pyfMRIqc: a software package for raw fMRI data quality assurance

pyfMRIqc is a tool for checking the quality of raw functional magnetic resonance imaging (fMRI) data. pyfMRIqc produces a range of output files which can be used to identify fMRI data quality issues such as artefacts, motion, signal loss etc. This tool creates a number of 3D and 4D NIFTI files that can be used for in depth quality assurance. Additionally, 2D images are created for each NIFTI file for a quick overview. These images and other information (e.g. about signal-to-noise ratio, scan parameters, etc.) are combined in a user-friendly HTML output file. pyfMRIqc is written entirely in Python and is available under a GNU GPL3 license on GitHub (https://drmichaellindner.github.io/pyfMRIqc/). pyfMRIqc can be used from the command line and therefore can be included as part of a processing pipeline or used to quality-check a series of datasets using batch scripting. The quality assurance of a single dataset can also be performed via dialog boxes

Crime scripting: A systematic review

The file attached to this record is the author's final peer reviewed version.More than two decades after the publication of Cornish’s seminal work about the script-theoretic approach to crime analysis, this article examines how the concept has been applied in our community. The study provides evidence confirming that the approach is increasingly popular; and takes stock of crime scripting practices through a systematic review of over one hundred scripts published between 1994 and 2018. The results offer the first comprehensive picture of this approach, and highlights new directions for those interested in using data from cyber-systems and the Internet of Things to develop effective situational crime prevention measures

Deviant: A Mutation Testing Tool for Solidity Smart Contracts

Blockchain in recent years has exploded in popularity with Ethereum being one of the leading blockchain platforms. Solidity is a widely used scripting language for creating smart contracts in Ethereum applications. Quality assurance in Solidity contracts is of critical importance because bugs or vulnerabilities can lead to a considerable loss of financial assets. However, it is unclear what level of quality assurance is provided in many of these applications. Mutation testing is the process of intentionally injecting faults into a target program and then running the provided test suite against the various injected faults. Mutation testing is used to evaluate the effectiveness of a test suite, measuring the test suite’s capability of covering certain types of faults. This thesis presents Deviant, the first implementation of a mutation testing tool for Solidity smart contracts. Deviant implements mutation operators that cover the unique features of Solidity according to our constructed fault model, in addition to traditional mutation operators that exist for other programming languages. Deviant has been applied to five open-source Solidity projects: MetaCoin [30], MultiSigWallet [31], Alice [29], aragonOS [32], and OpenZeppelin [33]. Experimental results show that the provided test suites result in low mutation scores. These results indicate that the provided tests cannot ensure high-level assurance of code quality. Such evaluation results offer important guidelines for Solidity developers to implement more effective tests in order to deliver trustworthy code and reduce the risk of financial loss

SIT automation tool: failure use case automation and diagnosis

Study of systems to manage the performance and quality of service of wireless data networks. Work with optimization techniques and project management to solve complex networks issues.The scope of this thesis is the SIT (System Integration Testing) process which is the testing procedure executed in customer test environment before the software goes on production environment. The main objective for this thesis is no other than improving the current process step by step taking into account the automation, efficiency, missing checks and much more. This project is a kind of Industrial process to create a powerful testing tool which can allow the company to deliver quality adaptor products efficiently, do better in less time helping to reduce costs, as Adaptors are the most demanded product of MYCOM OSI portfolio. Take into account that business is not only generated when an Adaptor is delivered for first time but also when Vendors provide with new releases and new functionalities and operators needs to order an upgrade of the Adaptor to be able to monitor the new functionalities deployed on their network.El campo de aplicación en el que está centrado esta tesis es el SIT (System Integration Testing), proceso de testeo ejecutado en un servidor de testeo del cliente antes de desplegar el software el medio de producción. El objetivo principal de esta tesis no es otro que mejorar el proceso actual paso a paso teniendo en cuenta la automatización, eficiencia, la falta de verificaciones, entre otros. Este proyecto es una especie de proceso industrial para crear una aplicación potente de testeo que pueda permitir a la compañía entregar adaptadores de calidad con eficiencia, que hagan más en menos tiempo ayudando así a reducir costes. Los adaptadores son el producto más demandado del porfolio de MYCOM OSI. Hay que tener en cuenta que el negocio no se genera solamente cuando se entrega por primera vez el adaptador al cliente, sino que cuando los proveedores lanzan nuevas versiones con nuevas funcionalidades y los operadores necesitan encargar una mejora del adaptador para poder monitorizar las nuevas funcionalidades desplegadas en su red.El camp d'aplicació en que es basa aquesta tesi és el SIT (System Integration Testing), procés de testeig executat en un servidor de testeig del client abans de desplegar el software al mitjà de producció. L'objectiu principal d'aquesta tesi no és un altre que millorar el procés actual pas a pas tenint en compte l'automatització, l'eficiència, la falta de verificacions, d'entre altres. Aquest projecte és una mena de procés industrial per crear una aplicació potent de testeig que pugui permetre a la companyia lliurar adaptadors de qualitat amb eficiència, que facin més en menys temps ajudant així a reduir costos. Els adaptadors són el producte més demandat del porfolio de MYCOM OSI. Cal tenir en compte que el negoci no només es genera quan es lliura per primera vegada l'adaptador al client, sinó que quan els proveïdors llancen noves versions amb noves funcionalitats i els operadors necessiten encarregar una millora de l'adaptador per poder monitoritzar les noves funcionalitats desplegades a la seva xarxa

Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)

There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software