instruments are vital for understanding malicious software program the place supply code is commonly unavailable, in addition to commenting on attainable instructions by which instruments and automatic code evaluation can enhance. We additionally touch upon the maturity of the Rust software program ecosystem as a complete and the way which may affect future safety responses, together with through the coordinated vulnerability disclosure strategies advocated by the SEI’s CERT Coordination Middle (CERT/CC). This put up is the second in a collection exploring the Rust programming language. The first put up explored safety points with Rust.

Learn the put up in its entirety.

#2 Software program Modeling: What to Mannequin and Why

by John McGregor and Sholom G. Cohen

Mannequin-based techniques engineering (MBSE) environments are supposed to help engineering actions of all stakeholders throughout the envisioning, creating, and sustaining phases of software-intensive merchandise. Fashions, the machine-manipulable representations and the merchandise of an MBSE surroundings, help efforts such because the automation of standardized evaluation strategies by all stakeholders and the upkeep of a single authoritative supply of reality about product data. The mannequin faithfully represents the ultimate product in these attributes of curiosity to varied stakeholders. The result’s an general discount of growth dangers.

When initially envisioned, the necessities for a product could appear to symbolize the correct product for the stakeholders. Throughout growth, nevertheless, the as-designed product involves mirror an understanding of what’s actually wanted that’s superior to the unique set of necessities. When it’s time to combine elements, throughout an early incremental integration exercise or a full product integration, the unique set of necessities is not represented and is not a legitimate supply of take a look at instances. Many questions come up, equivalent to

  • How do I consider the failure of a take a look at?
  • How can I consider the completeness of a take a look at set?
  • How do I observe failures and the fixes utilized to them?
  • How do I do know that fixes utilized don’t break one thing else?

Such is the case with necessities, and far the identical must be the case for a set of fashions created throughout growth—are they nonetheless consultant of the carried out product present process integration?

One of many objectives for strong design is to have an up-to-date single authoritative supply of reality by which discipline-specific views of the system are created utilizing the identical mannequin parts at every growth step. The only authoritative supply will typically be a set of requirement, specification, and design submodels inside the product mannequin. The ensuing mannequin can be utilized as a legitimate supply of full and proper verification and validation (V&V) actions. On this put up, we study the questions above and different questions that come up throughout growth and use the solutions to explain modeling and evaluation actions.

Learn the put up in its entirety.

#1 Cybersecurity of Quantum Computing: A New Frontier

by Tom Scanlon

Analysis and growth of quantum computer systems continues to develop at a fast tempo. The U.S. authorities alone spent greater than $800 million on quantum data science (QIS) analysis in 2022. The promise of quantum computer systems is substantial – they may have the ability to clear up sure issues which are classically intractable, which means a traditional laptop can’t full the calculations inside human-usable timescales. Given this computational energy, there may be rising dialogue surrounding the cyber threats quantum computer systems could pose sooner or later. As an illustration, Alejandro Mayorkas, secretary of the Division of Homeland Safety, has recognized the transition to post-quantum encryption as a precedence to make sure cyber resilience. There’s little or no dialogue, nevertheless, on how we’ll shield quantum computer systems sooner or later. If quantum computer systems are to change into such beneficial property, it’s cheap to mission that they may finally be the goal of malicious exercise.

I used to be not too long ago invited to be a participant within the Workshop on Cybersecurity of Quantum Computing, co-sponsored by the Nationwide Science Basis (NSF) and the White Home Workplace of Science and Know-how Coverage, the place we examined the rising subject of cybersecurity for quantum computing. Whereas quantum computer systems are nonetheless nascent in some ways, it’s by no means too early to handle looming cybersecurity considerations. This put up will discover points associated to creating the self-discipline of cyber safety of quantum computing and description six areas of future analysis within the subject of quantum cybersecurity.

Learn the put up in its entirety.

Wanting Forward in 2024

We publish a brand new put up on the SEI Weblog each Monday morning. Within the coming months, search for posts highlighting the SEI’s work in synthetic intelligence, cybersecurity, and edge computing.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments