SlideShare uma empresa Scribd logo

Characterizing Defective Configuration Scripts Used for Continuous Deployment

Transferir como PPTX, PDF
Akond Rahman
Akond Rahman

What operations correlate with defective configuration scripts? We identify three operations: filesystem, infrastructure provisioning, and user accounts. If you want to find defects, find scripts that do these operations. Details: https://akondrahman.github.io/papers/icst2018_tm.pdf

Dados e análise
1 de 27
Characterizing Defective Configuration Scripts Used for Continuous Deployment Akond Rahman and Laurie Williams aarahman@ncsu.edu https://akondrahman.github.io/
Outline • Motivation • Goal • Research Questions • Methodology • Dataset • Empirical Findings • Summary 2
Motivation: Continuous Deployment 3 Continuous Integration Integrate software changes regularly Continuous Deployment Integrate software changes regularly Automatically deploy software changes rapidly
Motivation: Continuous Deployment https://en.facebookbrand.com/assets/f-logo https://www.stitcher.com/podcast/etsy https://brand.netflix.com/en/assets/ Facebook Etsy Netflix 4
Motivation: Continuous Deployment Summit Continuous Deployment Summit (2015, 2016, 2017) Dr. Chris Parnin Dr. Laurie Williams 5
Motivation: Infrastructure as Code ( IaC) Continuous Deployment Summit (2015, 2016, 2017) 6 Ansible Chef Puppet
Motivation: Defects in IaC scripts • Defects in IaC scripts can have serious consequences 7https://wikitech.wikimedia.org/wiki/Incident_documentation/20170118-Labs Wikimedia Commons
Goal To help software practitioners to prioritize validation and verification efforts for infrastructure as code (IaC) scripts by identifying the operations that characterize defective IaC scripts 8
Research Questions • RQ-1: Which are the operations that characterize defective infrastructure as code (IaC) scripts? How frequently do the identified operations appear in IaC scripts? • RQ-2: How can we build prediction models for defective infrastructure as code scripts using text features? 9
Background case $::operatingsystem { ‘CentOS’: { exec { "install iptables": command => "/bin/yum install iptables -y", creates => "/sbin/iptables"; } } default: { fail("cannot install on $::operatingsystem") } } https://puppet.com/company/press-room/media-kit 10
Methodology • Dataset Construction • Empirical Analysis 11
Methodology: Dataset Construction Extract Commit IaC Repositories 12 Rater-1 Rater-2 Disagree? Mark as defect or non-defect Resolver Mark as defect or non-defect No Yes
Methodology: Empirical Analysis Dataset Feature Extraction Correlating Features Answer to RQ1 Answer to RQ2 Bag of words, TF-IDF Principal Component Analysis Qualitative Analysis Random Forest, Parameter Tuning, AUC, F1 13
Dataset: Sources Mozilla Openstack Wikimedia Commons https://blog.mozilla.org/opendesign/arrival/ https://www.openstack.org/brand/openstack-logo/ https://commons.wikimedia.org/wiki/Category:Logos 14
Dataset Mozilla Openstack Wikimedia Time Period Aug, 2011- Sep, 2016 Mar, 2011- Sep, 2016 Apr, 2005 – Sep, 2016 IaC Code Size (LOC) 30,272 122,083 17,439 Defect-related Commits 558 of 3074, 18.1% 1987 of 7808, 25.4% 298 of 972, 30.6% Defective IaC Scripts 259 of 580 (44.6%) 810 of 1383 (58.5%) 161 of 296 (54.4%) 15
Answer to RQ1: Which are the operations that characterize of defective infrastructure as code (IaC) scripts? • Filesystem operations • Infrastructure provisioning – Build systems – Data analytics systems – Database systems – Web server systems • Managing user accounts 16
Answer to RQ1: Filesystem operations 17
Answer to RQ1: Infrastructure provisioning • Build systems 18
Answer to RQ1: Infrastructure provisioning • Data analytics systems 19
Answer to RQ1: Infrastructure provisioning • Database systems 20
Answer to RQ1: Infrastructure provisioning • Web server systems 21
Answer to RQ1: Managing user accounts 22
Answer to RQ1: Frequency 21.7 14.5 23.4 6.9 18.9 17.9 2.5 1.1 1.6 0 5 10 15 20 25 Mozilla Openstack Wikimedia PercentageofIaCScripts Filesystem Infrastructure provision User account 23
Answer to RQ2: How can we build prediction models for defective infrastructure as code scripts using text features? 0.76 0.59 0.68 0.75 0.55 0.56 0 0.2 0.4 0.6 0.8 Mozilla Openstack Wikimedia MedianAUC Bag-of-words TF-IDF 0.74 0.71 0.73 0.72 0.74 0.7 0.65 0.7 0.75 Mozilla Openstack Wikimedia MedianF-Measure Bag-of-words TF-IDF 24
Limitations • Dataset construction • Text mining 25
Implications • Raise awareness amongst practitioners when doing certain operations • Prioritizing verification and validation efforts based on identified operations 26
Summary Answer to RQ1: Frequency 21.7 14.5 23.4 6.9 18.9 17.9 2.5 1.1 1.6 0 5 10 15 20 25 Mozilla Openstack Wikimedia PercentageofIaCScripts Filesystem Infrastructure provision User account aarahman@ncsu.edu akondrahman https://akondrahman.github.io/ Contact Answer to RQ2: How can we build prediction models for defective infrastructure as code scripts using text features? 0.76 0.59 0.68 0.75 0.55 0.56 0 0.2 0.4 0.6 0.8 Mozilla Openstack Wikimedia MedianAUC Bag-of-words TF-IDF 0.74 0.71 0.73 0.72 0.74 0.7 0.65 0.7 0.75 Mozilla Openstack Wikimedia MedianF-Measure Bag-of-words TF-IDF 27 Motivation: Defects in IaC scripts • Defects in IaC scripts can have serious consequences 6https://wikitech.wikimedia.org/wiki/Incident_documentation/20170118-Labs Wikimedia Commons

