Collaborative Application Security Testing for DevSecOps: An Empirical Analysis of Challenges, Best Practices and Tool Support

DevSecOps is a software development paradigm that places a high emphasis on the culture of collaboration between developers (Dev), security (Sec) and operations (Ops) teams to deliver secure software continuously and rapidly. Adopting this paradigm effectively, therefore, requires an understanding of the challenges, best practices and available solutions for collaboration among these functional teams. However, collaborative aspects related to these teams have received very little empirical attention in the DevSecOps literature. Hence, we present a study focusing on a key security activity, Application Security Testing (AST), in which practitioners face difficulties performing collaborative work in a DevSecOps environment. Our study made novel use of 48 systematically selected webinars, technical talks and panel discussions as a data source to qualitatively analyse software practitioner discussions on the most recent trends and emerging solutions in this highly evolving field. We find that the lack of features that facilitate collaboration built into the AST tools themselves is a key tool-related challenge in DevSecOps. In addition, the lack of clarity related to role definitions, shared goals, and ownership also hinders Collaborative AST (CoAST). We also captured a range of best practices for collaboration (e.g., Shift-left security), emerging communication methods (e.g., ChatOps), and new team structures (e.g., hybrid teams) for CoAST. Finally, our study identified several requirements for new tool features and specific gap areas for future research to provide better support for CoAST in DevSecOps.Comment: Submitted to the Empirical Software Engineering journal_v

Lacosamide add-on therapy for focal epilepsy

BACKGROUND: This is an updated version of the Cochrane review published in 2015. Around half of people with epilepsy will not achieve seizure freedom on their first antiepileptic drug; many will require add‐on therapy. Around a third of people fail to achieve complete seizure freedom despite multiple antiepileptic drugs. Lacosamide has been licenced as an add‐on therapy for drug‐resistant focal epilepsy. OBJECTIVES: To evaluate the efficacy and tolerability of lacosamide as an add‐on therapy for children and adults with drug‐resistant focal epilepsy. SEARCH METHODS: We searched the following databases (22 August 2019): the Cochrane Register of Studies (CRS Web), including the Cochrane Epilepsy Group Specialized Register and the Cochrane Central Register of Controlled Trials (CENTRAL), MEDLINE (Ovid, 1946 to 20 August 2019), ClinicalTrials.gov, and the WHO International Clinical Trials Registry Platform (ICTRP), with no language restrictions. We contacted UCB Pharma (sponsors of lacosamide). SELECTION CRITERIA: Randomised controlled trials of add‐on lacosamide in people with drug‐resistant focal epilepsy. DATA COLLECTION AND ANALYSIS: We used standard Cochrane methodology, assessing the following outcomes: 50% or greater reduction in seizure frequency; seizure freedom; treatment withdrawal; adverse events; quality of life; and cognitive changes. The primary analyses were intention‐to‐treat. We estimated summary risk ratios (RR) for each outcome presented with 99% confidence intervals (CI), except for 50% or greater seizure reduction, seizure freedom and treatment withdrawal which were presented with 95% CIs. We performed subgroup analyses according to lacosamide dose and sensitivity analyses according to population age, whereby data from children were excluded from the meta‐analysis. MAIN RESULTS: We included five trials (2199 participants). The risk of bias for all studies was low to unclear. All studies were placebo‐controlled and assessed doses from 200 mg to 600 mg per day. One study evaluated lacosamide in children; all other studies were in adults. Trial duration ranged from 24 to 26 weeks. All studies used adequate methods of randomisation and were double‐blind. Overall, the certainty of the evidence for the outcomes was judged as moderate to high, with the exception of seizure freedom which was low. The RR for a 50% or greater reduction in seizure frequency for all doses of lacosamide compared with placebo was 1.79 (95% CI 1.55 to 2.08; 5 studies; 2199 participants; high‐certainty evidence). The RR for seizure freedom for all doses of lacosamide compared with placebo was 2.27 (95% CI 1.35 to 3.83; 5 studies; 2199 participants; low‐certainty evidence). The RR for treatment withdrawal for all doses of lacosamide compared with placebo was 1.57 (95% CI 1.24 to 1.98; 5 studies; 2199 participants; moderate‐certainty evidence). The estimated effect size for most outcomes did not change considerably following sensitivity analysis. For seizure freedom, however, the RR nearly doubled upon the exclusion of data from children (RR 4.04, 95% CI 1.52 to 10.73). Adverse events associated with lacosamide included: abnormal co‐ordination (RR 6.12, 99% CI 1.35 to 27.77), blurred vision (RR 4.65, 99% CI 1.24 to 17.37), diplopia (RR 5.59, 99% CI 2.27 to 13.79), dizziness (RR 2.96, 99% CI 2.09 to 4.20), nausea (RR 2.35, 99% CI 1.37 to 4.02), somnolence (RR 2.04, 99% CI 1.22 to 3.41), vomiting (RR 2.94, 99% CI 1.54 to 5.64), and number of participants experiencing one or more adverse events (RR 1.12, 99% CI 1.01 to 1.24). Adverse events that were not significant were: vertigo (RR 3.71, 99% CI 0.86 to 15.95), rash (RR 0.58, 99% CI 0.17 to 1.89), nasopharyngitis (RR 1.41, 99% CI 0.87 to 2.28), headache (RR 1.34, 99% CI 0.90 to 1.98), fatigue (RR 2.11, 99% CI 0.92 to 4.85), nystagmus (RR 1.47, 99% CI 0.61 to 3.52), and upper respiratory tract infection (RR 0.70, 99% CI 0.43 to 1.15). AUTHORS' CONCLUSIONS: Lacosamide is effective and well‐tolerated in the short term when used as add‐on treatment for drug‐resistant focal epilepsy. Lacosamide increases the number of people with 50% or greater reduction in seizure frequency and may increase seizure freedom, compared to placebo. Higher doses of lacosamide may be associated with higher rates of adverse events and treatment withdrawal. Additional evidence is required assessing the use of lacosamide in children and on longer‐term efficacy and tolerability

