Ipek Ozkaya Named IEEE Software Editor-in-Chief
The IEEE Computer Society has named Ipek Ozkaya, a principal researcher in the SEI’s Software Solutions Division, the next Editor-in-Chief of IEEE Software, a leading bimonthly peer-reviewed journal published by the IEEE Computer Society.
Ozkaya will assume editorial duties in January 2019. Her term will run through December 2021. As editor-in-chief, Ozkaya plans to focus on publishing results that provide practical guidance and help for both established and newcomer software developers and architects.
Ozkaya notes that experienced practitioners face the challenge of staying relevant in a dynamic environment where knowledge-consumption models continually evolve from centralized and controlled to open and collaborative. Also, in government and elsewhere, newcomers to the workforce often lack the skills to make effective use of the complex software-based systems with which they must interact. For all practitioners, Ozkaya plans to work toward the transition of practical research through easily consumable means.
Ozkaya noted that she welcomes the opportunity to work closely with others in the diverse, global, technology-savvy IEEE Software community.
Metcalf Named Co-Editor of New ACM Journal
July 10, 2018—The SEI’s Leigh Metcalf has been named co-editor-in-chief of Digital Threats: Research and Practice (DTRAP), a journal of the Association for Computing Machinery. DTRAP is a peer-reviewed journal that targets the prevention, identification, mitigation, and elimination of digital threats. The journal seeks to promote the foundational development of scientific rigor in digital security by bridging the gap between academic research and industry practice.
DTRAP is the brainchild of Metcalf, who recognized a need for such a publication in the field. “I realized that in cybersecurity there was a distinct lack of communication between researchers and practitioners,” said Metcalf. “I thought a journal would be a good first step to fixing this lack of communication. I also felt this was a perfect publication for the CERT Division to stand up, because we operate at the nexus of research and practice.” Metcalf will share editorial duties with Arun Lakhotia, a professor in the School of Computing and Informatics at the University of Louisiana at Lafayette.
Elaborating on the working gap between researchers and practitioners, Metcalf noted, “It’s a long-standing problem and has many causes, but to do a good job and make a real impact in the field, they have to work together. Good research in this field is informed by real-world problems, and researchers should communicate with those who work on the front line. I think solving this problem involves communication, and we want the journal to facilitate that.”
Metcalf also noted that scientific rigor has been lacking in the area of cybersecurity research, and she hopes DTRAP can help remedy that situation. “It’s actually a well-known problem,” she said. “The NSA offers an award for best scientific paper on security, but no one has created a journal that says ‘Here is where science in cybersecurity is done.’”
Metcalf has been a member of the SEI CERT Division technical staff for eight years. She currently serves as a senior network security research analyst specializing in cybersecurity. Prior to joining the SEI, Metcalf spent more than 10 years in industry working as a systems engineer and architect. She has presented at numerous conferences, including NANOG, MA3WG, FloCon, and the Joint Mathematics Meeting, and she is also the primary author of the book Cybersecurity and Applied Mathematics. Metcalf earned her Ph.D. from Auburn University in mathematics.
DTRAP plans to launch in early 2019 and is currently seeking contributors. To learn more about DTRAP, visit https://dtrap.acm.org/index.cfm.
Leigh Metcalf, PhD, a senior network security research analyst in the CERT Division, has been named co-editor-in-chief of Digital Threats: Research and Practice (DTRAP), a new journal of the Association for Computing Machinery (ACM).
Leigh spearheaded the establishment of this peer-reviewed journal because she recognized a gap in communication between cybersecurity researchers and practitioners. Leigh sees DTRAP as an ideal publication for the CERT Division to stand up, like the SEI overall, it operates at the nexus of research and practice.
DTRAP targets the prevention, identification, mitigation, and elimination of digital threats. The journal seeks to promote the foundational development of scientific rigor in digital security by bridging the gap between academic research and industry practice.
Leigh will share editorial duties with Arun Lakhotia, a professor in the School of Computing and Informatics at University of Louisiana at Lafayette.
DTRAP plans to launch early 2019 and is presently seeking contributors. To learn more about DTRAP, visit https://dtrap.acm.org/index.cfm.
Microservice, Agile, and the Cloud Highlight SATURN 2018
July 3, 2018—The Software Engineering Institute (SEI) hosted its fourteenth annual SEI Architecture Technology User Network (SATURN) Conference May 7 through May 10 in Plano, Texas. Participants in the conference, who represented 74 organizations and 17 countries, shared ideas, insights, and experiences about effective software architecture practices for developing and maintaining software-intensive systems.
The conference opened with three one-day SEI courses on cloud computing, essential microservice architecture, and launching and sustaining Agile architecture. The technical program spanned three days and included keynote addresses by Rebecca Parsons, CTO of ThoughtWorks on The Whys and Hows of Evolutionary Architecture; Ricardo Valerdi, professor at the University of Arizona onVirtual Reality for Concussion Education; and Michael Nygard, Cognitect, Inc. on Uncoupling.
“SATURN attendees care deeply about delivering high-quality software in more efficient ways. The presentations, the hallway conversations, and the discussions every evening were about sharing experiences about what works and what doesn’t work, and working on new ways to deliver better and faster,” said SATURN 2018 Technical Co-chair John Klein.
