Increased security through open source

In this paper we discuss the impact of open source on both the security and transparency of a software system. We focus on the more technical aspects of this issue, combining and extending arguments developed over the years. We stress that our discussion of the problem only applies to software for general purpose computing systems. For embedded systems, where the software usually cannot easily be patched or upgraded, different considerations may apply

Agile Software Development Vulnerabilities and Challenges: An Empirical Study

Since the Agile Software Development (ASD) Manifesto (Fowler & Highsmith, 2001), ASD has offered a disciplined yet lightweight engineering method to better serve organizations’ application needs in today’s fast-evolving and uncertain business environment. According to the latest State of Agile survey (VersionOne, 2018), an overwhelming 97% of responding organizations practice ASD within the organizations. While ASD has become evolutionary, its nature of speedy development and concept of working software has also brought significant challenges in security risk, including vulnerabilities, exploitations, and breaches. One emerging ASD method is Microservices which integrates third-party open-source libraries for rapid, frequent, and efficient delivery of large and complex applications in cloud environments. These open-source libraries represent the breakthroughs to build applications currently and in the future. However, they are the leading causes of Common Vulnerability Exploitation (CVEs). About 76% of applications have at least one open-source vulnerability that turns out to be attack surfaces exploited by hackers (Veracode, 2021). Indeed, every business is eventually a digitally-enabled business, and security breaches are inevitable (McLaughlin & Gogan, 2018). Yet, the literature indicates ASD security research is still nascent. Witnessing and anticipating the significant impact brought by ASD security risks such as Java-based Log4j, this empirical research investigates the key technical and human vulnerabilities and risks in eight major programming languages and the main challenges to implementing security requirements. We also examine the vulnerability and ASD security impact of Work from Home (WFH), which has increased significantly since COVID-19 and is predicted to remain a new way of working. Partnering with a cloud-based SaaS security company with over 2500 worldwide clients, this research collects qualitative data through interviews and quantitative data from a real-time database regarding ASD vulnerabilities. We identify emerging evidence to support best practices for achieving risk control in ASD and recommend remediations to address vulnerabilities comprehensively and in a timely manner. The findings can help organizations develop policies for ASD security management and compliance. In addition, researchers can apply our results to guide future ASD security risk studies in various contexts of emerging technologies

Socio-economic Impacts of Smallholder Dairy Cattle Farming on Livelihood in Sunga Ward of Lushoto District, Tanzania

A smallholder dairy cattle farming has been practiced by farmers in Tanzania, particularly in rural areas as a means of livelihood through income generated and food security although information about its impacts might not be clear from different locations. This study examined socio-economic impacts of smallholder dairy cattle farming on the livelihood in Sunga ward of Lushoto District, Tanzania. A cross-sectional study design was adopted whereby quantitative approach was used. Simple random sampling was used to select 120 households from 384 total households practicing dairy cattle farming. The survey was used as the method of data collection. Structured questionnaire constructed from close and open ended questions was utilized as an instrument of data collection. Data analysis was done by using SPSS whereby the study revealed descriptive statistics and paired-samples t test. Results show that smallholder dairy cattle farming has a social impact on household food security due to increased crop yields (97.5%), milk consumption (74.8%) and selling of cattle (67.2%). Also, households improved access to education (79.2%), improved access to health services (84%) and increased assets (87.4%) such as buying of land, motorcycles and construction of houses. Moreover, dairy cattle farming has demonstrated economic impacts through direct income generated from selling milk (65.8%), using manure for agriculture (100%), income from selling cattle (71.7%) and perceived as a source of employment (92.5%). Income from selling milk contributes about 47% of annual income of the household. Through cattle manure application on cropping farms, average household annual income in Tanzania shillings (TZS) generated from crops was significantly increased to TZS 555300 from TZS 166600 in the period before household introduced cattle manure (t=10.188, p<0.001). This study recommends the government to allocate more extension officers in rural areas, particularly in Sunga ward in order to enhance knowledge and skills of farmers that can help to improve further their efficiency in dairy cattle rearing so as to increase their income and enhance food security for sustainable livelihood.     &nbsp

Gamification for Teaching and Learning Computer Security in Higher Education

In many cases students in higher education are driven by assessments and achievements rather than the “learning journey” that can be achieved through full engagement with provided material. Novel approaches are needed to improve engagement in and out of class time, and to achieve a greater depth of learning. Gamification, “the use of game design elements in nongame contexts”, has been applied to higher education to improve engagement, and research also suggests that serious games can be used for gamesbased learning, providing simulated learning environments and increasing motivation. This paper presents the design and evaluation of a gamified computer security module, with a unique approach to assessed learning activities. Learning activities (many developed as open educational resources (OER)) and an assessment structure were developed. A new free and open source software (FOSS) virtual learning environment (VLE) was implemented, which enables the use of three types of experience points (XP), and a semiautomated marking scheme for timely, clear, transparent, and feedbackoriented marking. The course and VLE were updated and evaluated over two years. Qualitative and descriptive results were positive and encouraging. However, ultimately the increased satisfaction was not found to have statistical significance on quantitative measurements of motivation, and the teaching workload of the gamified module was noteworthy

