Skip to content

Instantly share code, notes, and snippets.

@psiborg

psiborg/cyberwatch.csv

Last active April 11, 2022 19:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save psiborg/0d025ad75e4bf6ba8ae9be0102f52384 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save psiborg/0d025ad75e4bf6ba8ae9be0102f52384 to your computer and use it in GitHub Desktop.
Download ZIP
Sample files for Thoughtworks' Tech Radar (https://www.thoughtworks.com/radar)
Raw
cyberwatch.csv
id name rcn type ending title teaser quadrant ring TRL MRL Score Median Performance Min Max cwurl
1 AARC2 206338 RIA Apr 2019 Authentication and Authorisation For Research and Collaboration The goal of AARC2 is to design an AAI framework to develop interoperable AAI, to enable researchers to access the whole research and infrastructure service portfolio with one login. AARC2's objectives are:1. enable federated access in research communities participating in... Secure Systems Adopt https://cyberwatching.eu/projects/929/aarc-2
4 AEGIS 210218 CSA Apr 2019 Accelerating EU-US DialoGue for Research and Innovation in CyberSecurity and Privacy AEGIS aims to strengthen dialogues between Europe and the US, in order to facilitate exchange of views, policies and best practices to stimulate cooperation around cybersecurity and privacy R&I, and contribute in shaping the future global cybersecurity and privacy... Cybersecurity Governance Adopt https://cyberwatching.eu/projects/932/aegis
5 ANASTACIA 207199 RIA Dec 2019 Advanced Networked Agents for Security and Trust Assessment in CPS/IOT Architectures The main objective of the ANASTACIA is to address the constant discovery of vulnerabilities in ICT components providing assurance that ICT systems are secure and trustworthy by design. To this end, ANASTACIA will research and develop a holistic security framework, which will... Verification & Assurance Assess 6 3 33 33 0 -24 16 https://cyberwatching.eu/projects/934/anastacia
6 ARIES 202675 RIA Feb 2019 reliAble euRopean Identity EcoSystem ARIES main goal is to deliver a comprehensive framework for reliable e-identity ecosystem comprising new technologies, processes and security features that ensure highest levels of quality in eID based on trustworthy security documents and biometrics for highly secure and... Secure Systems Adopt https://cyberwatching.eu/projects/935/aries
7 ARMOUR 199076 RIA Jan 2018 Large-Scale Experiments of IoT Security Trust The Internet-of-Things (IoT) is rapidly heading for large scale meaning that all mechanisms and features for the future IoT need to be especially designed and duly tested/certified for large-scale conditions. Also, Security, Privacy and Trust are critical elements of the IoT... Secure Systems Hold https://cyberwatching.eu/projects/937/armour
8 ASAP 105356 ERC-AG Sep 2018 Adaptive Security and Privacy With the prevalence of mobile computing devices and the increasing availability of pervasive services, ubiquitous computing (Ubicomp) is a reality for many people. This reality is generating opportunities for people to interact socially in new and richer ways, and to work mor... Human Aspects Adopt
9 ATENA 202699 IA Apr 2019 Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures Over recent years, Industrial and Automation Control Systems (IACS) adopted in Critical Infrastructures (CIs) have become more complex due to the increasing number of interconnected devices, and to the large amount of information exchanged among system components. With the... Operational Risk Adopt https://cyberwatching.eu/projects/939/atena
10 BEACON 194143 RIA Jul 2017 Enabling Federated Cloud Networking Cloud federation enables cloud providers to collaborate and share their resources to create a large virtual pool of resources at multiple network locations. Different types of federation architectures for clouds and datacenters have been proposed and implemented (e.g. cloud... Operational Risk Hold https://cyberwatching.eu/projects/940/beacon
12 C3ISP 202687 IA Sep 2019 Collaborative and Confidential Information Sharing and Analysis for Cyber Protection C3ISP mission is to define a collaborative and confidential information sharing, analysis and protection framework as a service for cyber security management. C3ISP innovation is the possibility to share information in a flexible and controllable manner inside a collaborative... Operational Risk Trial https://cyberwatching.eu/projects/942/c3isp
13 CANVAS 202697 CSA Aug 2019 Constructing an Alliance for Value-driven Cybersecurity The growing complexity of the digital ecosystem in combination with increasing global risks entail the danger that enforcing cybersecurity may bypass other fundamental values like equality, fairness or privacy, whereas downplaying cybersecurity would undermine citizens’... Cybersecurity Governance Trial https://cyberwatching.eu/projects/1267/canvas
14 certMILS 207195 IA Dec 2020 Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats certMILS develops a security certification methodology for Cyber-physical systems (CPS). CPS are characterised by safety-critical nature, complexity, connectivity, and open technology. A common downside to CPS complexity and openness is a large attack surface and a high degree... Cybersecurity Governance Assess https://cyberwatching.eu/projects/945/certmils
15 CHOReVOLUTION 194161 RIA Dec 2017 Automated Synthesis of Dynamic and Secured Choreographies for the Future internet The Future Internet (FI) represents an age of unprecedented opportunities for social, economic, and business growth thanks to the global scale connectivity of the virtual as well as of the physical world. This indeed opens up a wealth of innovative and revolutionary real-life... Secure Systems Hold https://cyberwatching.eu/projects/946/chorevolution
16 CIPSEC 202692 IA Apr 2019 Enhancing Critical Infrastructure Protection with innovative SECurity framework In recent years, the majority of the world's Critical Infrastructures CIs evolved to become more flexible, cost efficient and able to offer better services and conditions for business opportunities. Towards this evolution, CIs and companies offering CI services had to adopt... Secure Systems Adopt https://cyberwatching.eu/projects/947/cipsec
17 CITADEL 202704 IA May 2019 Critical Infrastructure Protection using Adaptive MILS Critical infrastructures (CI) rely on complex safety- and security-critical ICT systems placed into unpredictable environments and forced to cope with unexpected events and threats while exhibiting safe adaptive behavior. Recent security trends stress continuous adaptation to... Secure Systems Trial https://cyberwatching.eu/projects/948/citadel
18 CLARUS 194136 RIA Dec 2017 A FRAMEWORK FOR USER CENTRED PRIVACY AND SECURITY IN THE CLOUD Although cloud computing offers many benefits, security issues such as confidentiality and privacy are still major concerns to those intending to migrate to the cloud. Traditional cloud security has been based on assurance to customers that cloud providers follow sound... Secure Systems Hold https://cyberwatching.eu/projects/949/clarus
19 CloudSocket 194235 RIA Dec 2017 Business and IT-Cloud Alignment using a Smart Socket Business and IT Alignment is important challenge, as we are facing a dramatic change in the way we rely, depend and interact with ICT that influences our everyday life. Although “digital natives” will soon enter the workforce, there is still a huge gap between the business... Secure Systems Hold https://cyberwatching.eu/projects/950/cloudsocket
22 COEMS 205937 RIA Oct 2019 Continuous Observation of Embedded Multicore Systems The ability to observe the internals of an execution of a computer-based system is a fundamental requirement for ultimately ensuring correctness and safe behaviour. Within COEMS (Continuous Observation of Embedded Multicore Systems) a novel observer platform with supporting... Secure Systems Trial https://cyberwatching.eu/projects/952/coems
24 COMPACT 210223 IA Oct 2019 COmpetitive Methods to protect local Public Administration from Cyber security Threats Cyber threats are the most significant and growing risk for public administrations (PA). However, technological, organisational and structural issues hamper the ability, especially for local PAs (LPAs) to improve their cyber security level. Budget constraints and evolving... Cybersecurity Governance Trial https://cyberwatching.eu/projects/954/compact
26 CREDENTIAL 194869 IA Sep 2018 Secure Cloud Identity Wallet With increasing mobility and Internet usage, the demand for digital services increases and has reached critical and high assurance domains like e-Government, e-Health and e-Business. Those domains have high security and privacy requirements and hence will be harnessed with... Identity & Privacy Adopt https://cyberwatching.eu/projects/956/credential
28 CryptoCloud 185411 ERC-AG May 2019 Cryptography for the Cloud Many companies have already started the migration to the Cloud and many individuals share their personal informations on social networks. Unfortunately, in the current access mode, the provider first authenticates the client, and grants him access, or not, according to his ri... Identity & Privacy Trial
29 CS-AWARE 210224 IA Aug 2020 A cybersecurity situational awareness and information sharing solution for local public administrations based on advanced big data analysis Cybersecurity is one of today's most challenging security problems for commercial companies, NGOs, governmental institutions as well as individuals. Reaching beyond the technology focused boundaries of classical information technology (IT) security, cybersecurity includes... Cybersecurity Governance Assess https://cyberwatching.eu/projects/959/cs-aware
30 CYBECO 210232 RIA Apr 2019 Supporting Cyberinsurance from a Behavioural Choice Perspective CYBECO will research, develop, demonstrate, evaluate and exploit a new framework for managing cybersecurity risks, one that is focusing on cyberinsurance, as key risk management treatment. CYBECO integrates multidisciplinary research methods from Behavioural Economics... Verification & Assurance Adopt https://cyberwatching.eu/projects/960/cybeco
31 CyberWiz 200381 SME-2 Aug 2017 Cyber-Security Visualization and CAD-Tool for the Vulnerability Assessment of Critical Infrastructures The ICT environments of critical infrastructures (such as energy distribution systems) are composed of a large number of systems connected to form a complex system of systems. Recent initiatives to upgrade power systems into smart grids target an even tighter integration with... Secure Systems Hold https://cyberwatching.eu/projects/964/cyberwiz
32 CYCLONE 194262 IA Dec 2017 Complete Dynamic Multi-cloud Application Management Application service providers (ASPs) now develop, deploy, and maintain complex computing platforms within multiple cloud infrastructures to improve resilience, responsiveness and elasticity of their applications. The CYCLONE project targets the ASPs, providing them with... Secure Systems Hold https://cyberwatching.eu/projects/977/cyclone
33 CYRail 206014 Shift2Rail-RIA Sep 2018 Cybersecurity in the RAILway sector Railway infrastructures are moving towards more intelligent, connected, user-centric and collaborative systems. While it brings many advantages for the industry and users, it also poses new opportunities for cyber-criminals and terrorists. CYRail aims to deliver tailored... Operational Risk Adopt https://cyberwatching.eu/projects/1025/cyrail
34 DAPPER 185683 MC-CIG Mar 2018 "Doing Anonymization Practically, Privately, Effectively and Reusably" "There is currently a tug-of-war going on surrounding data releases. On one side, there are many strong reasons pulling to release data to other parties: business factors, freedom of information rules, and scientific sharing agreements. On the other side, concerns about indiv... Identity & Privacy Hold
35 DECODE 206387 RIA Nov 2019 Decentralised Citizens Owned Data Ecosystem Today’s Internet is becoming increasingly centralised, slowing innovation and challenging its potential to revolutionise society and the economy in a pluralistic manner. DECODE will develop practical alternatives through the creation, evaluation and demonstration of a... Human Aspects Assess 6 4 40 26.5 13.5 -13.5 13.5 https://cyberwatching.eu/projects/1037/decode
36 DEFENDER 210231 IA Apr 2020 Defending the European Energy Infrastructures Critical Energy infrastructures (CEI) protection and security are becoming of utmost importance in our everyday life. However, cyber and system-theoretic approaches fail to provide appropriate security levels to CEIs, since they are often used in isolation and build on... Operational Risk Assess
37 DISCOVERY 199580 CSA Dec 2017 Dialogues on ICT to Support COoperation Ventures and Europe-North AmeRica (Canada and USA) sYnergies "DISCOVERY aims at supporting dialogues between Europe and North America (US and Canada); and fostering cooperation in collaborative ICT R&I, both under Horizon 2020 and under US and Canada funding programmes. With this purpose, DISCOVERY proposes a radically new approach to... Cybersecurity Governance Hold
38 DiSIEM 202707 IA Aug 2019 Diversity Enhancements for SIEMs Security Information and Event Management (SIEM) systems are a fundamental component of the ubiquitous ICT infrastructures that form the backbone of our digital society. These systems are mostly used to monitor infrastructures using many types of sensors and tools and... Operational Risk Trial https://cyberwatching.eu/projects/1040/disiem
40 DOGANA 194877 IA Aug 2018 aDvanced sOcial enGineering And vulNerability Assesment Framework "The advent of Social Networks has made both companies and public bodies tremendously exposed to the so-called Social Engineering 2.0, and thus prone to targeted cyber-attacks. Unfortunately, there is currently no solution available on the market that allows neither the... Human Aspects Adopt 7 6 56 56 0 0 0 https://cyberwatching.eu/projects/1042/dogana
42 e-Sides 206175 CSA Dec 2019 Ethical and Societal Implications of Data Sciences Data-driven innovation is deeply transforming society and the economy. Although there are potentially enormous economic and social benefits this innovation also brings new challenges for individual and collective privacy, security, as well as democracy and participation. The... Identity & Privacy Assess https://cyberwatching.eu/projects/1044/e-sides
43 ECRYPT-CSA 194321 CSA Feb 2018 European Coordination and Support Action in Cryptology This CSA intends to strengthen European excellence in the area of cryptology and to achieve a durable integration and structuring of the European cryptography community, involving academia, industry, government stakeholders and defence agencies. The project will coordinate... Verification & Assurance Hold https://www.cyberwatching.eu/projects/1045/ecrypt
