The Case for a Federated Responsibility Model for Application Security to Power Secure DevOps

Over the past decade, DevOps has revolutionized the development process with speed and agility.

Yet, for the most part, application security tools have remained the same for 20 years. Yes, we’ve seen new security scanning tools, but these technologies still focus on identifying vulnerabilities and flaws at specific points in the software development life cycle (SDLC), without considering the broader build-to-deploy development model.

This becomes more problematic when you consider how the world has changed, especially of recent. Every business is a software business, as software is the competitive advantage. While DevOps accelerates software production, security can’t keep up, and this opens up a huge risk chasm.

What does this risk chasm mean in practice? It means that security has little visibility – and no broader context – into the security of an application or the state of application vulnerabilities. It means there’s no way to assess the risk of the application and its impact on the business, and therefore no way to figure out whether to prioritize remediation.

Because of this, it means that remediation attempts slow down development processes, which creates conflict between development and security.

The centralized control model no longer works in today’s software-defined world

Part of the problem is that the DevOps model utilizes a decentralized process to deliver software fast. Security doesn’t. Traditionally, the CISO and their team would set and oversee policies across the enterprise. Businesses adhere to these or face the consequences of policy violations. Security policies are set, and sit, for long periods of time; change is the exception, rather than the rule.

This centralized control model no longer applies to today’s software-defined world. Today, product security teams are often embedded within engineering organizations. These teams are chartered with ensuring the security of their respective product lines while incorporating the risk their businesses are willing to accept. These teams also deeply understand the delivery requirements placed on Development teams.

Within this context, product security does whatever it takes to support their product lines at the speed of business. This can create competing – sometimes conflicting – demands between product security at the line of business (LOB) level and enterprise security at the corporate level.

To work effectively in today’s world a new decentralized, federated responsibility model for application security is emerging. This model enables security, with risk management and compliance, to align with individual LOB operations while retaining corporate standards and policies, to deliver secure applications at the speed of DevOps.

Through this model, corporate security works with governance to set organizational security policy, maintain corporate security visibility, measure the overall risk to the business, and coach product security and operations teams. While product security teams are empowered to own the security of their applications. They in turn provide the specific policies and tools to enable Development to implement consistent security in line with the velocity of DevOps.

The foundations of a federated responsibility model for AppSec

First, there is a need to for enterprise control. You need to set standards

Improbable’s gaming tech used to help Government model spread of coronavirus

Gaming technology developed by British start-up Improbable has been used to help speed up the government’s modelling of coronavirus infections. 

The London-headquartered business, which originally developed technology for multiplayer games, has been working with the Royal Society to model Devon’s 800,000-person population.

Using its SpatialOS networking platform, which is capable of creating vast virtual worlds in games such as Scavengers, the company was able to run simulations up to 10,000 times faster than current methods. 

The company claims the technology can model a month of human behaviour patterns, movement and viral spread in seconds, where it previously took half a day.

The Rapid Assistance in Modelling the Pandemic project has been used to help Government advisors, including SAGE,  better understand and predict the spread of the pandemic.

Joe Robinson, the head of Improbable’s defence business, said Improbable’s modelling technology could be used to expand the software to predict the spread of the virus across the entire country, not just Devon.

Improving the speed of coronavirus models is critical, Mr Robinson said.

“It enables you to test a vast number of different scenarios. In very complex problems, there are different decisions and policies you can test,” he said. “By speeding up that process, you can run lots and lots of different model runs and generate better insights because of it.”

The company’s wargaming technology is also being used to train British soldiers as part of the Army’s Collective Training Transformation Programme, it was announced earlier this year.

The Telegraph reported in June that the Ministry of Defence has spent more than £8.3m on Improbable technology. Improbable also has a $5.8m (£4.4m) contract with the US Department of Defence.

Source Article

MIT has a new AI model that can detect asymptomatic COVID-19 patients just by the using the sound of their coughs recorded over phone calls

  • The Massachusetts Institute of Technology (MIT) has developed a new AI model that detects asymptomatic COVID-19 patients by analysing the sounds of their coughs.
  • The long term plan is to make this AI model accessible on a large scale by incorporating the model into a user friendly app.
  • The AI model uses four algorithms to run its analysis and is able to accurately identify 98.5% of coughs from people who were confirmed to have COVID-19 and detected those who didn’t have any symptoms but tested positive with 100% accuracy.

