Keeping Up To Date with IP News Services and Blogs: Drowning in a Sea Of Sameness?

It seems like so many IP related Websites you visit invite you to join their free email list to keep you up to date. Sources span a wide spectrum including governmental organizations, non-governmental organizations, educational institutions, consulting services, law firms, commercial publishers and more. These sources span the spectrum from free, to low fee to premium pricing. With all of this information overload and choices, how do you differentiate and choose news sources? The goals of this article are twofold. Goal one is to present a survey of types and categories of IP news tools available to IP researchers. Since these tools change with time, goal two is to present strategies and approaches to consider when assembling your portfolio of news sources. I use the term researcher to include anyone looking for news, including lawyers, paraprofessionals, academics, students, corporate searchers and more. Some of this material may be yesterday\u27s news for some and breaking news for others. My hope is that you will find value added in some tools and strategies. Before I present the survey of tools, I want to propose some initial general strategies that might be helpful to apply as the detail of the tools unfold

Data Stream Clustering: A Review

Number of connected devices is steadily increasing and these devices continuously generate data streams. Real-time processing of data streams is arousing interest despite many challenges. Clustering is one of the most suitable methods for real-time data stream processing, because it can be applied with less prior information about the data and it does not need labeled instances. However, data stream clustering differs from traditional clustering in many aspects and it has several challenging issues. Here, we provide information regarding the concepts and common characteristics of data streams, such as concept drift, data structures for data streams, time window models and outlier detection. We comprehensively review recent data stream clustering algorithms and analyze them in terms of the base clustering technique, computational complexity and clustering accuracy. A comparison of these algorithms is given along with still open problems. We indicate popular data stream repositories and datasets, stream processing tools and platforms. Open problems about data stream clustering are also discussed.Comment: Has been accepted for publication in Artificial Intelligence Revie

Quieting the Static: A Study of Static Analysis Alert Suppressions

Static analysis tools are commonly used to detect defects before the code is released. Previous research has focused on their overall effectiveness and their ability to detect defects. However, little is known about the usage patterns of warning suppressions: the configurations developers set up in order to prevent the appearance of specific warnings. We address this gap by analyzing how often are warning suppression features used, which warning suppression features are used and for what purpose, and also how could the use of warning suppression annotations be avoided. To answer these questions we examine 1\,425 open-source Java-based projects that utilize Findbugs or Spotbugs for warning-suppressing configurations and source code annotations. We find that although most warnings are suppressed, only a small portion of them get frequently suppressed. Contrary to expectations, false positives account for a minor proportion of suppressions. A significant number of suppressions introduce technical debt, suggesting potential disregard for code quality or a lack of appropriate guidance from the tool. Misleading suggestions and incorrect assumptions also lead to suppressions. Findings underscore the need for better communication and education related to the use of static analysis tools, improved bug pattern definitions, and better code annotation. Future research can extend these findings to other static analysis tools, and apply them to improve the effectiveness of static analysis.Comment: 11 pages, 4 figure

SecDevOps modeling for web services and applications

The concept of Web Applications and software in general is very present in our everyday lives, and from the consumer perspective it might seem simple, as we only see the final product. But, to develop this software, there is a lot going on behind the scenes that we do not see, in fact, building software continuously and with a certain level of quality is a very complex task and takes a lot of effort. In this project I aim to analyse and compare existing application development security models and tools, focusing on how they are applied to DevOps (Software Development and IT Operations). From the comparisons, I will choose the best model according to my opinion and I will apply the model to the implementation of web services and applications. After the implementation of the use case. At the end, I will discuss possible improvements and changes for the approach used to develop the application

Ransomware and Malware Sandboxing

The threat of ransomware that encrypts data on a device and asks for payment to decrypt the data affects individual users, businesses, and vital systems including healthcare. This threat has become increasingly more prevalent in the past few years. To understand ransomware through malware analysis, care must be taken to sandbox the ransomware in an environment that allows for a detailed and comprehensive analysis while also preventing it from being able to further spread. Modern malware often takes measures to detect whether it has been placed into an analysis environment to prevent examination. In this work, several notable pieces of ransomware were placed into sandbox environments to discover how they might obfuscate themselves for evading analysis and to determine ways they propagate. The goal of the work is to identify and understand these how these obfuscation and propagation techniques function in a sandbox, so that mitigation methods can be developed