45 ENCASE 198839 MSCA-RISE Dec 2019 EnhaNcing seCurity And privacy in the Social wEb: a user centered approach for the protection of minors ENCASE will leverage the latest advances in usable security and privacy to design and implement a browser-based architecture for the protection of minors from malicious actors in online social networks. The ENCASE user-centric architecture will consist of three distinct... Secure Systems Assess 4 2 22 21 1 -12 26 https://cyberwatching.eu/projects/1157/encase
46 EU-SEC 207439 IA Dec 2019 The European Security Certification Framework In recent years the ICT market has evolved toward a cloud-based approach. This shift together with the rapidly changing legal and regulatory landscape has heavily impacted security assurance, governance and compliance. The information security market players have tried to... Cybersecurity Governance Assess 7 5 49 28.5 20.5 -5.5 20.5 https://cyberwatching.eu/projects/1046/eu-sec
47 EUNITY 210046 CSA May 2019 Cybersecurity and privacy dialogue between Europe and Japan The EUNITY project addresses scope 2 (international dialogue with Japan) of objective DS-05-2016 of the H2020 work programme. This two years project aims at developing and encouraging the dialogue between Europe and Japan on cybersecurity and privacy topics. The partners... Cybersecurity Governance Trial https://cyberwatching.eu/projects/1047/eunity
50 FutureTrust 202698 IA May 2019 Future Trust Services for Trustworthy Global Transactions Against the background of the regulation 2014/910/EU on electronic identification (eID) and trusted services for electronic transactions in the internal market (eIDAS), the FutureTrust project aims at supporting the practical implementation of the regulation in Europe and... Secure Systems Trial 6 5 47 47 0 -25 2 https://cyberwatching.eu/projects/1055/futuretrust
51 GenoPri 203068 MSCA-IF-EF-ST - Standard EF Apr 2018 Quantifying and Protecting the Privacy of Genomic Data Genomic data carries a lot of sensitive information about its owner such as his predispositions to sensitive diseases, ancestors, physical attributes, and genomic data of his relatives (leading to interdependent privacy risks). Individuals share vast amount of information on... Identity & Privacy Hold
52 GHOST 210233 IA Apr 2020 Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control To effectively respond to the multitude & complexity of cybersecurity challenges in smart-homes GHOST deploys a pioneering software-enabled ‘usable security’ solution. The project brings professional level security to the European citizens and to this end it: (a) increases... Human Aspects Assess https://cyberwatching.eu/projects/1056/ghost
53 HEAT 194171 RIA Dec 2017 Homomorphic Encryption Applications and Technology Homomorphic cryptography offers the tantalizing goal of being able to process sensitive information in encrypted form, without needing to compromise on the privacy and security of the citizens and organizations that provide the input data.The HEAT proposal brings together... Secure Systems Hold https://cyberwatching.eu/projects/1061/heat
54 HECTOR 194145 RIA Feb 2018 HARDWARE ENABLED CRYPTO AND RANDOMNESS A single flipped bit or a weak random number generator can cause secure systems to fail. The main objective of this proposal is to close the gap between the mathematical heaven of cryptographic algorithms and their efficient, secure and robust hardware implementations. It... Verification & Assurance Hold https://cyberwatching.eu/projects/1064/hector
55 HERMENEUT 210209 RIA Apr 2019 Enterprises intangible Risks Management via Economic models based on simulatioN of modErn cyber-aTtacks IT security and risk management often ignore or underestimate the human factor (psychological, behavioural, societal, organisational and economic aspects) in the identification of cyber-risks, their quantitative economic impact and the costs of countermeasures. Cyber-attacks... Operational Risk Adopt 6 5 47 47 0 0 0 https://cyberwatching.eu/projects/1068/hermeneut
56 HIPS 188662 ERC-CG Sep 2019 High-Performance Secure Computation with Applications to Privacy and Cloud Security "Secure two-party and multiparty computation has long stood at the center of the foundations of theoretical cryptography. However, in the last five years there has been blistering progress on the question of efficient secure computation. We are close to the stage that secure ... Secure Systems Trial
57 IMPACT 192598 ERC-SyG Jan 2021 imPACT – Privacy, Accountability, Compliance, and Trust in Tomorrow’s Internet The Internet has evolved from a mere communication network used by tens of millions of users two decades ago, to a global multimedia platform for communication, social networking, entertainment, education, trade and political activism used by more than two billion users. This... Operational Risk Assess https://cyberwatching.eu/projects/1069/impact
58 KONFIDO 207188 RIA Oct 2019 KONFIDO - Secure and Trusted Paradigm for Interoperable eHealth Services KONFIDO advances the state of the art of eHealth technology with respect to four key dimensions of digital security, namely: data preservation, data access and modification, data exchange, and interoperability and compliance. To address the challenges of secure storage and... Secure Systems Trial 4 2 22 47 -25 -25 2 https://cyberwatching.eu/projects/1070/konfido
60 LIGHTest 203437 IA Aug 2019 Lightweight Infrastructure for Global Heterogeneous Trust management in support of an open Ecosystem of Stakeholders and Trust schemes. The objective of LIGHTest is to create a global cross-domain trust infrastructure that renders it transparent and easy for verifiers to evaluate electronic transactions. By querying different trust authorities world-wide and combining trust aspects related to identity... Secure Systems Trial 7 5 49 47 2 -25 2 https://cyberwatching.eu/projects/1072/lightest
61 LV-Pri20 196089 MSCA-IF-EF-CAR Jun 2017 Logic-based Verification of Privacy-Preservation in Europe's 2020 ICT In line with the EU 2020 Flagship Initiative on a Digital Agenda for Europe and the upcoming EU Cybersecurity Strategy, the goal of the LV-Pri20 project is to aid our ICT-driven lives, by “safeguarding the human right of privacy in the digital society”. Concretely, the... Identity & Privacy Hold
62 MAMI 199159 RIA Jun 2018 Measurement and Architecture for a Middleboxed Internet Recent revelations about large-scale pervasive surveillance of Internet traffic have led to a rapidly expanding deployment of encryption in order to protect end-user privacy. At the same time, network operators and access providers rely on increasing use of in-network... Human Aspects Adopt https://www.cyberwatching.eu/projects/1074/mami
63 MAPPING 111214 CSA-SA Feb 2018 Managing Alternatives for Privacy, Property and INternet Governance Building on the results of several EU FP7 projects including CONSENT (covering on-line consent and privacy in social networks), SMART and RESPECT (which cover smart and on-line surveillance, etc.) MAPPING’s goal is to create an all-round and “joined-up” understanding of the m... Human Aspects Hold https://www.cyberwatching.eu/projects/1075/mapping