The COVID-19 patients who exhibit no symptoms (are asymptomatic) are harder to trace because they don’t know they are sick. However, the Massachusetts Institute of Technology (
MIT) may have found a way around that using artificial intelligence (AI).

MIT’s new AI model can detect who may be carrying the virus, even without any discernible physical symptoms, just by hearing the way a person coughs. The salient differences between the cough of a healthy person and that of one who may be unhealthy is not discernible to the human ear but can be picked up by AI.

“Things we easily derive from fluent speech, AI can pick up simply from coughs, including things like the person’s gender, mother tongue, or even emotional state. There’s in fact sentiment embedded in how you cough,” explained co-author Brian Subirana.

The long term plan is to make this accessible on a large scale by incorporating the model into a user friendly app. If it receives the Food and Drug Administration (FDA) approval, MIT hopes it can be a free, convenient, and non-invasive screening tool for coronavirus.

MIT’s AI model detects asymptomatic COVID-19 patients with 100% accuracy
The study, published in the IEEE Journal of Engineering in Medicine and Biology, used forced-cough recording, submitted by people voluntarily submitted through web browsers, smartphones, and laptops.

Using this information, the AI model was trained using tens of thousands of coughs and spoken words. At the end of the experiment, it accurately identified 98.5% of coughs from people who were confirmed to have COVID-19. And detected those who didn’t have any symptoms but tested positive with 100% accuracy.

Advertisement


An AI-model backed by four algorithms
The AI model is a combination of three machine learning (ML) algorithms or neural networks. ResNet 50 can discriminate between sounds that are associated with different degrees of vocal cord strength.

The second ML algorithm was trained to distinguish between different emotional states evident in speech. While certain tones may indicate frustration, others indicate happiness.

The final and third neural network is a database of coughs that can discern changes in lung and respiratory performance.

All three of these models were combined and one last algorithm was overlaid to filter all analysis and detect muscular degradation.

The results showed that together — vocal cord strength, sentiment, lung and respiratory performance, and muscular degradation — were effective biomarkers for diagnosing the disease.

“The sounds of talking and coughing are both influenced by the vocal cords

Grenke to abandon franchise model after short-seller attack

Adds details

BERLIN, Oct 29 (Reuters)German leasing business Grenke GLJn.DE> said it would integrate its franchise companies into the group business and add a chief risk officer to its board in the wake of a short-seller attack.

The company’s franchise model has been in focus following a report by Viceroy Research that accused Grenke of fraud.

Grenke, which denies the allegations, said on Thursday it planned to integrate its 16 franchise companies into the consolidated group over the next 12-18 months.

The Baden-Baden-based company will also expand its board of directors to include a chief risk officer. Board member Sebastian Hirsch will become chief financial officer, while chief executive Antje Leminsky will assume responsibility for internal audit.

“Through continuous development, we want to align this successful model even more closely to what the capital market expects from us: transparency, professional governance and compliance,” Leminsky said in a statement.

Grenke posted a 50% fall in third-quarter net profit to 17.7 million euros, hurt by a 48.8 million euro impairment charge as a resurgence in coronavirus cases deteriorated the business outlook for some of its customers.

The company said prospects for new business would depend on the impact of rising coronavirus infections and the corresponding curbs on economic activity.

It expects new business for the fourth quarter to be around 60% of the previous year’s level.

($1 = 0.8461 euros)

(Reporting by Caroline Copley, editing by Vera Eckert and Mark Potter)

((Caroline.Copley@thomsonreuters.com; +49 (0)30 2201 33584 ;))

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Source Article

Researchers develop infectious disease model for forecasting elections

Forecasting elections is a high-stakes problem. Politicians and voters alike are often desperate to know the outcome of a close race, but providing them with incomplete or inaccurate predictions can be misleading.

And election forecasting is already an innately challenging endeavor — the modeling process is rife with uncertainty, incomplete information, and subjective choices, all of which must be deftly handled. Political pundits and researchers have implemented a number of successful approaches for forecasting election outcomes, with varying degrees of transparency and complexity.