Recomendados

Shhh!: Secret Management Practices for Infrastructure as Code
Shhh!: Secret Management Practices for Infrastructure as Code Shhh!: Secret Management Practices for Infrastructure as Code
Shhh!: Secret Management Practices for Infrastructure as Code
Akond Rahman
 
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Akond Rahman
 
Source Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code ScriptsSource Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code Scripts
Akond Rahman
 
What Questions Do Programmers Ask About Configuration as Code?
What Questions Do Programmers Ask About Configuration as Code?What Questions Do Programmers Ask About Configuration as Code?
What Questions Do Programmers Ask About Configuration as Code?
Akond Rahman
 
Under-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsUnder-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes Manifests
Akond Rahman
 
使用 Elastic Stack 进行端对端安全分析
使用 Elastic Stack 进行端对端安全分析 使用 Elastic Stack 进行端对端安全分析
使用 Elastic Stack 进行端对端安全分析
Elasticsearch
 
Monitoring MongoDB Atlas with Datadog
Monitoring MongoDB Atlas with DatadogMonitoring MongoDB Atlas with Datadog
Monitoring MongoDB Atlas with Datadog
MongoDB
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified Observability
Elasticsearch
 

Recomendados

Shhh!: Secret Management Practices for Infrastructure as Code
Shhh!: Secret Management Practices for Infrastructure as Code Shhh!: Secret Management Practices for Infrastructure as Code
Shhh!: Secret Management Practices for Infrastructure as Code
Akond Rahman
 
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Characteristics of Defective Infrastructure as Code Scripts in Continuous Dep...
Akond Rahman
 
Source Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code ScriptsSource Code Properties of Defective Infrastructure as Code Scripts
Source Code Properties of Defective Infrastructure as Code Scripts
Akond Rahman
 
What Questions Do Programmers Ask About Configuration as Code?
What Questions Do Programmers Ask About Configuration as Code?What Questions Do Programmers Ask About Configuration as Code?
What Questions Do Programmers Ask About Configuration as Code?
Akond Rahman
 
Under-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsUnder-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes Manifests
Akond Rahman
 
使用 Elastic Stack 进行端对端安全分析
使用 Elastic Stack 进行端对端安全分析 使用 Elastic Stack 进行端对端安全分析
使用 Elastic Stack 进行端对端安全分析
Elasticsearch
 
Monitoring MongoDB Atlas with Datadog
Monitoring MongoDB Atlas with DatadogMonitoring MongoDB Atlas with Datadog
Monitoring MongoDB Atlas with Datadog
MongoDB
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified Observability
Elasticsearch
 
Application Security Logging with Splunk using Java
Application Security Logging with Splunk using JavaApplication Security Logging with Splunk using Java
Application Security Logging with Splunk using Java
Robert Grupe, CSSLP CISSP PE PMP
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOps
Alert Logic
 
