Mediaboss Marketing

Five years ago, cybersecurity researchers accomplished a rare feat. A team at the Pentagons far-out research arm, the Defense Advanced Research Projects Agency (DARPA), loaded special software into a helicopters flight control computer. Then they invited expert hackers to break into the software. After repeated attempts, the flight control system stood strong against all attempts to gain unauthorized control.

This outcome was unusual. Experienced hackers who are given direct, privileged access to software almost always find a way in. The reason is simple. Decades after the birth of computer programming, modern software products are riddled with flaws, many of which create security vulnerabilities that attackers can easily exploit to slip through digital defenses. This is why reducing the error rate in software code is essential to turn the tide against relentless computer criminals and foreign adversaries that steal wealth and menace critical infrastructure with relative impunity.

How was DARPAs custom flight control software able to shrug off its assailants? The researchers turned to formal methods, a frequently overlooked group of technologies that programmers can use to create ultra-secure, ultra-reliable software. DARPAs experiment is one of several examples that underscore the potential for formal methods to remake software security. They herald a not-too-distant future when radically safer, more secure software can allow us to embrace other emerging technologies without catastrophic consequences.

Before it is ready for primetime, any piece of software should be able to satisfy at least two criteria:

Because most customers use software as it is intended, software programmers devote most of their attention to satisfying the first criteria: ensuring the software works properly under normal conditions. This is relatively easy to evaluate through user feedback, as customers tend to be vocal when a piece of software obviously misbehaves or omits an advertised feature.

The second dimension is much trickierand the bane of the cybersecurity community. Virtually all software code contains defects that can cause the software to fail in some way. Humans write software, and our species is naturally prone to mistakes. Larger and more complex software applications multiply opportunities for committing and overlooking errors by orders of magnitude. Human minds excel at creating highly capable software (the first criteria), but they are ill-equipped to identify and eliminate software defects.One defect might be harmless, while another might crash the entire program. Others can lead to security failures. These happen when human attackers purposefully exploit defects to cause a specific kind of software failure that achieves their own objectives, such as leaking private data or giving control to them, the attacker.

The software industry has coalesced around two methods for reducing the error rate in software code. The first is simply education and knowledge exchange. Experts collaborate on a global scale to share information about software vulnerabilities and how to fix them. Yet as computing has matured, this body of knowledge has become overwhelming. It is extremely challenging to know when to apply lessons learned and how to verify implementation. Another common method to improve software quality is intensive testing. Yet this can consume massive resources, and most testing only indicates the presence of defectsit cannot prove the absence of them. Given the context of cybersecurity, where attackers actively hunt for any possible flaw that designers overlooked, these two methods have proved insufficient in solving software security.

Formal methods encompass a group of technologies that aim to manage these problems much more effectively by supplementing human resources with computational resources. In the 1970s, when it became clear that computers would become the foundation of military power, the defense community realized it needed greater assurance that its software was of the highest quality and free of security issues. Early programmers knew they could not rely on human judgment alone to ferret out all possible security vulnerabilities. They needed ways to prove that critical pieces of software would not crash by accident or contain unknown security flaws that attackers could exploit. They wanted to maximize confidence that a specific software application would do only what its authorized users intended, and nothing else.

What is the best way to prove an objective truth? Math and logic. The pioneers of formal methods adapted mathematical logic to construct abstract representations of software (I want this program to do X) and then use advanced mathematical theorems to prove that the software code they wrote would only accomplish X.

The term formal methods evolved over time, and today it represents a spectrum of sophistication, from relatively simple instructions for planning a software project to automated programs that function like a super spell-check for code. The method of analysis varies between different formal methods, but it is largely automated and ideally carried out with mathematical precision. Lightweight formal methods are already in widespread use today. Static type theory, for example, has become a standard feature in several programming languages. These methods require no specialized knowledge to use and provide low-cost protection against common software faults.

More sophisticated formal methods can prevent more complex problems. Formal verification is one such example and it enables programmers to prove that their software does not contain certain errors and behaves exactly according to specification. These more advanced methods tend to require specialized knowledge to apply, but with recent advances this bar has been coming down. (For a more detailed description of different types of formal methods, curious readers should read pages 6-9 of this report by the National Institute of Standards and Technology.)