However, election forecasts can be difficult to interpret and may leave many questions unanswered after close races unfold.

These challenges led researchers to wonder if applying a disease model to elections could widen the community involved in political forecasting. In a paper publishing today in SIAM Review, Alexandria Volkening (Northwestern University), Daniel F. Linder (Augusta University), Mason A. Porter (University of California, Los Angeles), and Grzegorz A. Rempala (The Ohio State University) borrowed ideas from epidemiology to develop a new method for forecasting elections.

The team hoped to expand the community that engages with polling data and raise research questions from a new perspective; the multidisciplinary nature of their infectious disease model was a virtue in this regard.

Our work is entirely open-source.Hopefully that will encourage others to further build on our ideas and develop their own methods for forecasting elections.”


Mason A. Porter, University of California, Los Angeles

In their new paper, the authors propose a data-driven mathematical model of the evolution of political opinions during U.S. elections. They found their model’s parameters using aggregated polling data, which enabled them to track the percentages of Democratic and Republican voters over time and forecast the vote margins in each state.

The authors emphasized simplicity and transparency in their approach and consider these traits to be particular strengths of their model. “Complicated models need to account for uncertainty in many parameters at once,” Rempala said.

This study predominantly focused on the influence that voters in different states may exert on each other, since accurately accounting for interactions between states is crucial for the production of reliable forecasts.

The election outcomes in states with similar demographics are often correlated, and states may also influence each other asymmetrically; for example, the voters in Ohio may more strongly influence the voters in Pennsylvania than the reverse. The strength of a state’s influence can depend on a number of factors, including the amount of time that candidates spend campaigning there and the state’s coverage in the news.

To develop their forecasting approach, the team repurposed ideas from the compartmental modeling of biological diseases. Mathematicians often utilize compartmental models–which categorize individuals into a few distinct types (i.e., compartments)–to examine the spread of infectious diseases like influenza and COVID-19. A widely-studied compartmental model called the susceptible-infected-susceptible (SIS) model divides a population into two groups: those who are susceptible to becoming sick and those who are currently infected.

The SIS model then

Model Jessica Hart Gets Engaged to Boyfriend James Kirkham at Their Baby Shower!

Jessica Hart is having a baby AND getting married!

The 34-year-old Victoria’s Secret model took to her Instagram on Tuesday (October 27) to reveal that boyfriend James Kirkham proposed to her at their baby shower.

What a day ! My beautiful sister threw me a baby shower on the weekend and my BEST FRIEND, baby daddy and the equally beautiful @jameskirkham came and PROPOSED to me in front of all my friends,” Jessica wrote along with several photos from shower/proposal at the beach in Malibu.

“It was so so special! We’re on cloud 9 over here,” Jessica continued. “I was really blown away and super surprised. I had NO idea. Thank you to all of you that were there and made it so special. I love you all ❤️ (I said YES)”

Jessica first announced last month that she and the former NASCAR driver are expecting a baby girl. This will be the first child for the couple, while James is dad to 6-year-old daughter Wren.

Congrats Jessica and James!

Click inside to see photos from the proposal…

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "http://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.2&appId=145071315902360"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));

Source Article

Traditional finance business model no longer working


Simon Torrance, senior adviser at corporate innovation firm, Rainmaking, claims that the traditional financial services business model is no longer working.

Torrance, who is also an executive member of the World Economic Forum’s working group on accelerating digital transformation, believes that the way financial services companies sell products and services is no longer viable due to increased competition and higher consumer expectations.

“At the moment, financial services organisations ‘manufacture’ products and then try and sell them, either directly to customers or to distributors for resale,” Torrance tells Finextra Research.

“This still accounts for around 90% of business in banking and insurance. What they’ve tried to do is digitise the interfaces, but the business model is fundamentally the same.”

He also believes the plight of such businesses is going to get worse, given that the economic profit forecasts for banks and insurances companies is due to get worse.

“They’re just not making money doing what they’re doing at the moment, and just digitising it isn’t going to work,” he says.

