Global perspectives on legacy systems

Summarises findings of two international workshops on legacy systems, held in conjunction with an EPSRC managed programme. Issues covered include the nature and dynamics of legacy systems, the co-evolution of software and organisations, issues around software as a technology (its engineering and its management), and organisational/people issues

Strategic Review of Tropical Fisheries Management

This project addresses the constraints to tropical fisheries development with sustainable exploitation through a strategic assessment of tropical fisheries management with the following purposes: (1) To evaluate relevant research methods for the development of assessment models appropriate to the circumstances of tropical coastal fisheries; and (2) To evaluate the utility of existing strategies for the implementation of management advice. The report consists of three substantive chapters. Chapter 2 contains a detailed socio-economic assessment of various instruments and implementation strategies applicable to tropical capture fisheries. In Chapter 3, a detailed assessment of the fisheries for tropical large marine ecosystems has been conducted using a technique developed by FAO (Granger & Garcia 1996). The data used were the FAO statistics published regularly by FAO. This analysis has been conducted for each of the tropical large marine ecosystems and indicates that there is the potential for increased fishing in a number of these ecosystems. One of the clear requirements identified in Chapter 2 and implicit in Chapter 3, is that there is a significant need for simple and robust fisheries assessment methods which can estimate the potential of a particular resource, its capacity in terms of the level of fishing effort and its current status ie whether it is currently exploited sustainably or not. In Chapter 4, these problems are addressed directly and, using two approaches, significant simplification of fishery methods is developed. In the first approach, simple empirical relationships between the life history parameters of a species are used to develop models of potential yield which can be determined by a simple assessment of fish growth. In the second approach, optimal life history theory is applied to the key demographic parameters of exploited fish populations and using estimates of the Beverton & Holt invariants a significant simplifying of the basic stock assessment equations is developed

Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)

There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software