64 MAS2TERING 192066 CP Aug 2017 Multi-Agent Systems and Secured coupling of Telecom and EnErgy gRIds for Next Generation smartgrid services The success of the European vision of a low carbon electricity grid that minimises greenhouse gas emissions; and enhances security, quality and reliability of supply depends on how smart infrastructures, combining energy and telecom, are developed and implemented for the wide... Secure Systems Hold
65 MATTHEW 110220 CP Oct 2016 Multi-entity-security using active Transmission Technology for improved Handling of Exportable security credentials Without privacy restrictions With the increasing pervasion of our society by mobile devices like smart phones and tablets and many users running several security relevant applications on multiple mobile devices at the same time, security and privacy challenges outranging those on personal computers arise... Secure Systems Drop https://www.cyberwatching.eu/projects/1076/matthew
67 mF2C 206164 RIA Dec 2019 Towards an Open, Secure, Decentralized and Coordinated Fog-to-Cloud Management Ecosystem Fog computing brings cloud computing capabilities closer to the end-device and users, while enabling location-dependent resource allocation, low latency services, and extending significantly the IoT services portfolio as well as market and business opportunities in the cloud... Secure Systems Assess https://www.cyberwatching.eu/projects/1078/mf2c
68 MH-MD 206202 RIA Oct 2019 My Health - My Data Issues of data subjects’ privacy and data security represent a crucial challenge in the biomedical sector more than in other industries. The current IT landscape in this field shows a myriad of isolated, locally hosted patient data repositories, managed by clinical centres... Secure Systems Trial 6 5 47 47 0 -25 2 https://www.cyberwatching.eu/projects/1079/mh-md
69 MIKELANGELO 194319 RIA Dec 2017 MIcro KErneL virtualizAtioN for hiGh pErfOrmance cLOud and hpc systems MIKELANGELO is a project, targeted to disrupt the core underlying technologies of Cloud computing, enabling even bigger uptake of Cloud computing, HPC in the Cloud and Big Data technologies under one umbrella. The vision of MIKELANGELO is to improve responsiveness, agility and... Secure Systems Hold https://www.cyberwatching.eu/projects/1080/mikelangelo
70 MITIGATE 198194 IA Feb 2018 Multidimensional, IntegraTed, rIsk assessment framework and dynamic, collaborative Risk ManaGement tools for critical information infrAstrucTurEs Despite the importance of Critical Information Infrastructures (CIIs) and dynamic ICT-based maritime supply chains (SCs) for port operations, state-of-the-art Risk Management (RM) methodologies for maritime environments pay limited attention to cyber-security and do not... Secure Systems Hold https://www.cyberwatching.eu/projects/1081/mitigate
71 MUSA 194208 RIA Dec 2017 MUlti-cloud Secure Applications The most challenging applications in heterogeneous cloud ecosystems are those that are able to maximise the benefits of the combination of the cloud resources in use: multi-cloud applications. They have to deal with the security of the individual components as well as with the... Secure Systems Hold https://www.cyberwatching.eu/projects/1082/musa
73 NeCS 198283 MSCA-ITN-ETN Aug 2019 European Network for Cyber-security The European Network for Cybersecurity (NECS) was formed in response to the increased need of highly qualified experts able to cope with all the aspects of the European cybersecurity strategy that is currently under implementation.There is indeed an evident need and... Identity & Privacy Trial https://www.cyberwatching.eu/projects/966/necs
74 OCGN 202926 MSCA-IF-EF-ST Nov 2018 Traditional Organised Crime and the Internet: The changing organization of illegal gambling networks Transnational criminal networks utilise Information Communication Technology (ICT) to commit ‘old’ and ‘new’ types of crime. ICT assists in transnational crime (i.e., hacking) and also as a way to exchange information or plan new crimes. Empirical research has... Operational Risk Adopt
75 OCTAVE 194511 IA Jul 2017 Objective Control for TAlker VErification Industry needs alternatives to textual passwords for access control. While tokens can still be stolen or transferred to other persons, biometrics technology can provide reliable, cost-effective and user-friendly solutions.The proliferation of smart services calls for... Secure Systems Hold https://www.cyberwatching.eu/projects/968/octave
77 OPERANDO 194891 IA Apr 2018 Online Privacy Enforcement, Rights Assurance and Optimization The goal of the OPERANDO project is to specify, implement, field-test, validate and exploit an innovative privacy enforcement platform that will enable the Privacy as a Service (PaS) business paradigm and the market for online privacy services.The OPERANDO project will... Secure Systems Hold https://www.cyberwatching.eu/projects/970/operando
79 PaaSword 194247 RIA Dec 2017 A Holistic Data Privacy and Security by Design Platform-as-a-Service Framework Introducing Distributed Encrypted Persistence in Cloud-based Applications The vision of PaaSword is to maximize and fortify the trust of individual, professional and corporate customers to Cloud -enabled services and applications, to safeguard both corporate and personal sensitive data stored on Cloud infrastructures and Cloud-based storage... Secure Systems Hold https://www.cyberwatching.eu/projects/973/paasword
81 PANORAMIX 194872 IA Aug 2018 Privacy and Accountability in Networks via Optimized Randomized Mix-nets "The objective of the PANORAMIX project is the development of a multipurpose infrastructure for privacy-preserving communications based on ""mix-networks"" (mix-nets) and its integration into high-value applications that can be exploited by European businesses. Mix-nets... Secure Systems Adopt https://www.cyberwatching.eu/projects/972/panoramix
86 PQCRYPTO 194347 RIA Feb 2018 Post-quantum cryptography for long-term security Online banking, e-commerce, telemedicine, mobile communication, and cloud computing depend fundamentally on the security of the underlying cryptographic algorithms. Public-key algorithms are particularly crucial since they provide digital signatures and establish secure... Human Aspects Hold https://www.cyberwatching.eu/projects/1022/pqcrypto
91 PrEstoCloud 206360 RIA Dec 2019 PrEstoCloud - Proactive Cloud Resources Management at the Edge for Efficient Real-Time Big Data Processing PrEstoCloud project will make substantial research contributions in the cloud computing and real-time data intensive applications domains, in order to provide a dynamic, distributed, self-adaptive and proactively configurable architecture for processing Big Data streams. In... Human Aspects Assess
95 PRISM CODE 105448 MC-CIG Oct 2016 Privacy and Security for Mobile Cooperative Devices We propose PRISM CODE project (PRIvacy and Security for Mobile COoperative DEvices). The aim of this project is to design some of the fundamental tools for privacy and security of the upcoming distributed services, which are built upon the cooperation of mobile personal devic... Secure Systems Drop
96 PRISMACLOUD 194266 RIA Jul 2018 PRIvacy and Security MAintaining services in the CLOUD With a current volume of over USD 100 billion and annual growth rates of over 10%, the world-wide market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to... Operational Risk Adopt https://www.cyberwatching.eu/projects/1029/prismacloud