Security Events Logging at Bell with the Elastic Stack
Security Events Logging at Bell with the Elastic StackSecurity Events Logging at Bell with the Elastic Stack
Security Events Logging at Bell with the Elastic Stack
Elasticsearch
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
Elasticsearch
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOps
Sumo Logic
 
ADDO Open Source Observability Tools
ADDO Open Source Observability Tools ADDO Open Source Observability Tools
ADDO Open Source Observability Tools
Mickey Boxell
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
Elasticsearch
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positivesAutomate threat detections and avoid false positives
Automate threat detections and avoid false positives
Elasticsearch
 
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource Webinar What's New With WhiteSource in December 2018WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource
 
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
Elasticsearch
 
Automate Your Container Deployments Securely
Automate Your Container Deployments SecurelyAutomate Your Container Deployments Securely
Automate Your Container Deployments Securely
DevOps.com
 
Nextpoint
NextpointNextpoint
Nextpoint
nycgov
 
Automatize a detecção de ameaças e evite falsos positivos
Automatize a detecção de ameaças e evite falsos positivosAutomatize a detecção de ameaças e evite falsos positivos
Automatize a detecção de ameaças e evite falsos positivos
Elasticsearch
 
Open source cloud native security with threat mapper
Open source cloud native security with threat mapperOpen source cloud native security with threat mapper
Open source cloud native security with threat mapper
LibbySchulze
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarFind Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
WhiteSource
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
Elasticsearch
 
Log Search Service Introduction
Log Search Service IntroductionLog Search Service Introduction
Log Search Service Introduction
Alex Tregubov
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elasticsearch
 
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Elasticsearch
 
Managing Microservices at Scale
Managing Microservices at ScaleManaging Microservices at Scale
Managing Microservices at Scale
Perforce
 
DSAPA.pdf
DSAPA.pdfDSAPA.pdf
DSAPA.pdf
Luis Pena
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for Devops
Splunk
 

Mais conteúdo relacionado

Mais procurados

American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
Elasticsearch
 
Automate Your Container Deployments Securely
Automate Your Container Deployments SecurelyAutomate Your Container Deployments Securely
Automate Your Container Deployments Securely
DevOps.com
 
Nextpoint
NextpointNextpoint
Nextpoint
nycgov
 
Log Search Service Introduction
Log Search Service IntroductionLog Search Service Introduction
Log Search Service Introduction
Alex Tregubov
 

Mais procurados (20)

Application Security Logging with Splunk using Java
Application Security Logging with Splunk using JavaApplication Security Logging with Splunk using Java
Application Security Logging with Splunk using Java
 
The Intersection of Security and DevOps
The Intersection of Security and DevOpsThe Intersection of Security and DevOps
The Intersection of Security and DevOps
 
Security Events Logging at Bell with the Elastic Stack
Security Events Logging at Bell with the Elastic StackSecurity Events Logging at Bell with the Elastic Stack
Security Events Logging at Bell with the Elastic Stack
 
End-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic StackEnd-to-End Security Analytics with the Elastic Stack
End-to-End Security Analytics with the Elastic Stack
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOps
 
ADDO Open Source Observability Tools
ADDO Open Source Observability Tools ADDO Open Source Observability Tools
ADDO Open Source Observability Tools
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positivesAutomate threat detections and avoid false positives
Automate threat detections and avoid false positives
 
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource Webinar What's New With WhiteSource in December 2018WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource Webinar What's New With WhiteSource in December 2018
 
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
American Ancestors Use Case - Scalability & Support Using the Elasticsearch S...
 
Automate Your Container Deployments Securely
Automate Your Container Deployments SecurelyAutomate Your Container Deployments Securely
Automate Your Container Deployments Securely
 
Nextpoint
NextpointNextpoint
Nextpoint
 
Automatize a detecção de ameaças e evite falsos positivos
Automatize a detecção de ameaças e evite falsos positivosAutomatize a detecção de ameaças e evite falsos positivos
Automatize a detecção de ameaças e evite falsos positivos
 
Open source cloud native security with threat mapper
Open source cloud native security with threat mapperOpen source cloud native security with threat mapper
Open source cloud native security with threat mapper
 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource WebinarFind Out What's New With WhiteSource May 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
 
Log Search Service Introduction
Log Search Service IntroductionLog Search Service Introduction
Log Search Service Introduction
 
Elastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite ElasticElastic Security : Protéger son entreprise avec la Suite Elastic
Elastic Security : Protéger son entreprise avec la Suite Elastic
 
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic StackSiscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
Siscale Lightning Talk: Automated Root Cause Analysis with Elastic Stack
 