Acute seizure risk in patients with encephalitis: development and validation of clinical prediction models from two independent prospective multicentre cohorts

ObjectiveIn patients with encephalitis, the development of acute symptomatic seizures is highly variable, but when present is associated with a worse outcome. We aimed to determine the factors associated with seizures in encephalitis and develop a clinical prediction model.MethodsWe analysed 203 patients from 24 English hospitals (2005–2008) (Cohort 1). Outcome measures were seizures prior to and during admission, inpatient seizures and status epilepticus. A binary logistic regression risk model was converted to a clinical score and independently validated on an additional 233 patients from 31 UK hospitals (2013–2016) (Cohort 2).ResultsIn Cohort 1, 121 (60%) patients had a seizure including 103 (51%) with inpatient seizures. Admission Glasgow Coma Scale (GCS) ≤8/15 was predictive of subsequent inpatient seizures (OR (95% CI) 5.55 (2.10 to 14.64), p&lt;0.001), including in those without a history of prior seizures at presentation (OR 6.57 (95% CI 1.37 to 31.5), p=0.025).A clinical model of overall seizure risk identified admission GCS along with aetiology (autoantibody-associated OR 11.99 (95% CI 2.09 to 68.86) and Herpes simplex virus 3.58 (95% CI 1.06 to 12.12)) (area under receiver operating characteristics curve (AUROC) =0.75 (95% CI 0.701 to 0.848), p&lt;0.001). The same model was externally validated in Cohort 2 (AUROC=0.744 (95% CI 0.677 to 0.811), p&lt;0.001). A clinical scoring system for stratifying inpatient seizure risk by decile demonstrated good discrimination using variables available on admission; age, GCS and fever (AUROC=0.716 (95% CI 0.634 to 0.798), p&lt;0.001) and once probable aetiology established (AUROC=0.761 (95% CI 0.6840.839), p&lt;0.001).ConclusionAge, GCS, fever and aetiology can effectively stratify acute seizure risk in patients with encephalitis. These findings can support the development of targeted interventions and aid clinical trial design for antiseizure medication prophylaxis.</jats:sec

Challenges and solutions when adopting DevSecOps : A systematic review

Context: DevOps (Development and Operations) has become one of the fastest-growing software development paradigms in the industry. However, this trend has presented the challenge of ensuring secure software delivery while maintaining the agility of DevOps. The efforts to integrate security in DevOps have resulted in the DevSecOps paradigm, which is gaining significant interest from both industry and academia. However, the adoption of DevSecOps in practice is proving to be a challenge. Objective: This study aims to systemize the knowledge about the challenges faced by practitioners when adopting DevSecOps and the proposed solutions reported in the literature. We also aim to identify the areas that need further research in the future. Method: We conducted a Systematic Literature Review of 54 peer-reviewed studies. The thematic analysis method was applied to analyze the extracted data. Results: We identified 21 challenges related to adopting DevSecOps, 31 specific solutions, and the mapping between these findings. We also determined key gap areas in this domain by holistically evaluating the available solutions against the challenges. The results of the study were classified into four themes: People, Practices, Tools, and Infrastructure. Our findings demonstrate that tool-related challenges and solutions were the most frequently reported, driven by the need for automation in this paradigm. Shift-left security and continuous security assessment were two key practices recommended for DevSecOps. People-related factors were considered critical for successful DevSecOps adoption but less studied. Conclusions: We highlight the need for developer-centered application security testing tools that target the continuous practices in DevSecOps. More research is needed on how the traditionally manual security practices can be automated to suit rapid software deployment cycles. Finally, achieving a suitable balance between the speed of delivery and security is a significant issue practitioners face in the DevSecOps paradigm

Identification of Potential HCV Inhibitors Based on the Interaction of Epigallocatechin-3-Gallate with Viral Envelope Proteins