Internet of Things Architectures, Technologies, Applications, Challenges, and Future Directions for Enhanced Living Environments and Healthcare Systems: A Review

Internet of Things (IoT) is an evolution of the Internet and has been gaining increased attention from researchers in both academic and industrial environments. Successive technological enhancements make the development of intelligent systems with a high capacity for communication and data collection possible, providing several opportunities for numerous IoT applications, particularly healthcare systems. Despite all the advantages, there are still several open issues that represent the main challenges for IoT, e.g., accessibility, portability, interoperability, information security, and privacy. IoT provides important characteristics to healthcare systems, such as availability, mobility, and scalability, that o er an architectural basis for numerous high technological healthcare applications, such as real-time patient monitoring, environmental and indoor quality monitoring, and ubiquitous and pervasive information access that benefits health professionals and patients. The constant scientific innovations make it possible to develop IoT devices through countless services for sensing, data fusing, and logging capabilities that lead to several advancements for enhanced living environments (ELEs). This paper reviews the current state of the art on IoT architectures for ELEs and healthcare systems, with a focus on the technologies, applications, challenges, opportunities, open-source platforms, and operating systems. Furthermore, this document synthesizes the existing body of knowledge and identifies common threads and gaps that open up new significant and challenging future research directions.info:eu-repo/semantics/publishedVersio

Intelligence and Corruption

The Journal of Intelligence, Conflict, and Warfare is pleased to publish the following thought piece from one of our esteemed Speakers from the 2020 West Coast Security Conference. The author, Mr. Dalip, is a lawyer working in the financial crime and corruption sphere. From 2015 to 2018, Mr. Dalip was a chairman at the Steering Group Planning Committee for the Caribbean Financial Action Task Force (CFATF); and from 2014 to 2018, he was a special legal advisor to the Ministry of Attorney General Trinidad and Tobago. The intersection between corruption and intelligence is gaining increased focus. Foreign intelligence services have an anti-corruption role at the strategic level through Intelligence Risk Assessments and at the operational level during post-conflict operations. Intelligence assessments of the effectiveness of non-kinetic tools on target countries also guide implementation and policy changes. The roles of security intelligence and foreign intelligence services are, however, no longer always discrete, particularly in the context of non-state actors. Foreign intelligence services would benefit from the skill sets of security intelligence agencies in detecting corruption related predicate offences, both in performing their core roles and supporting law enforcement operations. This includes the use of financial intelligence as well as other key open source intelligence resulting from anti-money laundering frameworks, the development of which has been driven globally by the Financial Action Task Force. In performing these roles, intelligence agencies must also be mindful of their own vulnerability to corruption

Preliminary forensic analysis of the Xbox one

Video game consoles can no longer be viewed as just gaming consoles but rather as full multimedia machines, capable of desktop computer-like performance. The past has shown that game consoles have been used in criminal activities such as extortion, identity theft, and child pornography, but with their ever-increasing capabilities, the likelihood of the expansion of criminal activities conducted on or over the consoles increases. This research aimed to take the initial step of understanding the Xbox One, the most powerful Microsoft console to date. We report the outcome of conducting a forensic examination of the Xbox One, and we provide our Xbox One data set of hard drive images and unique files so that the forensic community may expand upon our work. The Xbox One was found to have increased security measures over its predecessor (Xbox 360). The encryption of the data and the new file types introduced made it difficult to discern potential digital evidence. While these added security features caused great difficulty in forensically acquiring digital forensic artifacts, some important and interesting digital evidence was gathered using open-source tools. We were able to find digital evidence such as times that the user initially set up the console, and times when the system was restored or shutdown. We were also able to determine what games and applications had been downloaded along with when the games were played. Finally, through our network forensic experiments, we were able to determine that various applications had different levels of security and that game traffic was encrypted

Aquaculture, fisheries, poverty and food security

Fisheries and aquaculture play important roles in providing food and income in many developing countries, either as a stand-alone activity or in association with crop agriculture and livestock rearing. The aim of this paper is to identify how these contributions of fisheries and aquaculture to poverty reduction and food security can be enhanced while also addressing the need for a sustainability transition in over-exploited and over-capitalized capture fisheries, and for improved environmental performance and distributive justice in a rapidly growing aquaculture sector. The focus of the paper is on the poverty and food security concerns of developing countries, with an emphasis on the least developed. The emphasis is on food security rather than poverty reduction policies and strategies, although the two are of course related. The food security agenda is very much to the fore at present; fish prices rose along with other food prices in 2007-8 and as fish provide important nutritional benefits to the poor, food security has become a primary concern for sector policy

Voices from the Source: Struggles with Local Water Security in Ethiopia

This report explores local water security in two different sites in Ethiopia, Shinile and Konso. This issue cannot be reduced to a single diagnostic such as measures of water use or presence of an improved source. The pressures of water security on livelihoods and household-level responses are discussed and local and national government responses are examined