The State of Practice for Security Unit Testing: Towards Data Driven Strategies to Shift Security into Developer\u27s Automated Testing Workflows

The pressing need to “shift security left” in the software development lifecycle has motivated efforts to adapt the iterative and continuous process models used in practice today. Security unit testing is praised by practitioners and recommended by expert groups, usually in the context of DevSecOps and achieving “continuous security”. In addition to vulnerability testing and standards adherence, this technique can help developers verify that security controls are implemented correctly, i.e. functional security testing. Further, the means by which security unit testing can be integrated into developer workflows is unique from other standalone tools as it is an adaptation of practices and infrastructure developers are already familiar with. Yet, software engineering researchers have so far failed to include this technique in their empirical studies on secure development and little is known about the state of practice for security unit testing. This dissertation is motivated by the disconnect between promotion of security unit testing and the lack of empirical evidence on how it is and can be applied. The goal of this work was to address the disconnect towards identifying actionable strategies to promote wider adoption and mitigate observed challenges. Three mixed-method empirical studies were conducted wherein practitioner-authored unit test code, Q&A posts, and grey literature were analyzed through three lenses: Practices (what they do), Perspectives and Guidelines (what and how they think it should be done), and Pain Points (what challenges they face) to incorporate both technical and human factors of this phenomena. Accordingly, this work contributes novel and important insights into how developers write functional unit tests for at least nine security controls, including a taxonomy of 53 authentication unit test cases derived from real code and a detailed analysis of seven unique pain points that developers seek help with from peers on Q&A sites. Recommendations given herein for conducting and adopting security unit testing, including mitigating challenges and addressing gaps between available and needed support, are grounded in the guidelines and perspectives on the benefits, limitations, use cases, and integration strategies shared in grey literature authored by practitioners

Hot topics, urgent priorities, and ensuring success for racial/ethnic minority young investigators in academic pediatrics.

BackgroundThe number of racial/ethnic minority children will exceed the number of white children in the USA by 2018. Although 38% of Americans are minorities, only 12% of pediatricians, 5% of medical-school faculty, and 3% of medical-school professors are minorities. Furthermore, only 5% of all R01 applications for National Institutes of Health grants are from African-American, Latino, and American Indian investigators. Prompted by the persistent lack of diversity in the pediatric and biomedical research workforces, the Academic Pediatric Association Research in Academic Pediatrics Initiative on Diversity (RAPID) was initiated in 2012. RAPID targets applicants who are members of an underrepresented minority group (URM), disabled, or from a socially, culturally, economically, or educationally disadvantaged background. The program, which consists of both a research project and career and leadership development activities, includes an annual career-development and leadership conference which is open to any resident, fellow, or junior faculty member from an URM, disabled, or disadvantaged background who is interested in a career in academic general pediatrics.MethodsAs part of the annual RAPID conference, a Hot Topic Session is held in which the young investigators spend several hours developing a list of hot topics on the most useful faculty and career-development issues. These hot topics are then posed in the form of six "burning questions" to the RAPID National Advisory Committee (comprised of accomplished, nationally recognized senior investigators who are seasoned mentors), the RAPID Director and Co-Director, and the keynote speaker.Results/conclusionsThe six compelling questions posed by the 10 young investigators-along with the responses of the senior conference leadership-provide a unique resource and "survival guide" for ensuring the academic success and optimal career development of young investigators in academic pediatrics from diverse backgrounds. A rich conversation ensued on the topics addressed, consisting of negotiating for protected research time, career trajectories as academic institutions move away from an emphasis on tenure-track positions, how "non-academic" products fit into career development, racism and discrimination in academic medicine and how to address them, coping with isolation as a minority faculty member, and how best to mentor the next generation of academic physicians

Assessing the carcinogenic potential of low-dose exposures to chemical mixtures in the environment: the challenge ahead.