Problems with formal methods and recent innovation

Like the neural networks that revolutionized artificial intelligence, formal methods are a technology undergoing a renaissance after spending decades in the shadows. As software became more complicated, applying the more advanced tools for proving codethe ones that could provide the highest assurance that security vulnerabilities were absentbecame exponentially more difficult. As the National Institute of Standards and Technology explains, formal methods developed a reputation as taking far too long, in machine time, person years and project time, and requiring a PhD in computer science and mathematics to use them. For a long time, formal methods were relegated to mission-critical use cases, such as nuclear weaponry or automotive systems, where designers were willing to devote immense time and resources to creating error free software. But research into formal methods continued, led by a dedicated corps of experts in academia, federal research institutions, and a handful of specialized companies.

More recent developments, including DARPAs helicopter project, suggest formal methods are poised to remake how we design software and transform cybersecurity. In November 2016, the National Institute for Standards and Technology delivered a comprehensive report to the White House recommending alternative ways to achieve a dramatic reduction in software vulnerabilities. Devoting six pages to formal methods, the report noted that formal methods have become mainstream in many behind-the-scenes applications and show significant promise for both building better software and for supporting better testing.

Leading technology companies have quietly rolled out formal methods in their core businesses. Amazon Web Services (AWS), arguably one of the most important infrastructure providers on the planet, has an entire team that uses formal methods to create provable security for its customers. Facebook has shown how formal verification techniques can be integrated into a move fast and break things approach with its INFER system, which continuously verifies the code in every update for its mobile applications. Microsoft has also stood up its own dedicated team on formal verification. As one team member explained last year, Proving theorems about programs has been a dream of computer science for the last 60 years or more, and were finally able to do this at the scale required for an important, widely deployed security-critical piece of software. And it is not just Big Tech. Specialty companies like Galois, Synopsys, and MathWorks are creating a more competitive market for sophisticated formal methods solutions that companies of various sizes can put to work.

Looking forward, the National Science Foundations ongoing DeepSpec Expedition in Computing has demonstrated the applicability of these methods to increasingly complex engineering tasks, including the development of entire operating systems (which tend to be much larger than single applications), database engines, memory managers, and other essential computing and software components. These successes represent a significant step forward for the field, which has long sought to find reliable, low-cost/low-time methods for engineering such components.

These clear signs of progress notwithstanding, the most sophisticated types of formal methodssuch as full-blown formal verificationare still a long way from becoming a go-to tool for the average software developer. The organizations listed above are not representative, of course, and challenges still remain to bring formal methods to the rest of the software industry. We need an ecosystem of tools, more training for working engineers, and more consensus on when to deploy which methods. We also need to begin changing the way software standards committees publish their work; instead of prose, they should begin publishing formal models that allow the application of formal methods. Lastly, we need to begin educating technology decisionmakers about these capabilities and their ramifications.

There are at least two reasons why industry and government should seize on ongoing innovations in the field and accelerate adoption.

First, unlike many cybersecurity measures, proper application of formal methods does not only drive costs up. Since formal methods reduce overall defect count in software, systems built with formal methods can require less maintenance and thus be cheaper to operate than todays ad-hoc alternatives. Additionally, further improvements in automation are expected to provide these benefits without adding significant cost to the initial engineering efforts. Whereas as most security measures drive costs and hurt profit margins, proper use of formal methods can help defeat attackers while improving the bottom line. Even where software is too complicated to use formal verificationthe most robust weapon in the formal methods arsenalmuch more basic formal methods can still lower software lifecycle costs simply by enforcing more rigorous development practices that some software developers know, but dont use.

Second, the steady drumbeat for software liability may soon change the cost calculus for software developers who have traditionally not born all the costs of unreliable, flawed software. The final report issued by Congress Cyberspace Solarium Commission recommended that Congress should pass a law establishing liability for final goods assemblers of software that contains known and unpatched vulnerabilities. Some types of formal methods offer clear opportunities to establish more objective standards of care for determining such liability.

Just one bug in one line of code

Today, we have a global software industry that frequently creates software in an ad-hoc manner, churning out products without truly knowing what is in them, how they might fail, and what will happen if they do. The situation was tolerable when software did not run the world but computing now either controls or informs nearly every aspect of the economy, politics, and social life. And because the individual components that make up a larger software program are interdependent, even a single error in any phase of the manual development processdesign, implementation, testing, evaluation, operation, maintenancecan be catastrophic. One bug in one line of code can create a security vulnerability that spans millions of computer systems, enabling data theft and digital disruption on a massive scale.

Formal methods are not the ultimate answer to cybersecurity. Even their most sophisticated manifestation, formal verification, cannot guarantee perfect security. Neither can the worlds best engineers guarantee that a skyscraper will not collapse. But through rigorous standards, objective testing, and the scientific method, they have achieved an outstanding record. By injecting similar rigor into the software industry, formal methods can, at the very least, give us much higher assurance that digital technology will behave.