Embedding and integrating

There are numerous alternatives to this model that could prove more profitable and offer greater growth.

Small and medium-sized banks may find themselves too reliant on simple products that are easy to offer at scale such as current accounts and savings. It is however almost impossible to scale up the business and attain profitability when over-reliant on them.

Financial services organisations should be looking to create demand for their products at a low ‘cost to serve.’

“Normally, if a bank or an insurance company does a deal with a retailer or a car company, for example, it is a very convoluted process,” Torrance says.

“They have to go through RFPs (requests for proposal), they can take a long time and they cost a lot of money to integrate.”

An embedded or fully integrated model, however, allows this to happen instantly, as developers within retailers and other companies are able to harness platforms that connect to the bank, insurance company’s products and services.

This allows a bank or insurance company to become more of a platform that offers an array of financial services, resulting in a number of intriguing business models.

One option is for a bank to mix its products with those of other parties, solutions and data to solve problems for customers in a more sophisticated way than any institution can do independently.

Another model is what Torrance refers to as “digital enablement” or “developer support”, whereby banks make their assets available through APIs that third-party can integrate or embed into their own products, such as a payment plan on a car, a holiday or an online experience like an educational course or magazine subscription.

A third option is that of becoming a marketplace and acting as a pure intermediary for the services of different services, akin to what price comparison sites do.

“These all include becoming more of a platform, which is how the big digital companies operate,” Torrance says.

Banks should look then to

The Hybrid Model Will Continue For New London Public Schools

From New London Public Schools:

October 26, 2020

Dear New London Public Schools Families:
I hope that you and your family are well. It is wonderful to be engaging with students, whether they are learning in Hybrid or full-time Distance Learning models. The social-emotional, health and safety, and academic needs of all continue to be our focus. Please find important district highlights below.

Hybrid Model to Continue:
As discussed with the Board of Education this past Thursday, New London Public Schools will continue operating in the “in-person” Hybrid Learning Model (yellow) and “at home” Distance Learning (red) Model through November 30th. Parents continue to have a choice for which learning option they wish their child to participate in. At this time, approximately 60% of families have selected the in-person Hybrid Model and 40% have selected the at-home Distance Learning model for their child.

Continued Focus on Health and Safety:
The COVID-positive cases our district has had thus far have been minimal and we are grateful for everyone’s due diligence in ensuring safety protocols and mitigation strategies are enacted. Decisions to temporarily close a classroom or a district building are made on a case-by-case basis, in conjunction with the guidance of our district Medical Advisor and leaders of Ledge Light Health District. Please be sure you are signed up to receive emails, phone calls, and text messages through our School Messenger platform as communications are shared with families in this way. School secretaries can assist families with registering and/or updating their School Messenger accounts.

As fall holidays approach, please continue to implement COVID-19 safety protocols including social distancing, frequent handwashing, and wearing masks. It is also a healthy practice to participate in a free COVID test offered in multiple sites across our community. Everyone’s proactive actions will help keep the community safe.

District Improvement Plan
On October 20th, our three-year Strategic Plan, entitled NLPS2021, was presented to the Board of Education. We are excited about the many accomplishments done over the past two years and look forward to continuing the hard work on multiple new goals and initiatives moving ahead. Please take time to review the goals that have been set for this year, as well as celebrate all the work that has already been completed over the first two years of this plan. You can find NLPS’ District Improvement Plan on the district website here.

District Subcommittees and Parent Leadership Committees-YOU are INVITED to Co-Serve!
We are pleased to announce various District Subcommittees that are available for parents and community members to join as well as Parent Leadership Committee opportunities found in each school. Please click here to view a flyer of all available committees and their corresponding meeting dates. Our district is great because of the shared commitment of various constituents that contribute to our over-arching goals, mission, and vision. If you are interested in joining one of these committees, please contact the committee leader listed. We look forward to your valuable input and partnership!

Whaler Chat:

The Bachelorette: Dale Moss Was Once a Party City Model

Listen, we’ve all had that one gig where we look back with a little wince, but it paid the bills, so who are we to badmouth a paying job? Well, I think we all found Dale Moss’s wince-worthy gig! The former NFL player may be finding fame as the stealer of Clare Crawley’s heart on this season of The Bachelorette, but now he’s definitely reached infamy for being a Halloween costume model for Party City.