Lifestyle factors are responsible for a considerable portion of cancer incidence worldwide, but credible estimates from the World Health Organization and the International Agency for Research on Cancer (IARC) suggest that the fraction of cancers attributable to toxic environmental exposures is between 7% and 19%. To explore the hypothesis that low-dose exposures to mixtures of chemicals in the environment may be combining to contribute to environmental carcinogenesis, we reviewed 11 hallmark phenotypes of cancer, multiple priority target sites for disruption in each area and prototypical chemical disruptors for all targets, this included dose-response characterizations, evidence of low-dose effects and cross-hallmark effects for all targets and chemicals. In total, 85 examples of chemicals were reviewed for actions on key pathways/mechanisms related to carcinogenesis. Only 15% (13/85) were found to have evidence of a dose-response threshold, whereas 59% (50/85) exerted low-dose effects. No dose-response information was found for the remaining 26% (22/85). Our analysis suggests that the cumulative effects of individual (non-carcinogenic) chemicals acting on different pathways, and a variety of related systems, organs, tissues and cells could plausibly conspire to produce carcinogenic synergies. Additional basic research on carcinogenesis and research focused on low-dose effects of chemical mixtures needs to be rigorously pursued before the merits of this hypothesis can be further advanced. However, the structure of the World Health Organization International Programme on Chemical Safety 'Mode of Action' framework should be revisited as it has inherent weaknesses that are not fully aligned with our current understanding of cancer biology

Global Functional Analyses of Cellular Responses to Pore-Forming Toxins

Here we present the first global functional analysis of cellular responses to pore-forming toxins (PFTs). PFTs are uniquely important bacterial virulence factors, comprising the single largest class of bacterial protein toxins and being important for the pathogenesis in humans of many Gram positive and Gram negative bacteria. Their mode of action is deceptively simple, poking holes in the plasma membrane of cells. The scattered studies to date of PFT-host cell interactions indicate a handful of genes are involved in cellular defenses to PFTs. How many genes are involved in cellular defenses against PFTs and how cellular defenses are coordinated are unknown. To address these questions, we performed the first genome-wide RNA interference (RNAi) screen for genes that, when knocked down, result in hypersensitivity to a PFT. This screen identifies 106 genes (∼0.5% of genome) in seven functional groups that protect Caenorhabditis elegans from PFT attack. Interactome analyses of these 106 genes suggest that two previously identified mitogen-activated protein kinase (MAPK) pathways, one (p38) studied in detail and the other (JNK) not, form a core PFT defense network. Additional microarray, real-time PCR, and functional studies reveal that the JNK MAPK pathway, but not the p38 MAPK pathway, is a key central regulator of PFT-induced transcriptional and functional responses. We find C. elegans activator protein 1 (AP-1; c-jun, c-fos) is a downstream target of the JNK-mediated PFT protection pathway, protects C. elegans against both small-pore and large-pore PFTs and protects human cells against a large-pore PFT. This in vivo RNAi genomic study of PFT responses proves that cellular commitment to PFT defenses is enormous, demonstrates the JNK MAPK pathway as a key regulator of transcriptionally-induced PFT defenses, and identifies AP-1 as the first cellular component broadly important for defense against large- and small-pore PFTs

Sloan Digital Sky Survey IV: mapping the Milky Way, nearby galaxies, and the distant universe

We describe the Sloan Digital Sky Survey IV (SDSS-IV), a project encompassing three major spectroscopic programs. The Apache Point Observatory Galactic Evolution Experiment 2 (APOGEE-2) is observing hundreds of thousands of Milky Way stars at high resolution and high signal-to-noise ratios in the near-infrared. The Mapping Nearby Galaxies at Apache Point Observatory (MaNGA) survey is obtaining spatially resolved spectroscopy for thousands of nearby galaxies (median ). The extended Baryon Oscillation Spectroscopic Survey (eBOSS) is mapping the galaxy, quasar, and neutral gas distributions between and 3.5 to constrain cosmology using baryon acoustic oscillations, redshift space distortions, and the shape of the power spectrum. Within eBOSS, we are conducting two major subprograms: the SPectroscopic IDentification of eROSITA Sources (SPIDERS), investigating X-ray AGNs and galaxies in X-ray clusters, and the Time Domain Spectroscopic Survey (TDSS), obtaining spectra of variable sources. All programs use the 2.5 m Sloan Foundation Telescope at the Apache Point Observatory; observations there began in Summer 2014. APOGEE-2 also operates a second near-infrared spectrograph at the 2.5 m du Pont Telescope at Las Campanas Observatory, with observations beginning in early 2017. Observations at both facilities are scheduled to continue through 2020. In keeping with previous SDSS policy, SDSS-IV provides regularly scheduled public data releases; the first one, Data Release 13, was made available in 2016 July