Technical Co-chair Paulo Merson concurred. “Beyond the knowledge dispensed in the talks, SATURN provides a unique environment for participants to discuss technical challenges they are facing in their organizations,” said Merson. “During ‘office hours,’ breaks, and social events we see participants picking the brains of their peers and speakers.”
This year’s technical program featured more than 40 peer-reviewed talks, training courses, and the Software Architecture Boot Camp sessions presented by SEI staff members. The conference sessions explored a wide range of topics relevant to practicing architects including DevOps, microservices, containers, serverless architectures, legacy systems, agility and architecture, cloud computing, continuous delivery, refactoring, technical debt, architecture evaluation, ethics for architects, and technical leadership. There were also sessions from a stellar set of invited speakers, including Chris Richardson, Eventuate, Inc.; James Lewis, ThoughtWorks; Aroop Pandya, IBM Watson; Vaughn Vernon, for Comprehension Inc.; and independent consultant, Daniel Bryant.
Attendees welcomed the opportunity to network with others in the field while learning about current trends. Transaction management, microservices, and weaving design into Agile development were among the topics generating the greatest buzz. “You have real talent and veteran representation at SATURN,” said one attendee. “I was impressed with the quality of speakers.”
The Linda Northrop Software Architecture Award was also presented at SATURN 2018 to Eoin Woods, chief technology officer of Endava who gave a talk on Software Architecture as Systems Dissolve.
SATURN attendees voted for the best presentation based on three criteria: innovation, usefulness, and quality. This year’s Best Presentation award winners were Eltjo Poort of CGI and Michael Keeling of IBM Watson for their presentation, The Ethical Software Architect. The runner-up award went to Eltjo Poort for his presentation, Shorten Your Architectural Feedback Loop.
Major sponsors of SATURN 2018 included Raytheon, SoftServe, Inc., and Hello2Morrow.
SATURN 2019 will take place May 6-9, 2019, in Pittsburgh, Pennsylvania.
For more information about SATURN 2018, to download conference presentations, or watch videos, please visit the SATURN 2018 website.
New SiLK Analysis Suite Release Available for Download
June 25, 2018—The SEI’s CERT Division has released a new major version (3.17.0) of the System for Internet-Level Knowledge (SiLK) traffic analysis suite. SiLK is a collection of tools designed to facilitate security analysis of large networks. The SiLK tool suite supports the efficient collection, storage, and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets. SiLK is capable of analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized Internet service provider.
“This release addresses a number of software fixes and compatibility issues,” noted Tony Cebzanov, software engineer on the CERT Security Automation Team. “It also provides analysts a number of new capabilities, several of which were requested by SiLK users.”
Highlights of the new release include the following:
New analysis options. The rwaggbagtool command now supports filtering rows from an aggregate bag file when a field’s value is below or above a designated value or when an IP address field is absent or present in an IPset file. This capability allows analysts to examine flow data in new ways. For instance, analysts can examine which IP address their networks are getting the most traffic from using any flow field as the key. The feature also supports set operations.
Compatible country codes. The rwgeoip2ccmap tool now supports MaxMind’s GeoIP2 and GeoLite2 formats. The CSV versions of these formats are included in SiLK. This change aligns SiLK with current country code standards.
Improved timestamp fidelity. The rwuniq and rwstats tools now support millisecond timestamps when a fractional time is specified with the --bin-time switch. This feature enables analysts to aggregate results by fractions of a second.
Default IPv4 format. When the rwsetcat tool prints an IPset containing both IPv4 and IPv6 addresses, IPv4 addresses are no longer prefixed with "::ffff:" by default. However, the analyst can still view a mix of IPv6 and IPv6-mapped addresses if preferred. The change offers more flexibility in visualizing the data.
To learn more about the SiLK analysis suite, to download the latest version, and to learn about other useful tools produced by CERT, visit the CERT Network Situational Awareness Tools website.
SiLK tools are also available on the CERT LiFTeR website, where the tools are available for Fedora 23 through 28, Redhat Enterprise Linux, and CentOS releases 6 and 7.
SEI Introduces “SoundBytes” Video Series
May 8, 2018—The SEI produces numerous webinars, podcasts, and recorded lectures designed to educate the software engineering community about our latest research and development, to encourage further discussion, and to stimulate new ideas. While these products delve into the subject matter at length, we know that sometimes you want to cut to the chase. That’s why we’re introducing the SEI SoundBytes video series.
SEI SoundBytes are brief videos excerpted from our longer discussions. Each SoundByte addresses a specific question important to the software development community. We are launching this service with 20 SoundByte videos, and will add to our library as new webinars, podcasts, and lectures are recorded.
Our inaugural set of videos address questions such as the following:
What would convince DoD program managers to use model-based system engineering?
How can DoD make more effective use of the tremendous amounts of data its sensors produce?
How can machine learning help the DoD with binary code analysis?
We hope you’ll find these series both convenient and informative. To view the videos in the SEI SoundBytes series, visit the SEI SoundBytes YouTube channel.