Hepatitis C is affecting millions of people around the globe annually, which leads to death in very high numbers. After many years of research, hepatitis C virus (HCV) remains a serious threat to the human population and needs proper management. The in silico approach in the drug discovery process is an efficient method in identifying inhibitors for various diseases. In our study, the interaction between Epigallocatechin-3-gallate, a component of green tea, and envelope glycoprotein E2 of HCV is evaluated. Epigallocatechin-3-gallate is the most promising polyphenol approved through cell culture analysis that can inhibit the entry of HCV. Therefore, various in silico techniques have been employed to find out other potential inhibitors that can behave as EGCG. Thus, the homology modelling of E2 protein was performed. The potential lead molecules were predicted using ligand-based as well as structure-based virtual screening methods. The compounds obtained were then screened through PyRx. The drugs obtained were ranked based on their binding affinities. Furthermore, the docking of the topmost drugs was performed by AutoDock Vina, while its 2D interactions were plotted in LigPlot+. The lead compound mms02387687 (2-[[5-[(4-ethylphenoxy) methyl]-4-prop-2-enyl-1,2,4-triazol-3-yl] sulfanyl]-N-[3(trifluoromethyl) phenyl] acetamide) was ranked on top, and we believe it can serve as a drug against HCV in the future, owing to experimental validation

Genome-Wide Identification, Genomic Organization, and Characterization of Potassium Transport-Related Genes in <i>Cajanus cajan</i> and Their Role in Abiotic Stress

Potassium is the most important and abundant inorganic cation in plants and it can comprise up to 10% of a plant’s dry weight. Plants possess complex systems of transporters and channels for the transport of K+ from soil to numerous parts of plants. Cajanus cajan is cultivated in different regions of the world as an economical source of carbohydrates, fiber, proteins, and fodder for animals. In the current study, 39 K+ transport genes were identified in C. cajan, including 25 K+ transporters (17 carrier-like K+ transporters (KUP/HAK/KTs), 2 high-affinity potassium transporters (HKTs), and 6 K+ efflux transporters (KEAs) and 14 K+ channels (9 shakers and 5 tandem-pore K+ channels (TPKs). Chromosomal mapping indicated that these genes were randomly distributed among 10 chromosomes. A comparative phylogenetic analysis including protein sequences from Glycine max, Arabidopsis thaliana, Oryza sativa, Medicago truncatula Cicer arietinum, and C. cajan suggested vital conservation of K+ transport genes. Gene structure analysis showed that the intron/exon organization of K+ transporter and channel genes is highly conserved in a family-specific manner. In the promoter region, many cis-regulatory elements were identified related to abiotic stress, suggesting their role in abiotic stress response. Abiotic stresses (salt, heat, and drought) adversely affect chlorophyll, carotenoids contents, and total soluble proteins. Furthermore, the activities of catalase, superoxide, and peroxidase were altered in C. cajan leaves under applied stresses. Expression analysis (RNA-seq data and quantitative real-time PCR) revealed that several K+ transport genes were expressed in abiotic stress-responsive manners. The present study provides an in-depth understanding of K+ transport system genes in C. cajan and serves as a basis for further characterization of these genes

Genome-Wide Identification, Genomic Organization, and Characterization of Potassium Transport-Related Genes in Cajanus cajan and Their Role in Abiotic Stress

Potassium is the most important and abundant inorganic cation in plants and it can comprise up to 10% of a plant’s dry weight. Plants possess complex systems of transporters and channels for the transport of K+ from soil to numerous parts of plants. Cajanus cajan is cultivated in different regions of the world as an economical source of carbohydrates, fiber, proteins, and fodder for animals. In the current study, 39 K+ transport genes were identified in C. cajan, including 25 K+ transporters (17 carrier-like K+ transporters (KUP/HAK/KTs), 2 high-affinity potassium transporters (HKTs), and 6 K+ efflux transporters (KEAs) and 14 K+ channels (9 shakers and 5 tandem-pore K+ channels (TPKs). Chromosomal mapping indicated that these genes were randomly distributed among 10 chromosomes. A comparative phylogenetic analysis including protein sequences from Glycine max, Arabidopsis thaliana, Oryza sativa, Medicago truncatula Cicer arietinum, and C. cajan suggested vital conservation of K+ transport genes. Gene structure analysis showed that the intron/exon organization of K+ transporter and channel genes is highly conserved in a family-specific manner. In the promoter region, many cis-regulatory elements were identified related to abiotic stress, suggesting their role in abiotic stress response. Abiotic stresses (salt, heat, and drought) adversely affect chlorophyll, carotenoids contents, and total soluble proteins. Furthermore, the activities of catalase, superoxide, and peroxidase were altered in C. cajan leaves under applied stresses. Expression analysis (RNA-seq data and quantitative real-time PCR) revealed that several K+ transport genes were expressed in abiotic stress-responsive manners. The present study provides an in-depth understanding of K+ transport system genes in C. cajan and serves as a basis for further characterization of these genes