98 PRIVACY FLAG 194864 IA Apr 2018 Enabling Crowd-sourcing based privacy protection for smartphone applications, websites and Internet of Things deployments Privacy Flag combines crowd sourcing, ICT technology and legal expertise to protect citizen privacy when visiting websites, using smart-phone applications, or living in a smart city. It will enable citizens to monitor and control their privacy with a user friendly solution... Secure Systems Hold https://www.cyberwatching.eu/projects/1031/privacy-flag
99 Privacy.Us 198304 MSCA-ITN-ETN Nov 2019 Privacy and Usabiliy With the rapid accumulation and processing of personal data by numerous organizations, it is of paramount importance to protect people from adverse uses of their data, while allowing them to enjoy the benefits the use of these data can possibly provide. This is the question of... Human Aspects Assess https://www.cyberwatching.eu/projects/1032/privacyus
100 PRIVACY4FORENSICS 186180 MC-IIF - International Incoming Fellowships (IIF) Mar 2018 A Formal Rule-Processing Engine for Privacy-Respecting Forensic Investigation The forensics investigation requirements are in direct conflict with the privacy rights of those whose actions are being investigated. At the same time, once the private data is exposed it is impossible to ‘undo’ its exposure effects should the suspect is found innocent! Ther... Identity & Privacy Hold
101 ProBOS 205768 SME-2 Sep 2018 Protection Beyond Operating System - Development of the next generation cyber security solution Cybercrime is on the rise in terms of scope and impact, which is facilitated by current environment: increasing use of mobile devices, social networking, mobile communications and cloud computing. Cyber attacks are made mostly against governments and corporates to gather... Secure Systems Adopt
102 PROTECTIVE 202674 IA Aug 2019 Proactive Risk Management through Improved Cyber Situational Awareness PROTECTIVE is designed to improve an organisations ongoing awareness of the risk posed to its business by cyber security attacks. PROTECTIVE makes two key contributions to achieve this enhanced situational awareness. Firstly it increases the computer security incident response... Cybersecurity Governance Trial https://www.cyberwatching.eu/projects/1036/protective
103 Ps2Share 206080 RIA Dec 2017 Participation, Privacy and Power in the Sharing Economy In this project, we propose an in-depth empirical investigation of privacy in the sharing economy. We will investigate three challenges in particular: privacy, participation/exclusion and power. First, sharing services come with compounded privacy risks extending beyond the... Identity & Privacy Hold https://www.cyberwatching.eu/projects/1038/ps2share
104 RAPID 194186 RIA Dec 2017 Heterogeneous Secure Multi-level Remote Acceleration Service for Low-Power Integrated Systems and Devices Many low-power devices such as smartphones, tablets, notebooks as well as several other embedded systems can't always cope with the increased demand for processing power, memory and storage required by modern applications in gaming, vision, security, robotics, aerospace, etc... Operational Risk Hold
105 REASSURE 207201 RIA Dec 2019 Robust and Efficient Approaches to Evaluating Side Channel and Fault Attack Resilience Implementing cryptography on embedded devices is an ongoing challenge: every year new implementation flaws are discovered and new attack paths are being used by real life adversaries. Whilst cryptography can guarantee many security properties, it crucially depends on the... Cybersecurity Governance Assess https://www.cyberwatching.eu/projects/1057/reassure
107 REDSENTRY 211179 SME-1 Dec 2017 Proactive Operational Intelligence Cybersecurity Platform for the Financial Services Industry REDSENTRY aims to provide a flexible, scalable and open solution to the ever-changing threat landscape faced by the financial services sector. The threats faced by the financial services industry are varied and constantly evolving and cybercrime is the 2nd most reported type... Operational Risk Hold
110 SafeCloud 194907 IA Aug 2018 Secure and Resilient Cloud Architecture Cloud infrastructures, despite all their advantages and importance to the competitiveness of modern economies, raise fundamental questions related to the privacy, integrity, and security of offsite data storage and processing tasks. These questions are currently not answered... Secure Systems Adopt https://www.cyberwatching.eu/projects/1060/safecloud
111 SAFEcrypto 194240 RIA Dec 2018 Secure Architectures of Future Emerging Cryptography SAFEcrypto will provide a new generation of practical, robust and physically secure post quantum cryptographic solutions that ensure long-term security for future ICT systems, services and applications. Novel public-key cryptographic schemes (digital signatures... Verification & Assurance Adopt https://www.cyberwatching.eu/projects/1062/safecrypto
112 SAFERtec 207209 RIA Dec 2019 Security Assurance FramEwoRk for neTworked vEhicular teChnology The assurance of security, privacy, reliability and safety features is key-point to unlock the enormous potential that the connected vehicles systems paradigm i.e., the dynamic Cyberphysical system of highly-equipped infrastructure-connected vehicles with numerous third-party... Secure Systems Assess 2 3 25 21 4 -12 26 https://www.cyberwatching.eu/projects/1063/safertec
113 SAINT 210229 RIA Feb 2021 SYSTEMIC ANALYZER IN NETWORK THREATS SAINT proposes to analyse and identify incentives to improve levels of collaboration between cooperative and regulatory approaches to information sharing. Analysis of the ecosystems of cybercriminal activity, associated markets and revenues will drive the development of a... Verification & Assurance Assess 7 5 49 33 16 -24 16 https://www.cyberwatching.eu/projects/1065/saint
114 SAURON 210044 IA Apr 2019 Scalable multidimensionAl sitUation awaReness sOlution for protectiNg european ports Nowadays coordinated and every time more complex terrorist attacks are shocking the world. Due to the progressive rely of industrial sector and many critical infrastructures (CI) (e.g. EU ports) in ICT systems, the impact of a coordinated physical attack, a deliberate... Secure Systems Adopt https://www.cyberwatching.eu/projects/1066/sauron
115 SCISSOR 194207 RIA Dec 2017 Security In trusted SCADA and smart-grids In traditional industrial control systems and critical infrastructures, security was implicitly assumed by the reliance on proprietary technologies (security by obscurity), physical access protection and disconnection from the Internet. The massive move, in the last decade... Operational Risk Hold https://www.cyberwatching.eu/projects/1067/scissor
116 SCOTT 210798 IA Jun 2020 Secure COnnected Trustable Things Creating trust in wireless solutions and increasing social acceptance are major challenges to achieve the full potential of the Internet of Things. SCOTT, with 57 key partners from 12 countries (EU + Brazil), will provide efficient solutions of wireless, end-to-end secure... Secure Systems Assess https://www.cyberwatching.eu/projects/978/scott
117 SCR 205788 SME-1 Dec 2016 Disruptive Cybersecurity SaaS for SMEs and freelance developers After obtaining the Seal of Excellence from the EU (Attached), this is an improved version of the proposal.Given the accelerating growth and importance of cybersecurity across many sectors of the economy and society, we have detected and aim to solve the lack of effective... Verification & Assurance Drop
