Conference Program

Please note:
On this page you will only see the English-language presentations of the conference. You can find all conference sessions, including the German speaking ones, here.

The times given in the conference program of OOP 2024 correspond to Central European Time (CET).

By clicking on "VORTRAG MERKEN" within the lecture descriptions you can arrange your own schedule. You can view your schedule at any time using the icon in the upper right corner.

Track: Testing & Quality

Nach Tracks filtern
Nach Themen filtern
Alle ausklappen
  • Dienstag
    30.01.
  • Mittwoch
    31.01.
, (Dienstag, 30.Januar 2024)
16:15 - 17:15
Di 9.3
Asking the Right Questions When Testing AI Systems
Asking the Right Questions When Testing AI Systems

While AI systems differ in some points from "traditional" systems, testing them does not have to be more difficult - knowing the right questions to ask will go a long way. In this talk we will:

  • Arm you with a checklist of questions to ask when preparing to test an AI system
  • Show you that testers and data scientist have common ground when testing AI systems

Keep calm and test on - AI systems are not that different from "normal" systems.

Target Audience: Testers, Data Scientists, Developers, Product Owners, Architects
Prerequisites: Basic knowledge of software testing
Level: Advanced

Extended Abstract:
If you're a tester about to test your first AI system, or wanting to move into that area, you're probably wondering how you can prepare for the role. While we usually do not deal with complexity in the magnitude of Large Language models like chatGPT, AI systems still seemingly offer different challenges than "traditional" systems.
You're not the first person to deal with these questions. In fact, a group of us got together to explore it in more detail. Is there a general framework of questions that testers can use to help develop a quality strategy for systems that use AI? We wanted to see if we could design one. To this end, we got together a group with diverse roles: tester, test architect, data scientist, project lead and CEO.
Join us in this talk to hear how we approached the task and what our results are, including an example of using our checklist of questions to analyse a system that uses AI. Along the way we also addressed questions like "What is the role of a tester in such projects?" and "How much math do I need?" - we'll talk about those discussions, too. We encourage participants to use our checklist and give us feedback on it!

Gregor Endler holds a doctor's degree in Computer Science for his thesis on the completeness of timestamped data.
His work at codemanufaktur GmbH deals with Machine Learning and Data Analysis.

Marco Achtziger is working for Siemens Healthineers in Forchheim. He has several qualifications from iSTQB and iSQI and is a certified Senior Software-Architect by Siemens AG but is a test architect in his heart. In that area he also works as a trainer for a Siemens AG/Healthineers wide training program for test architects. He always seeks to exchange knowledge and experiences from other companies to make sure that we all learn from each other. He does that also as speaker on several conferences like OOP or Agile Testing Days and several other conferences.

Gregor Endler, Marco Achtziger
Gregor Endler, Marco Achtziger
flag VORTRAG MERKEN

Vortrag Teilen

17:45 - 18:45
Di 9.4
Generative AI for Cybersecurity
Generative AI for Cybersecurity

Security engineering from TARA and security requirements to security testing demand mechanisms to generate, verify, and connect the resulting work products. Traditional methods need lots of manual work and yet show inconsistencies and imbalanced tests. Generative AI allows novel methods with semi-automatic cyber security requirements engineering, traceability, and testing. In this industry presentation, we show two promising approaches with NLP and transformers and how to embed them into an industry-scale security pipeline from TARA to test.

Target Audience: Test Engineers, QA Experts, Security Experts, Requirements and Systems Engineers
Prerequisites: Some background on security and testing. We will hands-on introduce the AI methods.
Level: Advanced

Extended Abstract:
Security engineering from TARA and security requirements to security testing demand mechanisms to generate, verify, and connect the resulting work products. Traditional methods need lots of manual work such as for traceability and yet show little impact when looking at the many inconsistencies and imbalanced tests. NLP especially transformers allow novel methods with semi-automatic cyber security requirements engineering, traceability, and testing.
We focus here on using generative AI with NLP because they can support the methods described in the standard while there is no need to change the form of representation from what is required by cybersecurity standards and respective stakeholders. Especially the use of Large Language Models (LLM) for text generation, aggregation, and classification has recently proven promising to improve the efficiency and effectiveness of security analysis and tests.
Grey Box Penetration Testing is an approach where only publicly available information is used to perform an attack on the SUT. This often requires massive research effort. Threat catalogs were known and often used threats are recorded can increase the performance while testing. To provide additional aid we are currently working towards building an AI-supported threat catalogue. Therefore, we use a special transformer model which is specialized in searching and summarizing information. When fed with known information about the SUT this model searches all available databases like CVE or CAPEC, previously recorded attack patterns, and other contextual information available and gives the penetration test engineer an initial idea of how to approach an attack on the SUT.
Using the AI to generate both grey and white box attack paths is an approach to check how much information about the system or components such as libraries and dependencies which are used in the SUT are available. Having introduced these methods to the security life-cycle, we will in the next step better integrate the tools. This will facilitate a swift turn-around upon changes in an agile delivery pipeline and thus achieve consistency from TARA to security requirements and (regression) test cases.
Vector together with the University of Stuttgart has developed transformers and generative AI-based methodologies for the specification and validation of cybersecurity requirements with the goal to increase productivity and quality.
In this industry presentation, we practically show how generative AI can scale into an industry-scale security pipeline.