Tim Carstens is an adviser at the Cyber Independent Testing Lab.David Forscey is the managing director of the Aspen Cybersecurity Group. He previously worked in the Center for Best Practices at the National Governors Association and Third Way.

Read more here:
Formal methods as a path toward better cybersecurity - Brookings Institution

This Computer Weekly Developer Network series is devoted to examining the leading trends that go towards defining the shape of modern software application development.

As we have initially discussed here, with so many new platform-level changes now playing out across the technology landscape, how should we think about the cloud-native, open-compliant, mobile-first, Agile-enriched, AI-fuelled, bot-filled world of coding and how do these forces now come together to create the new world of modern programming?

This contribution comes from Ezat Dayeh in his role as SE Manager UK&I at Cohesity the company is known for its capabilities aligned to tackle mass data fragmentation through data management, beginning with backup.

Dayeh writes as follows

What 2020 has shown (given the Covid-19 pandemic, political upheavals and everything else) is that business processes need to be adaptable and flexible if they are going to survive the new ways of working and respond to changing consumer habits and the difficult economic challenges.

Software development cycles have always been pressured to deliver right-first-time production software fast, so dev teams scrum and sprint, but what often holds them back is the ability to access data they need because of infrastructure issues. Data is too often fragmented across a host of silos that cant match the speed needed (and also costs too much) to give developers the tools to make sure their software is fit for purpose.

Cohesitys Dayeh: Say goodbye to monophasic development, say hello to the new mix.

What modern software development needs is an infrastructure that provides an agile, simple and risk-free development environment.

Test data, for example, is a critical part of the software development lifecycle. Development and test teams need enough quality test data to build and test applications in a scenario that reflects the business reality. Since it is a foundational element, changing this variable affects larger processes. Faster access to test data can directly speed up time to release. Higher quality and more realistic test data can reduce the number of defects customers encounter in production software.

Theres always a but (so here it is): traditional test data management infrastructure is misaligned with modern software development.

Monophasic development and monolithic applications have been replaced in favour of more iterative development predicated on microservices. The adoption of DevOps methodology and Agile development practices have evolved to support this trend. However, the underlying problem of data availability has largely remained unresolved.

The legacy approach of traditional test data management delays development and testing, giving that provisioning the relevant data itself can take days or even weeks. And it is a legacy issue its a hard, technical problem to be able to provision data to multiple teams, across multiple geographies, at an ever-growing pace.

But doesnt the public cloud overcome legacy issues?

To an extent the public cloud has accelerated the pace of innovation by bringing elasticity and economics while reducing time to market for new applications. However, it is not a panacea.

Public cloud environments carry over operational inefficiencies from their legacy on-premise environments and introduce several new challenges. For most organisations, their data footprint straddles multiple public clouds and on-prem environments. So test/dev requires data mobility between environments. The advent of dev/test in the cloud adds additional roadblocks, including the misalignment of formats among on-premise and public cloud VMs. This schism leads to manageability strains, presents an impediment to application mobility and often is accompanied by dramatic cost challenges.

A way of speeding up test/dev is to repurpose backup data as test data.

This means you can back up one server or databases, instantly make a clone of it without consuming extra storage and use that clone to help develop applications and software. It doesnt require additional infrastructure and the management overhead is part and parcel of the backup.

This gives teams near-instant and self-service access to up-to-date and zero-cost clones, increasing the speed, quality and cost-effectiveness of development. Or to put it more succinctly: for faster software development, IT teams should look for software solutions that provide instant zero-cost clones.

Data management has a special role to play in terms of modern software application development and it can help define a new rhythm for the paroxysms of data schism.

Can you get with the beat?

Cohesity promises to consolidate data management silos with a single, web-scale solution. (Approved Image Source: Cohesity).

Continue reading here:
Modern development - Cohesity: Defining a new rhythm for the paroxysms of data schism - ComputerWeekly.com

DUBLIN, Calif., June 25, 2020 (GLOBE NEWSWIRE) -- Riverbend Fresh, LLC is the latest customer to pick up the food safety mantle and join iTrades iTracefresh program. As the leading global provider of supply chain software for the food and beverage industry, iTrade is pioneering efforts to build the worlds safest and most comprehensive global food supply chain. To underline its commitment to guaranteeing the safety of our food, it has removed all barriers to adoption, offering the iTracefresh traceability suite to any suppliers, or indeed any buyers, entire supplier portfolio for the first year free of charge.