118 SecIoT 208832 CSA Aug 2018 Cybersecurity Threat Detection for Internet of Things Connected Devices Secure Secure Ltd was founded in 2015 and headquartered in the UK. The founding team brings extensive experience inthe fields of cybersecurity, scalable software architecture, software company leadership and SME growth. Given theaccelerating growth and importance of... Secure Systems Adopt
119 SERECA 194271 RIA Feb 2018 Secure Enclaves for REactive Cloud Applications Cloud security is of immediate concern to organisations that must comply with strict confidentiality and integrity policies. More broadly, security has emerged as a commercial imperative for cloud computing across a wide range of markets. The lack of adequate security... Secure Systems Hold https://www.cyberwatching.eu/projects/980/sereca
120 SHARCS 194217 RIA Dec 2017 Secure Hardware-Software Architectures for Robust Computing Systems Developing new security paradigms, architectures, and software, for more secure and trustworthy ICT systems and services has clear social, scientific, and market motivation. This motivation is becoming stronger due to the changing threat landscape; over the past decade we are... Verification & Assurance Hold https://www.cyberwatching.eu/projects/982/sharcs
121 SHiELD (Health) 207185 RIA Dec 2019 European Security in Health Data Exchange SHiELD will unlock the value of health data to European citizens and businesses by overcoming security and regulatory challenges that today prevent this data being exchanged with those who need it. This will make it possible to provide better health care to mobile citizens... Identity & Privacy Assess https://www.cyberwatching.eu/projects/983/shield
122 SHIELD 202684 IA Feb 2019 Securing against intruders and other threats through a NFV-enabled environment Nowadays, cybercrime is one of the most relevant and critical threats to both the economy and society in Europe. Establishing efficient and effective ways to protect services and infrastructures from ever-evolving cyber threats is crucial for sustaining business integrity and... Secure Systems Adopt
123 SISSDEN 202679 IA Apr 2019 Secure Information Sharing Sensor Delivery event Network SISSDEN is a project aimed at improving the cybersecurity posture of EU entities and end users through development of situational awareness and sharing of actionable information. It builds on the experience of Shadowserver, a non-profit organization well known in the security... Secure Systems Adopt https://www.cyberwatching.eu/projects/984/sissden
124 SMESEC 210805 IA May 2020 Protecting Small and Medium-sized Enterprises digital technology through an innovative cyber-SECurity framework Small and Medium size Enterprises (SMEs) are an important driver for innovation and growth in the EU. SMEs also stand to gain the most from innovative technology, because it is complicated and costly for them to set-up and run ICT in the traditional way. Taking into account... Operational Risk Assess 8 6 58 42.5 15.5 -15.5 15.5
126 SODA 205932 RIA Dec 2019 Scalable Oblivious Data Analytics More and more data is being generated, and analyzing this data drives knowledge and value creation across society. Unlocking this potential requires sharing of (often personal) data between organizations, but this meets unwillingness from data subjects and data controllers... Secure Systems Assess 7 4 42 21 21 -12 26 https://www.cyberwatching.eu/projects/987/soda
127 SPECIAL 206343 RIA Dec 2019 Scalable Policy-awarE linked data arChitecture for prIvacy, trAnsparency and compLiance The SPECIAL project will address the contradiction between Big Data innovation and privacy-aware data protection by proposing a technical solution that makes both of these goals realistic. We will develop technology that: (i) supports the acquisition of user consent at... Human Aspects Assess 3 1 13 26.5 -13.5 -13.5 13.5 https://www.cyberwatching.eu/projects/989/special
128 SpeechXRays 194884 IA Apr 2018 Multi-channel biometrics combining acoustic and machine vision analysis of speech, lip movement and face The SpeechXRays project will develop and test in real-life environments a user recognition platform based on voice acoustics analysis and audio-visual identity verification. SpeechXRays will outperform state-of-the-art solutions in the following areas:· Security: high... Identity & Privacy Hold https://www.cyberwatching.eu/projects/990/speechxrays
129 SPOOC 194400 ERC-COG Aug 2020 Automated Security Proofs of Cryptographic Protocols: Privacy, Untrusted Platforms and Applications to E-voting Protocols The rise of the Internet and the ubiquity of electronic devices has deeply changed our way of life. Many face to face and paper transactions have nowadays digital counterparts: home banking, e- commerce, e-voting, etc. The security of such transactions is ensured by the means... Identity & Privacy Assess
131 STOP-IT 210216 IA May 2021 Strategic, Tactical, Operational Protection of water Infrastructure against cyber-physical Threats Water critical infrastructures (CIs) are essential for human society, life and health and they can be endangered by physical/cyber threats with severe societal consequences. To address this, STOP-IT assembles a team of major Water Utilities, industrial technology developers... Operational Risk Assess https://www.cyberwatching.eu/projects/991/stop-it
132 STORM 211168 RIA Aug 2018 The first cybersecurity management system providing evidence based metrics for cyber risk at the business asset level in real-time InnoSec’s main product, STORM, is the only Cyber Risk Management application that provides evidence based metrics defining cyber risk at the business asset level in real-time, using a flexible risk modeling method, while improving the overall user experience. STORM allows... Operational Risk Adopt
133 SUNFISH 194230 RIA Dec 2017 SecUre iNFormation SHaring in federated heterogeneous private clouds Today the European Public Sector Players lack the necessary infrastructure and technology to allow them to integrate their computing clouds. Furthermore, legislative barriers often make it difficult to use available commercial technological solutions. The SUNFISH project aims... Operational Risk Hold https://www.cyberwatching.eu/projects/992/sunfish
134 SUPERCLOUD 194123 RIA Jan 2018 USER-CENTRIC MANAGEMENT OF SECURITY AND DEPENDABILITY IN CLOUDS OF CLOUDS Today, despite its unravelling business benefits, distributed cloud computing raises many security and dependability concerns. Root causes include increase in complexity and lack of interoperability between heterogeneous, often proprietary infrastructure technologies... Verification & Assurance Hold https://www.cyberwatching.eu/projects/993/supercloud
137 TOREADOR 200253 RIA Dec 2018 TrustwOrthy model-awaRE Analytics Data platfORm The TOREADOR project is aimed at overcoming some major hurdles that until now have prevented many European companies from reaping the full benefits of Big Data analytics (BDA). Companies and organisations in Europe have become aware of the potential competitive advantage they... Human Aspects Adopt https://www.cyberwatching.eu/projects/997/toreador
