Please note:
On this page you will only see the English-language presentations of the conference. You can find all conference sessions, including the German speaking ones, here.
The times given in the conference program of OOP 2024 correspond to Central European Time (CET).
By clicking on "VORTRAG MERKEN" within the lecture descriptions you can arrange your own schedule. You can view your schedule at any time using the icon in the upper right corner.
Track: Testing & Quality
- Dienstag
30.01. - Mittwoch
31.01.
While AI systems differ in some points from "traditional" systems, testing them does not have to be more difficult - knowing the right questions to ask will go a long way. In this talk we will:
- Arm you with a checklist of questions to ask when preparing to test an AI system
- Show you that testers and data scientist have common ground when testing AI systems
Keep calm and test on - AI systems are not that different from "normal" systems.
Target Audience: Testers, Data Scientists, Developers, Product Owners, Architects
Prerequisites: Basic knowledge of software testing
Level: Advanced
Extended Abstract:
If you're a tester about to test your first AI system, or wanting to move into that area, you're probably wondering how you can prepare for the role. While we usually do not deal with complexity in the magnitude of Large Language models like chatGPT, AI systems still seemingly offer different challenges than "traditional" systems.
You're not the first person to deal with these questions. In fact, a group of us got together to explore it in more detail. Is there a general framework of questions that testers can use to help develop a quality strategy for systems that use AI? We wanted to see if we could design one. To this end, we got together a group with diverse roles: tester, test architect, data scientist, project lead and CEO.
Join us in this talk to hear how we approached the task and what our results are, including an example of using our checklist of questions to analyse a system that uses AI. Along the way we also addressed questions like "What is the role of a tester in such projects?" and "How much math do I need?" - we'll talk about those discussions, too. We encourage participants to use our checklist and give us feedback on it!
Gregor Endler erwarb mit seiner Dissertation “Adaptive Data Quality Monitoring with a Focus on the Completeness of Timestamped Data” 2017 den Doktortitel in Informatik. Seitdem ist er als Data Scientist bei der codemanufaktur GmbH tätig. Seine Arbeit umfasst insbesondere Machine Learning, Datenanalyse und Datenvisualisierung.
Marco Achtziger is Test Architect working for Siemens Healthineers in Forchheim. In this role he supports teams working in an agile environment in implementing and executing tests in the preventive test phase in a large project. He has several qualifications from iSTQB and iSQI and is a certified Software Architect by Siemens AG and Siemens Senior Key Expert in the area of Testing and Continuous Delivery.
Vortrag Teilen
Security engineering from TARA and security requirements to security testing demand mechanisms to generate, verify, and connect the resulting work products. Traditional methods need lots of manual work and yet show inconsistencies and imbalanced tests. Generative AI allows novel methods with semi-automatic cyber security requirements engineering, traceability, and testing. In this industry presentation, we show two promising approaches with NLP and transformers and how to embed them into an industry-scale security pipeline from TARA to test.
Target Audience: Test Engineers, QA Experts, Security Experts, Requirements and Systems Engineers
Prerequisites: Some background on security and testing. We will hands-on introduce the AI methods.
Level: Advanced
Extended Abstract:
Security engineering from TARA and security requirements to security testing demand mechanisms to generate, verify, and connect the resulting work products. Traditional methods need lots of manual work such as for traceability and yet show little impact when looking at the many inconsistencies and imbalanced tests. NLP especially transformers allow novel methods with semi-automatic cyber security requirements engineering, traceability, and testing.
We focus here on using generative AI with NLP because they can support the methods described in the standard while there is no need to change the form of representation from what is required by cybersecurity standards and respective stakeholders. Especially the use of Large Language Models (LLM) for text generation, aggregation, and classification has recently proven promising to improve the efficiency and effectiveness of security analysis and tests.
Grey Box Penetration Testing is an approach where only publicly available information is used to perform an attack on the SUT. This often requires massive research effort. Threat catalogs were known and often used threats are recorded can increase the performance while testing. To provide additional aid we are currently working towards building an AI-supported threat catalogue. Therefore, we use a special transformer model which is specialized in searching and summarizing information. When fed with known information about the SUT this model searches all available databases like CVE or CAPEC, previously recorded attack patterns, and other contextual information available and gives the penetration test engineer an initial idea of how to approach an attack on the SUT.
Using the AI to generate both grey and white box attack paths is an approach to check how much information about the system or components such as libraries and dependencies which are used in the SUT are available. Having introduced these methods to the security life-cycle, we will in the next step better integrate the tools. This will facilitate a swift turn-around upon changes in an agile delivery pipeline and thus achieve consistency from TARA to security requirements and (regression) test cases.