Mehr Inhalte dieses Speakers? Schaut doch mal bei sigs.de vorbei: https://www.sigs.de/autor/christof.ebert

Christof Ebert is the managing director of Vector Consulting Services in Stuttgart, Germany. He holds a PhD from University of Stuttgart, is a Senior Member of the IEEE and teaches at University of Stuttgart and Sorbonne university in Paris. Cybersecurity has been his focus since studying in USA and directly contributing against the Morris worm.

Christof Ebert, Maximilian Beck
Christof Ebert, Maximilian Beck
flag VORTRAG MERKEN

Vortrag Teilen

, (Mittwoch, 31.Januar 2024)
11:00 - 11:45
Mi 9.2
Technical Neglect
Technical Neglect

Many developers evoke technical debt to explain the misfortunes and troubles of their codebase and delivery. While unmanaged technical debt weighs down an architecture and exerts drag on its schedule, it is more often an effect than a cause. In this talk, we will look at what is and is not meant by technical debt with a view to properly attributing the root and recurring cause as technical neglect than technical debt. Without seeing technical neglect for what it is, we will continue to misattribute our problems to an effect rather than a cause.

Target Audience: Developers, Architects, Technical Managers
Prerequisites: Responsibility for software development, whether implementing it, guiding it or managing it
Level: Advanced

Extended Abstract:
Many developers evoke the mischievous spirit and day-to-day burden of technical debt to explain the misfortunes and troubles of their codebase and delivery. While unmanaged technical debt weighs down an architecture and exerts drag on its schedule, it is more often an effect than a cause. In this talk, we will look at what is and is not meant by technical debt — and other metaphors — with a view to properly attributing the root and recurring cause as technical neglect than technical debt. Without seeing technical neglect for what it is, we will continue to misattribute our problems to an effect rather than a cause.

Kevlin Henney is an independent consultant, speaker, writer and trainer. His development interests are in programming, practice and people. He is co-author of two volumes in the ”Pattern-Oriented Software Architecture” series, and editor and contributor for multiple books in the ”97 Things” series. He lives in Bristol and online.

Kevlin Henney
Kevlin Henney
flag VORTRAG MERKEN

Vortrag Teilen

14:30 - 15:30
Mi 9.3
Fostering the EU AI Act | A new dimension in assuring high risk AI
Fostering the EU AI Act | A new dimension in assuring high risk AI

In the evolving AI landscape, the EU AI Act introduces new standards for assuring high-risk AI systems. This presentation will explore the tester's role in navigating these standards, drawing from the latest research and from our experiences with an Automatic Employment Decision System, a high-risk AI. We'll discuss emerging methodologies, conformity assessments, and post-deployment monitoring, offering insights and practical guidance for aligning AI systems with the Act's requirements.

Target Audience: QA Professionals, AI Engineers/Architects, Business Leaders, POs/PMs, Policy Makers
Prerequisites: Basic Understanding of AI, Familiar with Testing, Awareness of EU AI Act, Interest in AI Asurance
Level: Advanced

Extended Abstract:
As the landscape of Artificial Intelligence (AI) rapidly evolves, the upcoming EU AI Act is set to introduce a new paradigm for assuring high-risk AI systems. This session will allow participants to delve into the pivotal role of testers in this context. We will decode the complexities of the Act and get to see how fostering the Act will ensure robust, transparent, and ethically aligned AI systems.
Drawing on recent research and my own experience in testing high-risk AI systems, I will discuss the emerging methodologies for testing high-risk AI, including explainability methods, robustness testing, and fairness testing. Together, we will also explore the Act's emphasis on conformity assessments and post-deployment monitoring, highlighting the tester's role in these processes. Participants will gain a unique behind-the-scenes look at how we have gone from chaos to order in testing an Automatic Employment Decision System, a high-risk AI.
Joining this session will equip participants with valuable insights and practical guidance on aligning AI systems with the EU AI Act. This is a must-attend for testers, AI developers, and business leaders alike who are navigating this new frontier, exploring the challenges, opportunities, and future directions in the assurance of high-risk AI systems. By the end of the session, participants will be better prepared to face the challenges posed by the EU AI Act and will have a clear understanding of the future directions in the assurance of high-risk AI systems.

Mehr Inhalte dieses Speakers? Schaut doch mal bei sigs.de vorbei: https://www.sigs.de/autor/andrei.nutas

Andrei Nutas is an AI Assurance Consultant with over 7 years of industry experience. For the past year, among other things, Andrei has helped Nagarro align its Automated Employment Decision System to the upcoming EU AI Act. In his free time, he is a research fellow with the West University of Timisoara where he focuses on AI Alignment and AI Ethics.

Andrei Nutas
Andrei Nutas
flag VORTRAG MERKEN

Vortrag Teilen

Zurück