Sensae Console - Platforma de support para serviços baseados em IoT

Today there are more smart devices than people. The number of devices worldwide is forecast to almost triple from 8.74 billion in 2020 to more than 25.4 billion devices in 2030. The Internet of Things (IoT) is the connection of millions of smart devices and sensors connected to the Internet. These connected devices and sensors collect and share data for use and analysis by many organizations. Some examples of intelligent connected sensors are: GPS asset tracking, parking spots, refrigerator thermostats, soil condition and many others. The limit of different objects that can become intelligent sensors is limited only by our imagination. But these devices are mostly useless without a platform to analyze, store and present the aggregated data into business-oriented information. Recently, several platforms have emerged to address this need and help companies/governments to increase efficiency, cut on operational costs and improve safety. Sadly, most of these platforms are tailor made for the devices that the company offers. This dissertation presents the (Sensae Console) platform that enables and promotes the development of IoT-based business-oriented applications. This platform attempts to be device-neutral, IoT middleware-neutral and provide flexible upstream integration and hosting options while providing a simple and concise data streaming Application Programming Interface (API). Three IoT-based business-oriented applications built on top of the Sensae Console platform are presented as Proof of Concept (PoC) of its capabilities.Atualmente, existem mais sensores inteligentes do que pessoas. O número de sensores em todo o mundo deve quase triplicar de 8,74 bilhões em 2020 para mais de 25,4 bilhões em 2030. O conceito de IoT está relacionado com a interação entre milhões de dispositivos inteligentes através da Internet. Estes dispositivos e sensores conectados recolhem e disponibilizam dados para uso e análise por parte de muitas organizações. Alguns exemplos de sensores inteligentes e seus usos são: dispositivos GPS para rastreamento de ativos, monitorização de vagas de estacionamento, termostatos em arcas frigoríficas, condição do solo e muitos outros. O número de diferentes objetos que podem vir-se a tornar sensores inteligentes é limitado apenas pela nossa imaginação. Mas estes dispositivos são praticamente inúteis sem uma plataforma para analisar, armazenar e apresentar os dados agregados em informação relevante para o negócio em questão. Recentemente, várias plataformas surgiram para responder a essa necessidade e ajudar empresas/governos a aumentar a sua eficiência, reduzir custos operacionais e melhorar a segurança dos espaços e negócios. Infelizmente, a maioria dessas plataformas é feita à medida para os dispositivos que a empresa em questão oferece. Esta tese apresenta uma plataforma (Sensae Console) focada em que propiciar a criação de aplicações relacionados com IoT para negócios específicos. Esta plataforma procura ser agnóstica em relação aos dispositivos inteligentes e middleware de IoT usados por terceiros, oferece variadas e flexíveis opções de integração e hosting como também uma API de streaming simples e concisa. Três aplicações relacionadas com IoT, orientadas ao seu negócio e construídas com base na plataforma Sensae Console são apresentadas como provas de conceito das capacidades da plataforma

DEVELOPMENT STRATEGY AND MANAGEMENT OF AI-BASED VULNERABILITY DETECTION APPLICATIONS IN ENTERPRISE SOFTWARE ENVIRONMENT

Industries are now struggling with high level of security-risk vulnerabilities in their software environment which mainly originate from open-source dependencies. Industries’ percentage of open source in codebases is about 54% whereas ones with high security risks is about 30% (Synopsys 2018). While there are existing solutions for application security analysis, these typically only detect a limited subset of possible errors based on pre-defined rules. With the availability of open-source vulnerability resources, it is now possible to use data-driven techniques to discover vulnerabilities. Although there are a few AI-based solutions available, but there are some associated challenges: 1) use of artificial intelligence for application security (AppSec) towards vulnerability detection has been very limited and definitely not industry oriented, 2) the strategy to develop, use and manage such AppSec products in enterprises have not been investigated; therefore cybersecurity firms do not use even limited existing solutions. In this study, we aim to address these challenges with some strategies to develop such AppSec, their use management and economic values in enterprise environment

Assessing the Flexibility of a Service Oriented Architecture to that of the Classic Data Warehouse

The flexibility of a service oriented architecture (SOA) is compared to that of the classic data warehouse across three categories: (1) source system access, (2) integration and transformation, and (3) end user access. The findings suggest that an SOA allows better upgrade and migration flexibility if back-end systems expose their source data via adapters. However, the providers of such adapters must deal with the complexity of maintaining consistent interfaces. An SOA also appears to provide more flexibility at the integration tier due to its ability to merge batch with real-time source system data. This has the potential to retain source system data semantics (e.g., code translations and business rules) without having to reproduce such logic in a transformation tier. Additionally, the tight coupling of operational metadata and source system data within XML in an SOA allows more flexibility in downstream analysis and auditing of output . SOA does lag behind the classic data warehouse at the end user level, mainly due to the latter\u27s use of mature SQL and relational database technology. Users of all technical levels can easily work with these technologies in the classic data warehouse environment to query data in a number of ways. The SOA end user likely requires developer support for such activities