SlideShare uma empresa Scribd logo
1 de 8
Baixar para ler offline
Risk Analysis in RFC 1149
Alison Hawke / Director of QA
RFC 1149
Our target system for risk analysis
“A Standard for the Transmission of
IP Datagrams on Avian Carriers”
RFC 1149 was released for comment by
the Internet Engineering Task Force on
1 April 1990.
What is risk analysis?
What is a risk? Where do they lurk? How do you find them?
No code is 100% risk-free.
Assumptions are bad, especially ones you don’t know about.
Trade-off sliders, what does the client really care about?
Certain areas are inherently risky because they’re hard to get right.
Hygiene factors/detractors.
Assumptions and “unknown unknowns”
How do you know what you know and what you don’t know?
“Reports that say that something hasn't happened are always interesting to me, because as we
know, there are known knowns; there are things we know we know. We also know there are
known unknowns; that is to say we know there are some things we do not know. But there are also
unknown unknowns – the ones we don't know we don't know. And if one looks throughout the
history of our country and other free countries, it is the latter category that tend to be the difficult
ones.”
Donald Rumsfeld, US Secretary of Defense, Feb 12, 2012
Trade-off sliders and risk prioritization
Who cares, and about what? Why is this more important than that?
• What does the client care about most? Ask them, often.
• Will this feature lose the client money if it’s broken?
• Will this feature make the client look bad if it’s broken?
• Nonfunctional considerations are a risk
Some stuff is just difficult
February 29th, 2015 and other problems
https://twitter.com/kellan/status/11110460227
Some stuff is just difficult
“GU2 5XH” is a valid UK postal code
• Dates, times, and time zones are complex.
• Names and addresses, especially global ones, are tricky.
• Math is hard, rounding errors happen, int’l currencies are difficult.
• If the user can enter data, the app is open to attack.
• Caching is hard, and horrible when it goes wrong.
• Nonfunctional considerations are a risk, e.g. system resources.
• What about security? Encryption? Privacy? Personally identifiable information?
Hygiene factors and other detractors
No-one likes a dirty bathroom
If {X} is there, it provides little user satisfaction.
If {X} is missing or broken, it is a HUGE problem.
Examples:
• Clean bathrooms.
• Caching.
• Performance.
• Encryption and other security.
• Session persistence.

Mais conteúdo relacionado

Mais procurados

Introduction to Apache Hadoop Ecosystem
Introduction to Apache Hadoop EcosystemIntroduction to Apache Hadoop Ecosystem
Introduction to Apache Hadoop EcosystemMahabubur Rahaman
 
Hadoop Presentation - PPT
Hadoop Presentation - PPTHadoop Presentation - PPT
Hadoop Presentation - PPTAnand Pandey
 
Component design and implementation tools
Component design and implementation toolsComponent design and implementation tools
Component design and implementation toolsKalai Vani V
 
Introduction to Hadoop
Introduction to HadoopIntroduction to Hadoop
Introduction to Hadoopjoelcrabb
 
Hadoop online training
Hadoop online training Hadoop online training
Hadoop online training Keylabs
 
Chapter1 introduction
Chapter1 introductionChapter1 introduction
Chapter1 introductionDinesh K
 
Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component rebeccatho
 
Introduction to interactive data visualisation using R Shiny
Introduction to interactive data visualisation using R ShinyIntroduction to interactive data visualisation using R Shiny
Introduction to interactive data visualisation using R Shinyanamarisaguedes
 
Introduction to PostgreSQL
Introduction to PostgreSQLIntroduction to PostgreSQL
Introduction to PostgreSQLMark Wong
 
Big Data Analytics with Hadoop
Big Data Analytics with HadoopBig Data Analytics with Hadoop
Big Data Analytics with HadoopPhilippe Julio
 
Big data-analytics-cpe8035
Big data-analytics-cpe8035Big data-analytics-cpe8035
Big data-analytics-cpe8035Neelam Rawat
 
Hybrid use of machine learning and ontology
Hybrid use of machine learning and ontologyHybrid use of machine learning and ontology
Hybrid use of machine learning and ontologyAnthony (Tony) Sarris
 

Mais procurados (20)

Introduction to Apache Hadoop Ecosystem
Introduction to Apache Hadoop EcosystemIntroduction to Apache Hadoop Ecosystem
Introduction to Apache Hadoop Ecosystem
 