Managing Microservices at Scale
Managing Microservices at ScaleManaging Microservices at Scale
Managing Microservices at Scale
 

Semelhante a Characterizing Defective Configuration Scripts Used for Continuous Deployment

Machine programming
Machine programmingMachine programming
Machine programming
DESMOND YUEN
 
Curiosity and Xray present - In sprint testing: Aligning tests and teams to r...
Curiosity and Xray present - In sprint testing: Aligning tests and teams to r...Curiosity and Xray present - In sprint testing: Aligning tests and teams to r...
Curiosity and Xray present - In sprint testing: Aligning tests and teams to r...
Curiosity Software Ireland
 
Alm Specialist Toolkit Team System 2008 Deep Dive
Alm Specialist Toolkit Team System 2008 Deep DiveAlm Specialist Toolkit Team System 2008 Deep Dive
Alm Specialist Toolkit Team System 2008 Deep Dive
Christian Thilmany
 
451 Research: Data Is the Key to Friction in DevOps
451 Research: Data Is the Key to Friction in DevOps451 Research: Data Is the Key to Friction in DevOps
451 Research: Data Is the Key to Friction in DevOps
Delphix
 
Software Project Management - NESDEV
Software Project Management - NESDEVSoftware Project Management - NESDEV
Software Project Management - NESDEV
Krit Kamtuo
 

Semelhante a Characterizing Defective Configuration Scripts Used for Continuous Deployment (20)

DSAPA.pdf
DSAPA.pdfDSAPA.pdf
DSAPA.pdf
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for Devops
 
Machine programming
Machine programmingMachine programming
Machine programming
 
Curiosity and Xray present - In sprint testing: Aligning tests and teams to r...
Curiosity and Xray present - In sprint testing: Aligning tests and teams to r...Curiosity and Xray present - In sprint testing: Aligning tests and teams to r...
Curiosity and Xray present - In sprint testing: Aligning tests and teams to r...
 
The Science of database CICD - UKOUG Breakthrough
The Science of database CICD - UKOUG BreakthroughThe Science of database CICD - UKOUG Breakthrough
The Science of database CICD - UKOUG Breakthrough
 
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
Just-in-time Detection of Protection-Impacting Changes on WordPress and Media...
 
The Magic Of Application Lifecycle Management In Vs Public
The Magic Of Application Lifecycle Management In Vs PublicThe Magic Of Application Lifecycle Management In Vs Public
The Magic Of Application Lifecycle Management In Vs Public
 
Alm Specialist Toolkit Team System 2008 Deep Dive
Alm Specialist Toolkit Team System 2008 Deep DiveAlm Specialist Toolkit Team System 2008 Deep Dive
Alm Specialist Toolkit Team System 2008 Deep Dive
 
CV_RishabhDixit
CV_RishabhDixitCV_RishabhDixit
CV_RishabhDixit
 
451 Research: Data Is the Key to Friction in DevOps
451 Research: Data Is the Key to Friction in DevOps451 Research: Data Is the Key to Friction in DevOps
451 Research: Data Is the Key to Friction in DevOps
 
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
 
Software Project Management - NESDEV
Software Project Management - NESDEVSoftware Project Management - NESDEV
Software Project Management - NESDEV
 
Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-Engineering
 
Keys to Continuous Delivery Success - Mark Warren, Product Director, Perforc...
Keys to Continuous Delivery Success - Mark Warren, Product Director, Perforc...Keys to Continuous Delivery Success - Mark Warren, Product Director, Perforc...
Keys to Continuous Delivery Success - Mark Warren, Product Director, Perforc...
 
Relational Database CI/CD
Relational Database CI/CDRelational Database CI/CD
Relational Database CI/CD
 
Intro
IntroIntro
Intro
 
Five Ways to Fix Your SQL Server Dev-Test Problems
Five Ways to Fix Your SQL Server Dev-Test Problems Five Ways to Fix Your SQL Server Dev-Test Problems
Five Ways to Fix Your SQL Server Dev-Test Problems
 
DevOps on Oracle Cloud
DevOps on Oracle CloudDevOps on Oracle Cloud
DevOps on Oracle Cloud
 
Software Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software EngineeringSoftware Analytics: Data Analytics for Software Engineering
Software Analytics: Data Analytics for Software Engineering
 
Automation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxAutomation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptx
 

Mais de Akond Rahman

Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...
Akond Rahman
 
Which Factors Influence Practitioners' Usage of Build Automation Tools?
Which Factors Influence Practitioners' Usage of Build Automation Tools?Which Factors Influence Practitioners' Usage of Build Automation Tools?
Which Factors Influence Practitioners' Usage of Build Automation Tools?
Akond Rahman
 