Vector together with the University of Stuttgart has developed transformers and generative AI-based methodologies for the specification and validation of cybersecurity requirements with the goal to increase productivity and quality.
In this industry presentation, we practically show how generative AI can scale into an industry-scale security pipeline.
Mehr Inhalte dieses Speakers? Schaut doch mal bei sigs.de vorbei: https://www.sigs.de/autor/christof.ebert
Christof Ebert is the managing director of Vector Consulting Services in Stuttgart, Germany. He holds a PhD from University of Stuttgart, is a Senior Member of the IEEE and teaches at University of Stuttgart and Sorbonne university in Paris. Cybersecurity has been his focus since studying in USA and directly contributing against the Morris worm.
Mehr Inhalte dieses Speakers? Schaut doch mal bei sigs.de vorbei: https://www.sigs.de/experten/christof-ebert/
Vortrag Teilen
Many developers evoke technical debt to explain the misfortunes and troubles of their codebase and delivery. While unmanaged technical debt weighs down an architecture and exerts drag on its schedule, it is more often an effect than a cause. In this talk, we will look at what is and is not meant by technical debt with a view to properly attributing the root and recurring cause as technical neglect than technical debt. Without seeing technical neglect for what it is, we will continue to misattribute our problems to an effect rather than a cause.
Target Audience: Developers, Architects, Technical Managers
Prerequisites: Responsibility for software development, whether implementing it, guiding it or managing it
Level: Advanced
Extended Abstract:
Many developers evoke the mischievous spirit and day-to-day burden of technical debt to explain the misfortunes and troubles of their codebase and delivery. While unmanaged technical debt weighs down an architecture and exerts drag on its schedule, it is more often an effect than a cause. In this talk, we will look at what is and is not meant by technical debt — and other metaphors — with a view to properly attributing the root and recurring cause as technical neglect than technical debt. Without seeing technical neglect for what it is, we will continue to misattribute our problems to an effect rather than a cause.
Kevlin Henney is an independent consultant, trainer, speaker and writer. He helps individuals and teams improve their skills, codebases and cultures, ensuring people have a place in their architecture. He is co-author of two volumes in the "Pattern-Oriented Software Architecture" series, editor of "97 Things Every Programmer Should Know" and co-editor of "97 Things Every Java Programmer Should Know". He lives in Bristol and online.
Vortrag Teilen
In the evolving AI landscape, the EU AI Act introduces new standards for assuring high-risk AI systems. This presentation will explore the tester's role in navigating these standards, drawing from the latest research and from our experiences with an Automatic Employment Decision System, a high-risk AI. We'll discuss emerging methodologies, conformity assessments, and post-deployment monitoring, offering insights and practical guidance for aligning AI systems with the Act's requirements.
Target Audience: QA Professionals, AI Engineers/Architects, Business Leaders, POs/PMs, Policy Makers
Prerequisites: Basic Understanding of AI, Familiar with Testing, Awareness of EU AI Act, Interest in AI Asurance
Level: Advanced
Extended Abstract:
As the landscape of Artificial Intelligence (AI) rapidly evolves, the upcoming EU AI Act is set to introduce a new paradigm for assuring high-risk AI systems. This session will allow participants to delve into the pivotal role of testers in this context. We will decode the complexities of the Act and get to see how fostering the Act will ensure robust, transparent, and ethically aligned AI systems.
Drawing on recent research and my own experience in testing high-risk AI systems, I will discuss the emerging methodologies for testing high-risk AI, including explainability methods, robustness testing, and fairness testing. Together, we will also explore the Act's emphasis on conformity assessments and post-deployment monitoring, highlighting the tester's role in these processes. Participants will gain a unique behind-the-scenes look at how we have gone from chaos to order in testing an Automatic Employment Decision System, a high-risk AI.
Joining this session will equip participants with valuable insights and practical guidance on aligning AI systems with the EU AI Act. This is a must-attend for testers, AI developers, and business leaders alike who are navigating this new frontier, exploring the challenges, opportunities, and future directions in the assurance of high-risk AI systems. By the end of the session, participants will be better prepared to face the challenges posed by the EU AI Act and will have a clear understanding of the future directions in the assurance of high-risk AI systems.
Mehr Inhalte dieses Speakers? Schaut doch mal bei sigs.de vorbei: https://www.sigs.de/autor/andrei.nutas
Andrei Nutas is a Test Architect at Adesso with over 7 years of industry experience. For the past year, among other things, Andrei has helped align an Automated Employment Decision System to the upcoming EU AI Act. In his free time, he is a research fellow with the West University of Timisoara where he focuses on AI Alignment and AI Ethics.
Mehr Inhalte dieses Speakers? Schaut doch mal bei sigs.de vorbei: https://www.sigs.de/experten/andrei-nutas/
Vortrag Teilen