The Scrum approach to software development

Agile methodologies have become the standard approach to software development. The most popular and used one is Scrum. Scrum is a very simple and flexible framework that respond to unpredictability in a really effective way. However, his implementation must be correct, and since Scrum tells you what to do but not how to do it, this is not trivial. In this thesis I will describe the Scrum Framework, how to implement it and a tool that can help to do this. The thesis is divided into three parts. The first part is called Scrum. Here I will introduce the framework itself, its key concepts and its components. In Scrum there are three components: roles, meetings and artifacts. Each of these is meant to accomplish a series of specific tasks. After describing the “what to do”, in the second part, Best Practices, I will focus on the “how to do it”. For example, how to decide which items should be included in the next sprint, how to estimate tasks, and how should the team workspace be. Finally, in the third part called Tools, I will introduce Visual Studio Online, a cloud service from Microsoft that offers Git and TFVC repositories and the opportunity to manage projects with Scrum. == Versione italiana: I metodi Agile sono diventati l’approccio standard per lo sviluppo di software. Il più famoso ed utilizzato è Scrum. Scrum è un framework molto semplice e flessibile che risponde ai cambiamenti in una maniera molto efficace. La sua implementazione deve però essere corretta, e visto che Scrum ci dice cosa fare ma non come farlo, questo non risulta essere immediato. In questa tesi descriverò Scrum, come implementarlo ed uno strumento che ci può aiutare a farlo. La tesi è divisa in tre parti. La prima parte è chiamata Scrum. Qui introdurrò il framework, i suoi concetti base e le sue componenti. In Scrum ci sono tre componenti: i ruoli, i meeting e gli artifact. Ognuno di questi è studiato per svolgere una serie di compiti specifici. Dopo aver descritto il “cosa fare”, nella seconda parte, Best Practices, mi concentrerò sul “come farlo”. Ad esempio, come decidere quali oggetti includere nella prossima sprint, come stimare ogni task e come dovrebbe essere il luogo di lavoro del team. Infine, nella terza parte chiamata Tools, introdurrò Visual Studio Online, un servizio cloud della Microsoft che offre repository Git e TFVC e l’opportunità di gestire un progetto con Scrum.

Synthetic data generation for the assessment of antimicrobial resistance through machine learning

As a consequence of the diffusion of next generation sequencing techniques, metagenomics databases have become one of the most promising repositories of information about features and behavior of microorganisms. One of the subjects that can be studied from those data are bacteria populations. Next generation sequencing techniques allow to study the bacteria population within an environment by sampling genetic material directly from it, without the needing of culturing a similar population in vitro and observing its behavior. As a drawback, it is quite complex to extract information from those data and usually there is more than one way to do that; AMR is no exception. In this study we will discuss how the quantified AMR, which regards the genotype of the bacteria, can be related to the bacteria phenotype and its actual level of resistance against the specific substance. In order to have a quantitative information about bacteria genotype, we will evaluate the resistome from the read libraries, aligning them against CARD database. With those data, we will test various machine learning algorithms for predicting the bacteria phenotype. The samples that we exploit should resemble those that could be obtained from a natural context, but are actually produced by a read libraries simulation tool. In this way we are able to design the populations with bacteria of known genotype, so that we can relay on a secure ground truth for training and testing our algorithms.

Cyber threat intelligence: identifying hardcoded secrets in GitHub

The usage of version control systems and the capabilities of storing the source code in public platforms such as GitHub increased the number of passwords, API Keys and tokens that can be found and used causing a massive security issue for people and companies. In this project, SAP's secret scanner Credential Digger is presented. How it can scan repositories to detect hardcoded secrets and how it manages to filter out the false positives between them. Moreover, how I have implemented the Credential Digger's pre-commit hook. A performance comparison between three different implementations of the hook based on how it interacts with the Machine Learning model is presented. This project also includes how it is possible to use already detected credentials to decrease the number false positive by leveraging the similarity between leaks by using the Bucket System.