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...
Akond Rahman
 
Synthesizing Continuous Deployment Practices in Software Development
Synthesizing Continuous Deployment Practices in Software DevelopmentSynthesizing Continuous Deployment Practices in Software Development
Synthesizing Continuous Deployment Practices in Software Development
Akond Rahman
 

Mais de Akond Rahman (8)

How Do Students Feel About Automated Security Static Analysis Exercises?
How Do Students Feel About Automated Security Static Analysis Exercises? How Do Students Feel About Automated Security Static Analysis Exercises?
How Do Students Feel About Automated Security Static Analysis Exercises?
 
Exercise Perceptions: Experience Report From A Secure Software Development Co...
Exercise Perceptions: Experience Report From A Secure Software Development Co...Exercise Perceptions: Experience Report From A Secure Software Development Co...
Exercise Perceptions: Experience Report From A Secure Software Development Co...
 
Synthesizing Program Execution Time Discrepancies in Julia Used for Scientifi...
Synthesizing Program Execution Time Discrepancies in Julia Used for Scientifi...Synthesizing Program Execution Time Discrepancies in Julia Used for Scientifi...
Synthesizing Program Execution Time Discrepancies in Julia Used for Scientifi...
 
Comprehension Effort and Programming Activities: Related? Or Not Related?
Comprehension Effort and Programming Activities: Related? Or Not Related?Comprehension Effort and Programming Activities: Related? Or Not Related?
Comprehension Effort and Programming Activities: Related? Or Not Related?
 
Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...Predicting Android Application Security and Privacy Risk With Static Code Met...
Predicting Android Application Security and Privacy Risk With Static Code Met...
 
Which Factors Influence Practitioners' Usage of Build Automation Tools?
Which Factors Influence Practitioners' Usage of Build Automation Tools?Which Factors Influence Practitioners' Usage of Build Automation Tools?
Which Factors Influence Practitioners' Usage of Build Automation Tools?
 
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...
Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...
 
Synthesizing Continuous Deployment Practices in Software Development
Synthesizing Continuous Deployment Practices in Software DevelopmentSynthesizing Continuous Deployment Practices in Software Development
Synthesizing Continuous Deployment Practices in Software Development
 

Último

➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
amitlee9823
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
amitlee9823
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
SUHANI PANDEY
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
amitlee9823
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
amitlee9823
 
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
karishmasinghjnh
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Delhi Call girls
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
amitlee9823
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
amitlee9823
 

Último (20)

➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
➥🔝 7737669865 🔝▻ Thrissur Call-girls in Women Seeking Men 🔝Thrissur🔝 Escor...
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
 
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
➥🔝 7737669865 🔝▻ Bangalore Call-girls in Women Seeking Men 🔝Bangalore🔝 Esc...
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics Program
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
 