Hadoop Presentation - PPT
Hadoop Presentation - PPTHadoop Presentation - PPT
Hadoop Presentation - PPT
 
Component design and implementation tools
Component design and implementation toolsComponent design and implementation tools
Component design and implementation tools
 
Introduction to Hadoop
Introduction to HadoopIntroduction to Hadoop
Introduction to Hadoop
 
Hadoop online training
Hadoop online training Hadoop online training
Hadoop online training
 
Chapter1 introduction
Chapter1 introductionChapter1 introduction
Chapter1 introduction
 
Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component
 
Hadoop Tutorial For Beginners
Hadoop Tutorial For BeginnersHadoop Tutorial For Beginners
Hadoop Tutorial For Beginners
 
Understanding Stack Overflow
Understanding Stack OverflowUnderstanding Stack Overflow
Understanding Stack Overflow
 
Nx tutorial basics
Nx tutorial basicsNx tutorial basics
Nx tutorial basics
 
Introduction to interactive data visualisation using R Shiny
Introduction to interactive data visualisation using R ShinyIntroduction to interactive data visualisation using R Shiny
Introduction to interactive data visualisation using R Shiny
 
Software Requirement Specification
Software Requirement SpecificationSoftware Requirement Specification
Software Requirement Specification
 
Hadoop
HadoopHadoop
Hadoop
 
French REXX
French REXXFrench REXX
French REXX
 
Relation Extraction
Relation ExtractionRelation Extraction
Relation Extraction
 
Introduction to PostgreSQL
Introduction to PostgreSQLIntroduction to PostgreSQL
Introduction to PostgreSQL
 
1. Apache HIVE
1. Apache HIVE1. Apache HIVE
1. Apache HIVE
 
Big Data Analytics with Hadoop
Big Data Analytics with HadoopBig Data Analytics with Hadoop
Big Data Analytics with Hadoop
 
Big data-analytics-cpe8035
Big data-analytics-cpe8035Big data-analytics-cpe8035
Big data-analytics-cpe8035
 
Hybrid use of machine learning and ontology
Hybrid use of machine learning and ontologyHybrid use of machine learning and ontology
Hybrid use of machine learning and ontology
 

Semelhante a Risk Analysis and RFC 1149 (IP on Avian Carriers)

Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
 
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationDouglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationTurner and Associates, Inc.
 
Security Unplugged
Security UnpluggedSecurity Unplugged
Security Unpluggedsean_mckim
 
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborTurner and Associates, Inc.
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Alerting, Reminding, Reminding, Reminding And Releasing Vulnerabilities
Alerting, Reminding, Reminding, Reminding And Releasing VulnerabilitiesAlerting, Reminding, Reminding, Reminding And Releasing Vulnerabilities
Alerting, Reminding, Reminding, Reminding And Releasing Vulnerabilitiestmacuk
 
Would You Lie to Your Physician? Establishing Privacy Compliance within your ...
Would You Lie to Your Physician? Establishing Privacy Compliance within your ...Would You Lie to Your Physician? Establishing Privacy Compliance within your ...
Would You Lie to Your Physician? Establishing Privacy Compliance within your ...Ensighten
 
Role of encryption in security vs privacy debate
Role of encryption in security vs privacy debateRole of encryption in security vs privacy debate
Role of encryption in security vs privacy debateKristine Hejna
 
20161109_Mahan_Brighttalk_Webinar_Final
20161109_Mahan_Brighttalk_Webinar_Final20161109_Mahan_Brighttalk_Webinar_Final
20161109_Mahan_Brighttalk_Webinar_FinalPhillip Mahan
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?dianadvo
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesBlake Carver
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingThinAir
 
Nhs dealing with cyber threat
Nhs dealing with cyber threatNhs dealing with cyber threat
Nhs dealing with cyber threatShikoh Khan
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution  i3SIntegrated Security, Safety and Surveillance Solution  i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
Health Data Encryption: The Seven Principals of Privacy
Health Data Encryption: The Seven Principals of PrivacyHealth Data Encryption: The Seven Principals of Privacy
Health Data Encryption: The Seven Principals of PrivacyCompliancy Group
 
