November 24, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
American Express has established an open source program office that gamifies the safe development of open source code that can be poured back into the community. “Without the program existing, a lot of people at the company wouldn’t know about giving back to open source, they wouldn’t see the power in it,” said Amanda Chesin, software engineer at American Express, during a presentation at OSFF. The AmEx OSPO started as an informal group of developers trying to establish a symbiotic relationship with the open source community, said Tim Klever, vice president of the development experience at AmEx, at the conference. The first step was to convince the skeptical upper management of the value of open source. Security issues were the single largest concern among 56% of executives surveyed by FINOS. That was followed by quality of components, compliance with external regulations, and licensing of intellectual properties. ... “That’s really when we kind of became official because we had someone to worry about this stuff and work on it the whole time, even though we only got [her] for a summer,” Klever said.
Of particular note is the provision for grievance redressal, affording individuals a legal avenue to hold data fiduciaries accountable. However, in contrast to the penalties imposed on data fiduciaries for non-compliance, the Data Protection Board's authority to levy fines on data principals (for violations of duties not to file frivolous complaints or impersonate others) is limited to a modest sum of up to ? 10,000. This duality poses a significant concern, as it introduces the possibility of groundless complaints. A successful complaint can yield a substantial ? 200 crore award, while an unsuccessful one carries a comparatively nominal penalty of ? 10,000. This dynamic could lead to an influx of speculative claims and an environment of undue frustration. There may be merit in revisiting the penalty structure, aligning it with the sum initially sought by the complainant to ensure the integrity of the complaint forum. One notable absence in the Act is the 'right to be forgotten', a provision in comparable digital data protection legislations like the GDPR.?
Beyond the increased performance that AI applications demand, a key benefit of the edge model is reliability and resilience. Consumers have taken to AI, with 73% worldwide saying they trust content produced by generative AI, and 43% keen for organizations to implement generative AI throughout customer interactions. Businesses that can’t keep their AI-powered services running will suffer from declining customer satisfaction and even a drop in market share. When a traditional data center suffers a power outage – perhaps due to a grid failure or natural disaster – apps reliant on these centralized data centers simply cannot function. Edge computing avoids this single point of failure: with compute more distributed, smart networks can instead use the processing power nearest to them to keep functioning. There are also benefits when it comes to data governance. If sensitive data is processed at the edge of the network, it doesn’t need to be processed in a public cloud or centralized data center, meaning fewer opportunities to steal data at rest or in transit. ... Finally, there are cost savings to think about. Cloud service providers often charge businesses to transfer data from their cloud storage.
领英推荐
First, they are not given the budget to plug up these vulnerabilities. In some instances, this is true. Cloud and development security are often underfunded. However, in most cases, the funding is good or great relative to their peers, and the problems still exist. Second, they can’t find the talent they need. For the most part, this is also legit. I figure that there are 10 security and development security positions that are chasing a single qualified candidate. As I talked about in my last post, we need to solve this. Despite the forces pushing against you, there are some recommended courses of action. CISOs should be able to capture metrics demonstrating risks and communicate them to executives and the board. Those are hard conversations but necessary if you’re looking to take on these issues as an executive team and reduce the impact on you and the development teams when stuff hits the fan. In many instances, the C-levels and the boards consider this a ploy to get more budget—that needs to be dealt with as well. Actions that can remove some of this risk include continuous security training for software development teams.?
Windows App, which is still in beta, will let you connect to Azure Virtual Desktop, Windows 365, Microsoft Dev Box, Remote Desktop Services, and remote PCs from, well, pretty much any computing device. Specifically, you can use it from Macs, iPhones, iPads, other Windows machines, and — pay attention! — web browsers. That last part means you'll be able to run Windows from Linux-powered PCs, Chromebooks, and Android phones and tablets. So, if you've been stuck running Windows because your boss insists that you can't get your job done from a Chromebook, Linux PC, or Mac, your day has come. You can still run the machine you want and use Windows for only those times you require Windows-specific software. Mind you, you've been able to do that for some time. As I pointed out recently, all the Windows software vendors don't want you to run standalone Windows applications; they prefer web-based Software-as-a-Service (SaaS) applications. They can make a lot more money from you by insisting you pay a monthly subscription rather than a one-time payment. Sure, Microsoft made its first billions from Windows and the PC desktop, but that hasn't been its business plan for years now.
At its essence, Q-learning is akin to introducing a reward system to a computer, aiding it in deciphering the most effective strategies for playing a game. This process involves defining various actions that a computer can take in a given situation or state, such as moving left, right, up, or down in a video game. These actions and states are meticulously logged in what is commonly referred to as a Q-table. The Q-table serves as the computer’s playground for learning, where it keeps tabs on the quality (Q-value) of each action in every state. Initially, it’s comparable to a blank canvas – the computer embarks on this journey without prior knowledge of which actions will lead to optimal results. The adventure commences with exploration. The computer takes a plunge into trying out different actions randomly, navigating the game environment, and recording the outcomes in the Q-table. Think of it as the computer playfully experimenting and gradually figuring out the lay of the land. Learning from Rewards forms the core of Q-learning. Each time the computer takes an action, it earns a reward.?