Characterizing Defective Configuration Scripts Used for Continuous Deployment

  • 1. Characterizing Defective Configuration Scripts Used for Continuous Deployment Akond Rahman and Laurie Williams aarahman@ncsu.edu https://akondrahman.github.io/
  • 2. Outline • Motivation • Goal • Research Questions • Methodology • Dataset • Empirical Findings • Summary 2
  • 3. Motivation: Continuous Deployment 3 Continuous Integration Integrate software changes regularly Continuous Deployment Integrate software changes regularly Automatically deploy software changes rapidly
  • 4. Motivation: Continuous Deployment https://en.facebookbrand.com/assets/f-logo https://www.stitcher.com/podcast/etsy https://brand.netflix.com/en/assets/ Facebook Etsy Netflix 4
  • 5. Motivation: Continuous Deployment Summit Continuous Deployment Summit (2015, 2016, 2017) Dr. Chris Parnin Dr. Laurie Williams 5
  • 6. Motivation: Infrastructure as Code ( IaC) Continuous Deployment Summit (2015, 2016, 2017) 6 Ansible Chef Puppet
  • 7. Motivation: Defects in IaC scripts • Defects in IaC scripts can have serious consequences 7https://wikitech.wikimedia.org/wiki/Incident_documentation/20170118-Labs Wikimedia Commons
  • 8. Goal To help software practitioners to prioritize validation and verification efforts for infrastructure as code (IaC) scripts by identifying the operations that characterize defective IaC scripts 8
  • 9. Research Questions • RQ-1: Which are the operations that characterize defective infrastructure as code (IaC) scripts? How frequently do the identified operations appear in IaC scripts? • RQ-2: How can we build prediction models for defective infrastructure as code scripts using text features? 9
  • 10. Background case $::operatingsystem { ‘CentOS’: { exec { "install iptables": command => "/bin/yum install iptables -y", creates => "/sbin/iptables"; } } default: { fail("cannot install on $::operatingsystem") } } https://puppet.com/company/press-room/media-kit 10
  • 12. Methodology: Dataset Construction Extract Commit IaC Repositories 12 Rater-1 Rater-2 Disagree? Mark as defect or non-defect Resolver Mark as defect or non-defect No Yes
  • 13. Methodology: Empirical Analysis Dataset Feature Extraction Correlating Features Answer to RQ1 Answer to RQ2 Bag of words, TF-IDF Principal Component Analysis Qualitative Analysis Random Forest, Parameter Tuning, AUC, F1 13
  • 14. Dataset: Sources Mozilla Openstack Wikimedia Commons https://blog.mozilla.org/opendesign/arrival/ https://www.openstack.org/brand/openstack-logo/ https://commons.wikimedia.org/wiki/Category:Logos 14
  • 15. Dataset Mozilla Openstack Wikimedia Time Period Aug, 2011- Sep, 2016 Mar, 2011- Sep, 2016 Apr, 2005 – Sep, 2016 IaC Code Size (LOC) 30,272 122,083 17,439 Defect-related Commits 558 of 3074, 18.1% 1987 of 7808, 25.4% 298 of 972, 30.6% Defective IaC Scripts 259 of 580 (44.6%) 810 of 1383 (58.5%) 161 of 296 (54.4%) 15
  • 16. Answer to RQ1: Which are the operations that characterize of defective infrastructure as code (IaC) scripts? • Filesystem operations • Infrastructure provisioning – Build systems – Data analytics systems – Database systems – Web server systems • Managing user accounts 16
  • 17. Answer to RQ1: Filesystem operations 17
  • 18. Answer to RQ1: Infrastructure provisioning • Build systems 18
  • 19. Answer to RQ1: Infrastructure provisioning • Data analytics systems 19
  • 20. Answer to RQ1: Infrastructure provisioning • Database systems 20
  • 21. Answer to RQ1: Infrastructure provisioning • Web server systems 21
  • 22. Answer to RQ1: Managing user accounts 22
  • 23. Answer to RQ1: Frequency 21.7 14.5 23.4 6.9 18.9 17.9 2.5 1.1 1.6 0 5 10 15 20 25 Mozilla Openstack Wikimedia PercentageofIaCScripts Filesystem Infrastructure provision User account 23
  • 24. Answer to RQ2: How can we build prediction models for defective infrastructure as code scripts using text features? 0.76 0.59 0.68 0.75 0.55 0.56 0 0.2 0.4 0.6 0.8 Mozilla Openstack Wikimedia MedianAUC Bag-of-words TF-IDF 0.74 0.71 0.73 0.72 0.74 0.7 0.65 0.7 0.75 Mozilla Openstack Wikimedia MedianF-Measure Bag-of-words TF-IDF 24
  • 26. Implications • Raise awareness amongst practitioners when doing certain operations • Prioritizing verification and validation efforts based on identified operations 26
  • 27. Summary Answer to RQ1: Frequency 21.7 14.5 23.4 6.9 18.9 17.9 2.5 1.1 1.6 0 5 10 15 20 25 Mozilla Openstack Wikimedia PercentageofIaCScripts Filesystem Infrastructure provision User account aarahman@ncsu.edu akondrahman https://akondrahman.github.io/ Contact Answer to RQ2: How can we build prediction models for defective infrastructure as code scripts using text features? 0.76 0.59 0.68 0.75 0.55 0.56 0 0.2 0.4 0.6 0.8 Mozilla Openstack Wikimedia MedianAUC Bag-of-words TF-IDF 0.74 0.71 0.73 0.72 0.74 0.7 0.65 0.7 0.75 Mozilla Openstack Wikimedia MedianF-Measure Bag-of-words TF-IDF 27 Motivation: Defects in IaC scripts • Defects in IaC scripts can have serious consequences 6https://wikitech.wikimedia.org/wiki/Incident_documentation/20170118-Labs Wikimedia Commons

Notas do Editor

  1. Keynote today
  2. 17 companies
  3. 17 companies
  4. Say post mortem analysis report
  5. Creates: creates => # A file to look for before running the command...
  6. Disagreeing on a defect or not