Internet Security is an Oxymoron
Internet Security is an OxymoronInternet Security is an Oxymoron
Internet Security is an OxymoronMax Nokhrin
 
ch07-Security.pptx
ch07-Security.pptxch07-Security.pptx
ch07-Security.pptxLuckySaigon1
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 

Semelhante a Risk Analysis and RFC 1149 (IP on Avian Carriers) (20)

Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 Sofia
 
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationDouglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity Presentation
 
Info leakage 200510
Info leakage 200510Info leakage 200510
Info leakage 200510
 
Security Unplugged
Security UnpluggedSecurity Unplugged
Security Unplugged
 
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
Alerting, Reminding, Reminding, Reminding And Releasing Vulnerabilities
Alerting, Reminding, Reminding, Reminding And Releasing VulnerabilitiesAlerting, Reminding, Reminding, Reminding And Releasing Vulnerabilities
Alerting, Reminding, Reminding, Reminding And Releasing Vulnerabilities
 
Would You Lie to Your Physician? Establishing Privacy Compliance within your ...
Would You Lie to Your Physician? Establishing Privacy Compliance within your ...Would You Lie to Your Physician? Establishing Privacy Compliance within your ...
Would You Lie to Your Physician? Establishing Privacy Compliance within your ...
 
Role of encryption in security vs privacy debate
Role of encryption in security vs privacy debateRole of encryption in security vs privacy debate
Role of encryption in security vs privacy debate
 
20161109_Mahan_Brighttalk_Webinar_Final
20161109_Mahan_Brighttalk_Webinar_Final20161109_Mahan_Brighttalk_Webinar_Final
20161109_Mahan_Brighttalk_Webinar_Final
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's Clothing
 
Nhs dealing with cyber threat
Nhs dealing with cyber threatNhs dealing with cyber threat
Nhs dealing with cyber threat
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution  i3SIntegrated Security, Safety and Surveillance Solution  i3S
Integrated Security, Safety and Surveillance Solution i3S
 
Health Data Encryption: The Seven Principals of Privacy
Health Data Encryption: The Seven Principals of PrivacyHealth Data Encryption: The Seven Principals of Privacy
Health Data Encryption: The Seven Principals of Privacy
 
Internet Security is an Oxymoron
Internet Security is an OxymoronInternet Security is an Oxymoron
Internet Security is an Oxymoron
 
ch07-Security.pptx
ch07-Security.pptxch07-Security.pptx
ch07-Security.pptx
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 

Último

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 

Último (20)

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 

Risk Analysis and RFC 1149 (IP on Avian Carriers)

  • 1. Risk Analysis in RFC 1149 Alison Hawke / Director of QA
  • 2. RFC 1149 Our target system for risk analysis “A Standard for the Transmission of IP Datagrams on Avian Carriers” RFC 1149 was released for comment by the Internet Engineering Task Force on 1 April 1990.
  • 3. What is risk analysis? What is a risk? Where do they lurk? How do you find them? No code is 100% risk-free. Assumptions are bad, especially ones you don’t know about. Trade-off sliders, what does the client really care about? Certain areas are inherently risky because they’re hard to get right. Hygiene factors/detractors.
  • 4. Assumptions and “unknown unknowns” How do you know what you know and what you don’t know? “Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.” Donald Rumsfeld, US Secretary of Defense, Feb 12, 2012
  • 5. Trade-off sliders and risk prioritization Who cares, and about what? Why is this more important than that? • What does the client care about most? Ask them, often. • Will this feature lose the client money if it’s broken? • Will this feature make the client look bad if it’s broken? • Nonfunctional considerations are a risk
  • 6. Some stuff is just difficult February 29th, 2015 and other problems https://twitter.com/kellan/status/11110460227
  • 7. Some stuff is just difficult “GU2 5XH” is a valid UK postal code • Dates, times, and time zones are complex. • Names and addresses, especially global ones, are tricky. • Math is hard, rounding errors happen, int’l currencies are difficult. • If the user can enter data, the app is open to attack. • Caching is hard, and horrible when it goes wrong. • Nonfunctional considerations are a risk, e.g. system resources. • What about security? Encryption? Privacy? Personally identifiable information?
  • 8. Hygiene factors and other detractors No-one likes a dirty bathroom If {X} is there, it provides little user satisfaction. If {X} is missing or broken, it is a HUGE problem. Examples: • Clean bathrooms. • Caching. • Performance. • Encryption and other security. • Session persistence.