On Oct. 22, a Bachelorette fan spotted the Wilhelmina International model sporting three costumes on the website, noting that if anyone thought he looked familiar, it’s because of a previous side hustle. Fans also found the 32-year-old South Dakota native on a bag of photo props holding up a sign that reads “Hubby.” How appropriate! When a Bachelor Instagram fan account posted the Party City pics online, Dale told his fans that it could be worse, saying, “Love it! Read your contracts, kids ;).” What an easy-going guy!

Keep scrolling to see Dale’s carefree grin in a Superman, taco, and gladiator costume ahead.

window.fbAsyncInit = function() { FB.init({ appId : '175338224756', status : true, // check login status xfbml : true, // parse XFBML version : 'v8.0' }); ONSUGAR.Event.fire('fb:loaded'); }; // Load the SDK Asynchronously (function(d){ var id = 'facebook-jssdk'; if (d.getElementById(id)) {return;} if (typeof scriptsList !== "undefined") { scriptsList.push({'src': 'https://connect.facebook.net/en_US/sdk.js', 'attrs': {'id':id, 'async': true}}); } }(document));

Source Article

Grant helps Crystal Spring Farm switch business model, zeroes in on carrots, blueberries

Seth Kroeck, manager of Crystal Spring Farm, speaks about a new $250,000 grant that will help the farm market and distribute carrots and blueberries. Hannah LaClaire / The Times Record

BRUNSWICK — The growing season for carrots and blueberries might be over, as evidenced by the snowflakes falling on farmer Seth Kroeck’s shoulders Wednesday morning, but there’s still plenty of work ahead for the owners of Crystal Spring Farm as they move forward with plans to break into the wholesale business this fall and winter. 

The farm’s Organic Wild Maine Blueberry Conserve is available at Morning Glory Natural Foods and Bow Street Market. The carrots will be available at 16Hannaford locations around the state. Hannah LaClaire / The Times Record

Kroeck and Maura Bannon, managers of Brunswick’s Crystal Spring Farm, are recipients of a $250,000 USDA Value Added Producer grant that, when matched, will help the farm process, market and distribute organic carrots and blueberry products to local retailers. 

The 320-acre organic farm is owned by the Brunswick-Topsham Land Trust. Seth Kroeck has a 50-year lease on 115 acres of agricultural land and farm buildings along with a separate lease from a local family for 72 acres of wild blueberries. Kroeck and Bannon have been growing organic carrots since 2004 and organic blueberries since 2014. 

Over the past decade, Crystal Spring became the largest Community Supported Agriculture (CSA) farm in Maine, according to a news release.  In 2018, they grew over 160 varieties of vegetables and served over 600 members from the Midcoast to Portland.

But last year, faced with difficulties finding labor and “changes in the long-term viability of CSAs,” they decided to transition to fewer employees, growing on fewer acres and focusing on just two crops. 

Choosing blueberries and carrots was easy, Kroeck said.

Seth Kroeck, manager of Crystal Spring Farm, recently purchased a mechanical carrot harvester, which can hold about 800 pounds when full. Hannah LaClaire / The Times Record

Both crops have historically grown very well on the farm, and carrots are sturdy, less perishable and easier to transport than some other vegetables. Blueberries are naturally more fragile, but are easy to make into other products, he said, like a chipotle blueberry spread expected to come later this year once the jalapenos finish smoking, or the organic wild Maine blueberry conserve already on shelves.

The carrots will be distributed to 16 Hannaford locations this fall and winter and the blueberry conserve, plus any other products that might follow, are available at Morning Glory Natural Foods in Brunswick and Bow Street Market in Freeport. 

Prior to receiving the grant, the farm invested in mechanical carrot and blueberry harvesters, cooling and freezing capacity and an automated weigher/bagger. This equipment increases efficiency and allows them to compete locally with organic carrots from the west coast, according to the release. 

Kroeck hopes to eventually be able to harvest more than 100,000 pounds of carrots per year, or about 20,000 pounds per acre, but due to the recent drought conditions,