138 TREDISEC 194205 RIA Mar 2018 Trust-aware, REliable and Distributed Information SEcurity in the Cloud. "The current trend for data placement shows a steady shift towards ""the cloud"". The advent of cloud storage and computation services however comes at the expense of data security and user privacy. To remedy this, customers nowadays call for end-to-end security whereby only... Cybersecurity Governance Hold https://www.cyberwatching.eu/projects/998/tredisec
140 TYPES 194867 IA Oct 2017 Towards transparencY and Privacy in the onlinE advertising businesS Online advertising generated in 2013 $42B worth of revenue and more than 3.4 million direct and indirect jobs in Europe in 2012 alone. It supports some of the most important Internet services such as search, social media and user generated content sites. However, the lack of... Identity & Privacy Hold https://www.cyberwatching.eu/projects/1001/types
141 U2PIA 207691 SME-1 Mar 2017 Universal application 2 conduct Privacy Impact Assessment analysis and reports We are Nier Soluzioni Informatiche (NSI), an innovative software company that operates since 2002 in the fields of security compliance, privacy compliance, and counselling on the protection of personal information in collaboration with law firms. We have a strong history and... Human Aspects Drop
142 UNICORN 206347 IA Dec 2019 A NOVEL FRAMEWORK FOR MULTI-CLOUD SERVICES DEVELOPMENT, ORCHESTRATION, DEPLOYMENT AND CONTINUOUS MANAGEMENT FOSTERING CLOUD TECHNOLOGIES UPTAKE FROM DIGITAL SMES AND STARTUPS Unicorn aims to simplify the design, deployment and management of secure and elastic –by design- multi-cloud services. This will be achieved by a) development and design libraries that will provide security enforcement mechanisms, data privacy restrictions, monitoring metric... Secure Systems Assess 6 5 47 21 26 -12 26 https://www.cyberwatching.eu/projects/1002/unicorn
143 VESSEDIA 207194 RIA Dec 2019 VERIFICATION ENGINEERING OF SAFETY AND SECURITY CRITICAL DYNAMIC INDUSTRIAL APPLICATIONS The VESSEDIA project will bring safety and security to many new software applications and devices. In the fast evolving world we live in, the Internet has brought many benefits to individuals, organisations and industries. With the capabilities offered now (such as IPv6) to... Secure Systems Assess https://www.cyberwatching.eu/projects/1003/vessedia
144 VIRT-EU 205981 RIA Dec 2019 Values and ethics in Innovation for Responsible Technology in EUrope The networked future promises new relationships between people and artifacts, the private and the public, the individual and the collective. The increased networking capabilities of pervasive technologies mean that of personal data are being produced, analyzed, monetized and... Identity & Privacy Assess https://www.cyberwatching.eu/projects/1004/virt-eu
145 VisiOn 194888 IA Jun 2017 Visual Privacy Management in User Centric Open Environments Public Administration (PA) authorities are working towards upgrading the level of theironline services through new governance models such as the Open Government. This pushesfor greater transparency, accountability and innovation aiming at increasing citizen levels ofconfidence... Verification & Assurance Hold https://www.cyberwatching.eu/projects/1005/vision
146 WISER 194847 IA Nov 2017 Wide-Impact cyber SEcurity Risk framework WISER delivers a cyber-risk management framework able to assess, monitor and mitigate the risks in real time, in multiple industries. WISER incorporates socio-economic impact aspects, building on current state of the art methodologies and tools, and leveraging best practices... Human Aspects Hold
147 WITDOM 194197 RIA Dec 2017 empoWering prIvacy and securiTy in non-trusteD envirOnMents The advent of the Future Internet prompts fundamental transformations in whole ICT ecosystems, while bringing new opportunities to stakeholders in the availability and rational use of physical resources with large-scale savings in IT investments. It will also pose new security... Secure Systems Hold https://www.cyberwatching.eu/projects/1006/witdom
148 FENTEC 213111 RIA Dec 2020 Functional Encryption Technologies Functional encryption (FE), has been recently been introduced as a new paradigm of encryption systems to overcome all-or-nothing limitations of classical encryption. In an FE system the decryptor deciphers a function over the message plaintext: such functional decryptability... Operational Risk Assess 3 3 27 42.5 -15.5 -15.5 15.5 https://cyberwatching.eu/projects/1268/fentec
150 PROMETHEUS 213162 RIA Dec 2019 PRivacy preserving pOst-quantuM systEms from advanced crypTograpHic mEchanisms Using latticeS Privacy-preserving cryptographic protocols allow users to take common daily life actions online (e.g, purchases, reservations or voting) without leaking sensitive personal information. They typically combine various tools such as digital signatures, homomorphic encryption or... Verification & Assurance Assess 1 1 9 33 -24 -24 16 https://www.cyberwatching.eu/projects/1034/prometheus
151 REACT 214838 RIA May 2021 REactively Defending against Advanced Cybersecurity Threats Security is a vital property for every operational system and network. As systems become more powerful and, in many aspects, more complex, advanced cyber-attacks impose new threats for important operations of our society. Computer systems assist core functions of hospitals... Secure Systems Assess 1 1 9 21 -12 -12 26 https://www.cyberwatching.eu/projects/1053/react
152 SerIoT 213102 RIA Dec 2020 Secure and Safe Internet of Things The IoT is coming upon us faster than we think, catapulting EU industry, homes and society into the huge arena of security risks that accompany an untested yet already universal technology that directly manages our cyber-physical reality on a daily, and indeed second by... Secure Systems Assess 2 1 11 21 -10 -12 26 https://www.cyberwatching.eu/projects/981/seriot
153 YAKSHA 213552 IA Jun 2020 Cybersecurity Awareness and Knowledge Systemic High-level Application YAKSHA aims at reinforcing EU-ASEAN cooperation & building partnerships in the cybersecurity domain by developing a solution tailored to specific user and national needs, leveraging EU Know-How and local expertise. YAKSHA will develop and introduce the innovative concept of... Secure Systems Assess 3 2 20 21 -1 -12 26 https://www.cyberwatching.eu/projects/1007/yaksha
155 CYBER-TRUST 214839 RIA Apr 2021 Advanced Cyber-Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things The CYBER-TRUST project aims to develop an innovative cyber-threat intelligence gathering, detection, and mitigation platform to tackle the grand challenges towards securing the ecosystem of IoT devices. The security problems arising from the flawed design of legacy hardware... Secure Systems Assess 3 1 13 21 -8 -12 26 https://cyberwatching.eu/projects/961/cyber-trust
157 CYBECO II 210232 RIA Apr 2019 Supporting Cyberinsurance from a Behavioural Choice Perspective CYBECO will research, develop, demonstrate, evaluate and exploit a new framework for managing cybersecurity risks, one that is focusing on cyberinsurance, as key risk management treatment. CYBECO integrates multidisciplinary research methods from Behavioural Economics... Operational Risk Adopt https://www.cyberwatching.eu/projects/960/cybeco
158 PRIVILEDGE 213144 RIA Dec 2020 Privacy-Enhancing Cryptography in Distributed Ledgers Blockchain and distributed ledger technologies (DLTs) have emerged as one of the most revolutionary developments in recent years, with the goal of eliminating centralised intermediaries and installing distributed trusted services. They facilitate trustworthy trades and... Identity & Privacy Assess https://www.cyberwatching.eu/projects/1033/priviledge