Sloan Digital Sky Survey IV: Mapping the Milky Way, Nearby Galaxies, and the Distant Universe

We describe the Sloan Digital Sky Survey IV (SDSS-IV), a project encompassing three major spectroscopic programs. The Apache Point Observatory Galactic Evolution Experiment 2 (APOGEE-2) is observing hundreds of thousands of Milky Way stars at high resolution and high signal-to-noise ratios in the near-infrared. The Mapping Nearby Galaxies at Apache Point Observatory (MaNGA) survey is obtaining spatially resolved spectroscopy for thousands of nearby galaxies (median $z\sim 0.03$). The extended Baryon Oscillation Spectroscopic Survey (eBOSS) is mapping the galaxy, quasar, and neutral gas distributions between $z\sim 0.6$ and 3.5 to constrain cosmology using baryon acoustic oscillations, redshift space distortions, and the shape of the power spectrum. Within eBOSS, we are conducting two major subprograms: the SPectroscopic IDentification of eROSITA Sources (SPIDERS), investigating X-ray AGNs and galaxies in X-ray clusters, and the Time Domain Spectroscopic Survey (TDSS), obtaining spectra of variable sources. All programs use the 2.5 m Sloan Foundation Telescope at the Apache Point Observatory; observations there began in Summer 2014. APOGEE-2 also operates a second near-infrared spectrograph at the 2.5 m du Pont Telescope at Las Campanas Observatory, with observations beginning in early 2017. Observations at both facilities are scheduled to continue through 2020. In keeping with previous SDSS policy, SDSS-IV provides regularly scheduled public data releases; the first one, Data Release 13, was made available in 2016 July

Sloan Digital Sky Survey IV : mapping the Milky Way, nearby galaxies, and the distant universe

We describe the Sloan Digital Sky Survey IV (SDSS-IV), a project encompassing three major spectroscopic programs. The Apache Point Observatory Galactic Evolution Experiment 2 (APOGEE-2) is observing hundreds of thousands of Milky Way stars at high resolution and high signal-to-noise ratios in the near-infrared. The Mapping Nearby Galaxies at Apache Point Observatory (MaNGA) survey is obtaining spatially resolved spectroscopy for thousands of nearby galaxies (median z ~ 0.03). The extended Baryon Oscillation Spectroscopic Survey (eBOSS) is mapping the galaxy, quasar, and neutral gas distributions between z ~ 0.6 and 3.5 to constrain cosmology using baryon acoustic oscillations, redshift space distortions, and the shape of the power spectrum. Within eBOSS, we are conducting two major subprograms: the SPectroscopic IDentification of eROSITA Sources (SPIDERS), investigating X-ray AGNs and galaxies in X-ray clusters, and the Time Domain Spectroscopic Survey (TDSS), obtaining spectra of variable sources. All programs use the 2.5 m Sloan Foundation Telescope at the Apache Point Observatory; observations there began in Summer 2014. APOGEE-2 also operates a second near-infrared spectrograph at the 2.5 m du Pont Telescope at Las Campanas Observatory, with observations beginning in early 2017. Observations at both facilities are scheduled to continue through 2020. In keeping with previous SDSS policy, SDSS-IV provides regularly scheduled public data releases; the first one, Data Release 13, was made available in 2016 July

Sloan Digital Sky Survey IV: Mapping the Milky Way, Nearby Galaxies, and the Distant Universe

