30 Aug 2022
Rolling Alice: https://github.com/intel/dffml/tree/alice/docs/tutorials/rolling_alice
Slide Deck (commenting enabled): https://docs.google.com/presentation/d/1WBz-meM7n6nDe3-133tF1tlDQJ6nYYPySAdMgTHLb6Q/edit#slide=id.p
Engineering Log Entry: https://github.com/intel/dffml/discussions/1406#discussioncomment-3510908
Status Updates Playlist: https://www.youtube.com/playlist?list=PLtzAOVTpO2jZltVwl3dSEeQllKWZ0YU39
- Who is Alice?
- Alice will be our developer helper and one day a developer herself. She helps us understand and preform various parts of the software development lifecycle.
- We currently extend her by writing simple Python functions which can be distributed or combined in a decentralized way.
- She is built around a programming language agnostic format known as the Open Architecture.
- Eventually we will be able to extend any part of her in any language, or have parts be driven by machine learning models.
- What is the Open Architecture?
- It's the methodology that we use to interpret any domain specific description of architecture.
- We are developing the open architecture so that we can do a one hop on analysis when looking at any piece of software from a security or other angle.
- Having this generic method to describe any system architecture allows us to knit them together and assess their risk and threat model from a holistic viewpoint.
- Why work on the Open Architecture?
- We want this to be a machine and human interpretable format so that we can facilitate the validation of the reality of the code as it exists in it's static form, what it does when you execute it, and what we intend it to do.
- Intent in our case is measured by conference to and completeness of the threat model, and therefore also the associated open architecture description.
- The entity analysis Trinity
- The entity analysis Trinity helps us conceptualize our process. The points on our Trinity are Intent, Dynamic Analysis, and Static Analysis.
- By measuring and forming understanding in these areas we will be able to triangulate the strategic plans and principles involved in the execution of the software as well as it's development lifecycle.
- We use the Trinity to represent the soul of the software.
- What happens when we work on Alice?
- We build up Alice's understanding of software engineering as we automate the collection of data which represents our understanding of it.
- We also teach her how to automate parts of the development process, making contributions and other arbitrary things.
- Over time we'll build up a corpus of training data from which we'll build machine learning models.
- We will eventually introduce feedback loops where these models make decisions about development / contribution actions to be taken when given a codebase.
- We want to make sure that when Alice is deciding what code to write and contribute, that she is following our organizationally applicable policies. As outlined maybe in part via our threat model.
- Who is working on Alice?
- The DFFML community and anyone and everyone who would like to join us.
- Our objective is to build Alice with transparency, freedom, privacy, security, and egalitarianism as critical factors in her strategic principles.
- You can get involved by engaging with the DFFML community via the following links - Every time we contribute new functionality to Alice we write a tutorial on how that functionality can be extended and customized.
- We would love if you joined us in teaching Alice something about software development, or anything, and teaching others in the process.
- It's as easy writing a single function and explaining your thought process.
- The link on the left will take you to the code and tutorials. - We are also looking for folks who would like to contribute from by brainstorming and thinking about AI and especially AI ethics.
- The link on the right will take you a document we are collaboratively editing and contributing to.
- Plans
- Ensuring the contribution process to what exists (`alice please contribute`) is rock solid.
- Building out and making `alice shouldi contribute` accessible and ready for contribution.
- Engaging with those that are collecting metrics (https://metrics.openssf.org) and ensuring our work on metric collection bears fruit.
- Following our engagement on the metric collection front we will preform analysis to determine how to best target further `alice please contribute` efforts and align the two with a documented process on how we select high value targets so that others can pick up and run with extending.
- Later we'll get into more details on the dynamic analysis portion of the Trinity, where we'll work, over time, across many program executions of the code we are working on, to understand how it's execution maps to the work that we're doing via our understanding of what we've done (`please contribute`) and what we we're doing it on (`alice shouldi contribute`).
Slide Deck (commenting enabled): https://docs.google.com/presentation/d/1WBz-meM7n6nDe3-133tF1tlDQJ6nYYPySAdMgTHLb6Q/edit#slide=id.p
Engineering Log Entry: https://github.com/intel/dffml/discussions/1406#discussioncomment-3510908
Status Updates Playlist: https://www.youtube.com/playlist?list=PLtzAOVTpO2jZltVwl3dSEeQllKWZ0YU39
- Who is Alice?
- Alice will be our developer helper and one day a developer herself. She helps us understand and preform various parts of the software development lifecycle.
- We currently extend her by writing simple Python functions which can be distributed or combined in a decentralized way.
- She is built around a programming language agnostic format known as the Open Architecture.
- Eventually we will be able to extend any part of her in any language, or have parts be driven by machine learning models.
- What is the Open Architecture?
- It's the methodology that we use to interpret any domain specific description of architecture.
- We are developing the open architecture so that we can do a one hop on analysis when looking at any piece of software from a security or other angle.
- Having this generic method to describe any system architecture allows us to knit them together and assess their risk and threat model from a holistic viewpoint.
- Why work on the Open Architecture?
- We want this to be a machine and human interpretable format so that we can facilitate the validation of the reality of the code as it exists in it's static form, what it does when you execute it, and what we intend it to do.
- Intent in our case is measured by conference to and completeness of the threat model, and therefore also the associated open architecture description.
- The entity analysis Trinity
- The entity analysis Trinity helps us conceptualize our process. The points on our Trinity are Intent, Dynamic Analysis, and Static Analysis.
- By measuring and forming understanding in these areas we will be able to triangulate the strategic plans and principles involved in the execution of the software as well as it's development lifecycle.
- We use the Trinity to represent the soul of the software.
- What happens when we work on Alice?
- We build up Alice's understanding of software engineering as we automate the collection of data which represents our understanding of it.
- We also teach her how to automate parts of the development process, making contributions and other arbitrary things.
- Over time we'll build up a corpus of training data from which we'll build machine learning models.
- We will eventually introduce feedback loops where these models make decisions about development / contribution actions to be taken when given a codebase.
- We want to make sure that when Alice is deciding what code to write and contribute, that she is following our organizationally applicable policies. As outlined maybe in part via our threat model.
- Who is working on Alice?
- The DFFML community and anyone and everyone who would like to join us.
- Our objective is to build Alice with transparency, freedom, privacy, security, and egalitarianism as critical factors in her strategic principles.
- You can get involved by engaging with the DFFML community via the following links - Every time we contribute new functionality to Alice we write a tutorial on how that functionality can be extended and customized.
- We would love if you joined us in teaching Alice something about software development, or anything, and teaching others in the process.
- It's as easy writing a single function and explaining your thought process.
- The link on the left will take you to the code and tutorials. - We are also looking for folks who would like to contribute from by brainstorming and thinking about AI and especially AI ethics.
- The link on the right will take you a document we are collaboratively editing and contributing to.
- Plans
- Ensuring the contribution process to what exists (`alice please contribute`) is rock solid.
- Building out and making `alice shouldi contribute` accessible and ready for contribution.
- Engaging with those that are collecting metrics (https://metrics.openssf.org) and ensuring our work on metric collection bears fruit.
- Following our engagement on the metric collection front we will preform analysis to determine how to best target further `alice please contribute` efforts and align the two with a documented process on how we select high value targets so that others can pick up and run with extending.
- Later we'll get into more details on the dynamic analysis portion of the Trinity, where we'll work, over time, across many program executions of the code we are working on, to understand how it's execution maps to the work that we're doing via our understanding of what we've done (`please contribute`) and what we we're doing it on (`alice shouldi contribute`).
- 1 participant
- 5 minutes