At Riverbend Fresh, we believe that knowing where your produce comes from and how its grown is essential for our consumers to make the best choices for their families. Weve built our business around the idea of transparency, which is why we are excited to use iTrades traceability. Through this free offer, we can grow our business while affirming our commitment to providing safe, fresh, high-quality produce, comments Kym Sanders, Food Safety Manager at Riverbend Fresh, LLC.

In addition to protecting a suppliers brands during recalls and enabling critical downstream supply chain visibility, iTrades traceability solutions help grow its customers businesses. Data from a yearlong pilot with a major industry buyer showed that suppliers adopting iTrade traceability increased their trading volumes by an average of 55 percent in just 12 months. Additionally, a sample of just four new growers added a combined $10 million in revenue over the same period.

The world would be a better place if everyone knew where their food came from, says Rhonda Bassett-Spiers, CEO of iTradeNetwork. Whether youre a small, family farm or a large, enterprise operation, we want to make food safety and traceability accessible to everyone. We are happy to have Riverbend Fresh join us in creating the worlds safest food supply chain and grow their business in the process.

Riverbend Fresh, LLC is a grower, packer, shipper and distributor of quality fresh produce located in the heart of Californias San Joaquin Valley among the most productive agricultural regions on earth. At Riverbend Fresh, LLC, they specialize in shipping the freshest produce commodities to wholesalers, distributors, retailers, and food service receivers nationwide. They come from a long line of family farming industry experience and are dedicated to meeting the demands of our customers with excellent service.

Suppliers interested in adopting iTrades iTracefresh traceability suite and enjoying the first year, free of charge, should visit https://www.itradenetwork.com/itracefresh/item/. The promotional package includes two of iTrades products: its Produce Traceability Initiative (PTI) case labeling solution, and its Palletized Advanced Ship Notice (ASN) solution, Transit.Qualifying suppliers may also receive the free field kit hardware package that includes a printer, two mobile devices, and 10,000 labels to help them get started on iTracefresh.

Contact:Bryn McFadden925-660-1100inquiries@itradenetwork.com

Read more from the original source:
Riverbend Fresh, LLC, Joins The Movement to Build The World's Safest Food Supply Chain Adopting The Free iTrade Traceability Campaign - GlobeNewswire

6/25/2020

HOUSTON - Weatherford International announced its Production Optimization Software Platform increased production by nearly 6,000 barrels per day, boosting revenue by $156 million over three years for a Middle East operator.

The Weatherford production optimization software platform enabled the customer to automate production monitoring, analysis, and optimization asset-wide for 1,700 Electric Submersible Pump (ESP) wells. Once the Weatherford team mapped and identified the data requirements needed to build and sustain an automated ESP well model, they instituted automated data gathering, model tuning, and data-quality validation. These steps enabled the customer to proactively manage failures and opportunities in real time across all wells from a single, integrated platform.

"Weatherford digitalization solutions place a premium on achieving a return on investment in a very short time while building value over the long term," said Manoj Nimbalkar, Vice President, Production Automation and Software, Weatherford. "The new model indicated optimization opportunities in 40% of the customer wells, and within six months, this solution increased incremental production and revenue at a rate of 2,000 barrels per day. In short, this solution paid for itself in a matter of weeks."

Over the three years since implementation, the value of the system has increased. The CAPEX-free solution identified opportunities that improved production by nearly 6,000 barrels per day, representing a $52 million average annual increase in incremental revenue, or $156 million over three years.

A critical customer requirement was that the solution must be able to expand beyond ESP to every form of artificial lift and enable pattern-recognition techniques for predictive failure management. The software platform integrated all data into a single system and eliminated data-quality issues, which led to a 95% increase in data-quality KPI compliance. The newly available integrated data and improved data quality allowed the customer to implement predictive-failure analytics for ESP wells by using machine learning, and also set the foundation for optimization and predicting failures for other forms of lift.

"The operator selected the Weatherford production optimization software platform as the sole system because of its ability to manage all forms of lift," said Nimbalkar. "The platform reduced downtime in some assets by 30% through proactive failure management and pattern-recognition models. This is the key to our technologies: Rather than only striving for more barrels, we make equal gains in asset uptime and personnel efficiency to deliver a value that is unmatched in the market today."

View original post here:
Weatherford digital transformation program adds $156 MM in revenue for Mideast operator - WorldOil

Dublin, June 26, 2020 (GLOBE NEWSWIRE) -- The "Global Telecom API Market By Type, By End User, By Region, Industry Analysis and Forecast, 2020 - 2026" report has been added to ResearchAndMarkets.com's offering.