We describe the Sloan Digital Sky Survey IV (SDSS-IV), a project encompassing three major spectroscopic programs. The Apache Point Observatory Galactic Evolution Experiment 2 (APOGEE-2) is observing hundreds of thousands of Milky Way stars at high resolution and high signal-to-noise ratio in the near-infrared. The Mapping Nearby Galaxies at Apache Point Observatory (MaNGA) survey is obtaining spatially-resolved spectroscopy for thousands of nearby galaxies (median redshift of z = 0.03). The extended Baryon Oscillation Spectroscopic Survey (eBOSS) is mapping the galaxy, quasar, and neutral gas distributions between redshifts z = 0.6 and 3.5 to constrain cosmology using baryon acoustic oscillations, redshift space distortions, and the shape of the power spectrum. Within eBOSS, we are conducting two major subprograms: the SPectroscopic IDentification of eROSITA Sources (SPIDERS), investigating X-ray AGN and galaxies in X-ray clusters, and the Time Domain Spectroscopic Survey (TDSS), obtaining spectra of variable sources. All programs use the 2.5-meter Sloan Foundation Telescope at Apache Point Observatory; observations there began in Summer 2014. APOGEE-2 also operates a second near-infrared spectrograph at the 2.5-meter du Pont Telescope at Las Campanas Observatory, with observations beginning in early 2017. Observations at both facilities are scheduled to continue through 2020. In keeping with previous SDSS policy, SDSS-IV provides regularly scheduled public data releases; the first one, Data Release 13, was made available in July 2016

Post-intervention Status in Patients With Refractory Myasthenia Gravis Treated With Eculizumab During REGAIN and Its Open-Label Extension

OBJECTIVE: To evaluate whether eculizumab helps patients with anti-acetylcholine receptor-positive (AChR+) refractory generalized myasthenia gravis (gMG) achieve the Myasthenia Gravis Foundation of America (MGFA) post-intervention status of minimal manifestations (MM), we assessed patients' status throughout REGAIN (Safety and Efficacy of Eculizumab in AChR+ Refractory Generalized Myasthenia Gravis) and its open-label extension. METHODS: Patients who completed the REGAIN randomized controlled trial and continued into the open-label extension were included in this tertiary endpoint analysis. Patients were assessed for the MGFA post-intervention status of improved, unchanged, worse, MM, and pharmacologic remission at defined time points during REGAIN and through week 130 of the open-label study. RESULTS: A total of 117 patients completed REGAIN and continued into the open-label study (eculizumab/eculizumab: 56; placebo/eculizumab: 61). At week 26 of REGAIN, more eculizumab-treated patients than placebo-treated patients achieved a status of improved (60.7% vs 41.7%) or MM (25.0% vs 13.3%; common OR: 2.3; 95% CI: 1.1-4.5). After 130 weeks of eculizumab treatment, 88.0% of patients achieved improved status and 57.3% of patients achieved MM status. The safety profile of eculizumab was consistent with its known profile and no new safety signals were detected. CONCLUSION: Eculizumab led to rapid and sustained achievement of MM in patients with AChR+ refractory gMG. These findings support the use of eculizumab in this previously difficult-to-treat patient population. CLINICALTRIALSGOV IDENTIFIER: REGAIN, NCT01997229; REGAIN open-label extension, NCT02301624. CLASSIFICATION OF EVIDENCE: This study provides Class II evidence that, after 26 weeks of eculizumab treatment, 25.0% of adults with AChR+ refractory gMG achieved MM, compared with 13.3% who received placebo

Minimal Symptom Expression' in Patients With Acetylcholine Receptor Antibody-Positive Refractory Generalized Myasthenia Gravis Treated With Eculizumab

The efficacy and tolerability of eculizumab were assessed in REGAIN, a 26-week, phase 3, randomized, double-blind, placebo-controlled study in anti-acetylcholine receptor antibody-positive (AChR+) refractory generalized myasthenia gravis (gMG), and its open-label extension