The Global Telecom API Market size is expected to reach $369.1 billion by 2026, rising at a market growth of 22.2% CAGR during the forecast period. Application programming interface (API) is an established concept used to describe functional interfaces for software applications where one software program calls another via its API. These APIs have also been incredibly complex and not really meant for mass use. A few other software applications within the enterprise can use the API to invoke the program; a non-company client can use it as well, albeit with considerable difficulties.

The position of Programmable Telecom and APIs is expanding to support more and more than consumer-oriented communications, software, trade and digital content. This evolution extends beyond the support of APIs for B2C and B2B networks for conventional telecommunications applications. It plays a greater role for network service providers in smart infrastructure applications as well as Internet of Things (IoT) platforms and networks.

Cloud computing provides developers with the opportunity to offer web-based application distribution services. This extends network integration and content capabilities and strengthens their value chain Cloud-hosted platforms typically include Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Communications Platform as a Service (CPaaS). CPaaS is a newer cloud service platform that focuses exclusively on providing corporate communications-enabled software / services for real-time email, voice and video software. CPaaS enables developers to attach real-time connectivity capabilities to their own software without the need to construct backend networks and interfaces.

At the time of the global pandemic of COVID-19, telecommunications API vendors are designing technologies that can cope with the condition of better accessibility. For example, in April 2020, Vonage, a global provider of cloud business communications, announced the launch of its free desktop and mobile video collaboration app, Vonage Video Conferencing (VVC). At the time of the public health crisis, this video API solution is experiencing high demand as a requirement for telehealth, remote work and online education.

Companies Profiled

Unique Offerings from the Publisher

Key Topics Covered:

Chapter 1. Market Scope & Methodology1.1 Market Definition1.2 Objectives1.3 Market Scope1.4 Segmentation1.4.1 Global Telecom API Market, by Type1.4.2 Global Telecom API Market, by End User1.4.3 Global Telecom API Market, by Geography1.5 Methodology for the research

Chapter 2. Market Overview2.1 Introduction2.1.1 Overview2.1.2 Executive Summary2.1.3 Market Composition and Scenario2.2 Key Factors Impacting the Market2.2.1 Market Drivers2.2.2 Market Restraints

Chapter 3. Competition Analysis - Global3.1 Cardinal Matrix3.2 Recent Industry Wide Strategic Developments3.2.1 Partnerships, Collaborations and Agreements3.2.2 Product Launches and Product Expansions3.2.3 Geographical Expansions3.2.4 Mergers & Acquisitions3.3 Top Winning Strategies3.3.1 Key Leading Strategies: Percentage Distribution (2016-2020)3.3.2 Key Strategic Move: (Partnerships, Collaborations, and Agreements : 2016, Jun - 2020,Apr) Leading Players

Chapter 4. Global Telecom API Market by End User4.1 Global Enterprise Developers Telecom API Market by Region4.2 Global Partner Developers Telecom API Market by Region4.3 Global Internal Telecom Developers Telecom API Market by Region4.4 Global Other End User Telecom API Market by Region

Chapter 5. Global Telecom API Market by Type5.1 Global Messaging Telecom API Market by Region5.2 Global IVR API Telecom API Market by Region5.3 Global Payment API Telecom API Market by Region5.4 Global Location API Telecom API Market by Region5.5 Global WebRTC Telecom API Market by Region5.6 Global Others Telecom API Market by Region

Chapter 6. Global Telecom API Market by Region6.1 North America Telecom API Market6.2 Europe Telecom API Market6.3 Asia Pacific Telecom API Market6.4 LAMEA Telecom API Market

Chapter 7. Company Profiles7.1 AT&T, Inc.7.1.1 Company Overview7.1.2 Financial Analysis7.1.3 Segmental and Regional Analysis7.1.1 Research & Development Expense7.1.2 Recent strategies and developments7.1.2.1 Partnerships, Collaborations, and Agreements7.1.2.2 Product Launches and Product Expansions7.1.3 Recent strategies and developments: AT&T, Inc.7.1.4 SWOT Analysis7.2 Orange S.A.7.3 Verizon Communications, Inc.7.4 Nokia Corporation7.5 Google, Inc.7.6 Twilio, Inc.7.7 Telefonica S.A.7.8 Vonage Holdings Corporation7.9 Cisco Systems, Inc.7.1 LocationSmart

For more information about this report visit https://www.researchandmarkets.com/r/4nt2sj

Research and Markets also offers Custom Research services providing focused, comprehensive and tailored research.

Read more:
Insights on the Telecom API Global Industry to 2026 - Featuring AT&T, Orange & Verizon Communications Among Others - GlobeNewswire