159 FUTURE TPM 213057 RIA Dec 2020 Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module The goal of FutureTPM is to design a Quantum-Resistant (QR) Trusted Platform Module (TPM) by designing and developing QR algorithms suitable for inclusion in a TPM. The algorithm design will be accompanied with implementation and performance evaluation, as well as formal... Verification & Assurance Assess
160 SealedGRID 212986 MSCA-RISE Dec 2021 Scalable, trustEd, and interoperAble pLatform for sEcureD smart GRID The rapid evolution of ICT has revealed the potential for centrally monitoring, controlling, and optimising the power grid. In this context, a more intelligent, responsive, and efficient, system has been devised, known as the Smart Grid (SG). As explained in the EU Third... Secure Systems Assess 1 2 16 21 -5 -12 26 https://www.cyberwatching.eu/projects/1156/sealedgrid
161 SEMIoTICS 213548 RIA Dec 2020 Smart End-to-end Massive IoT Interoperability, Connectivity and Security SEMIoTICS aims to develop a pattern-driven framework, built upon existing IoT platforms, to enable and guarantee secure and dependable actuation and semi-autonomic behaviour in IoT/IIoT applications. Patterns will encode proven dependencies between security, privacy... Secure Systems Assess
162 ASTRID 214855 RIA Apr 2021 AddreSsing ThReats for virtualIseD services The growing adoption of cloud technologies and the trend to virtualise applications are inexorably re-shaping the traditional security paradigms, due to the increasing usage of infrastructures outside of the enterprise perimeter and shared with other users. The need for more... Secure Systems Assess https://cyberwatching.eu/projects/938/astrid
163 BPR4GDPR 214871 IA Apr 2021 Business Process Re-engineering and functional toolkit for GDPR compliance The goal of BPR4GDPR is to provide a holistic framework able to support end-to-end GDPR-compliant intra- and inter-organisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains... Identity & Privacy Assess https://cyberwatching.eu/projects/941/bpr4gdpr
164 PAPAYA 214848 IA Apr 2021 PlAtform for PrivAcY preserving data Analytics The valuable insights that can be inferred from analytics of data generated and collected from a variety of devices and applications are transforming businesses and are therefore one of the key motivations for organisations to adopt such technologies. Nevertheless, the data... Identity & Privacy Assess https://www.cyberwatching.eu/projects/974/papaya
165 POSEIDON 214840 IA Oct 2020 Protection and control of Secured Information by means of a privacy enhanced Dashboard PoSeID-on is aimed at developing a novel Privacy Enhancing Dashboard for personal data protection supporting the pillars of the new EU’s General Data Protection Regulation (GDPR) with regards to digital security, that will be implemented within a single, integrated tool... Identity & Privacy Assess 6 4 40 29 11 -11 11 https://www.cyberwatching.eu/projects/976/poseidon
166 SPEAR 214857 RIA Apr 2021 SPEAR: Secure and PrivatE smArt gRid Over the last decade, cyber-attacks have become increasingly sophisticated, stealthy, targeted and multi-faceted which may leverage zero-day exploits and highly creative interdisciplinary attack methods. As our society is becoming increasingly dependent on Critical... Secure Systems Assess https://www.cyberwatching.eu/projects/988/spear
167 SMOOTH 214847 IA Oct 2020 GDPR Compliance Cloud Platform for Micro Enterprises According to the last official available 2015 data, almost 93% of all enterprises in Europe in the non-financial business sector have less than 10 employees. These micro enterprises (MEnts) are responsible for 30% and 21% of the overall employment and value added in the EU... Cybersecurity Governance Assess https://cyberwatching.eu/projects/986/smooth
168 DEFEND 214863 IA May 2021 Data Governance for Supporting GDPR The rapid advances in ICT have raised the need to adapt to this progress for organisations (pushing them towards e-services and increase their efficiency), public authorities (stimulating new services to citizens and reducing complexity) and individuals (enabling them to... Cybersecurity Governance Assess 2 3 25 28.5 -3.5 -5.5 20.5 https://cyberwatching.eu/projects/1039/defend
170 OLYMPUS 214842 IA Aug 2021 Oblivious identitY Management for Private and User-friendly Services At first sight, privacy and strong identity seem inherently at odds. Indeed, if users are strongly identified during a transaction, then privacy is non-existent. Nevertheless, there exist mechanisms that can reconcile privacy and strong identity, either by trusting an online... Identity & Privacy Assess 2 2 18 29 -11 -11 11 https://www.cyberwatching.eu/projects/969/olympus
171 THREAT-ARREST 216964 IA Aug 2021 THREAT-ARRESTCyber Security Threats and Threat Actors Training - Assurance Driven Multi-Layer, end-to-end Simulation and Training The challenge of mitigating advanced cyber attacks through advanced security training has been evident during the last decade in numerous fields and industries in EU. Despite the wide spectrum of such tools appears to provide a comprehensive machinery for detecting and... Secure Systems Assess https://www.cyberwatching.eu/projects/996/threat-arrest
172 CONCORDIA 221269 RIA Dec 2022 Cyber security cOmpeteNce fOr Research anD Innovation Europe needs to step up its efforts and strengthen its very own security capacities to secure its digital society, economy, and democracy. It is time to reconquer Europe’s digital sovereignty. The vision for Europe can only be to join forces across Europe’s research... Cybersecurity Governance Assess https://cyberwatching.eu/projects/1138/concordia
174 SPARTA 221271 RIA Jan 2022 Strategic programs for advanced research and technology in Europe In the domain of Cybersecurity Research and innovation, European scientists hold pioneering positions in fields such as cryptography, formal methods, or secure components. Yet this excellence on focused domains does not translate into larger-scale, system-level advantages... Cybersecurity Governance Assess https://www.cyberwatching.eu/projects/1136/sparta
175 CyberSec4Europe 221272 RIA Jul 2022 Cyber Security Network of Competence Centres for Europe CyberSec4Europe is a research-based consortium with 44 participants covering 21 EU Member States and Associated Countries. It has received more than 40 support letters and promises of cooperation from public administrations, international organisations, and key associations... Cybersecurity Governance Assess 2 4 32 28.5 3.5 -5.5 20.5 https://cyberwatching.eu/projects/962/cybersec4europe
176 ECHO 221273 RIA Feb 2023 European network of Cybersecurity centres and competence Hub for innovation and Operations ECHO delivers an organized and coordinated approach to improve proactive cyber defence of the European Union, through effective and efficient multi-sector collaboration. The Partners will execute on a 48-month work plan to develop, model and demonstrate a network of cyber... Cybersecurity Governance Assess 1 3 23 28.5 -5.5 -5.5 20.5 https://cyberwatching.eu/projects/1043/echo
177 ENACT 213127 RIA Dec 2020 Trustworthy and Smart Actuation in IoT systems To unleash the full potential of IoT, realizing the digital society and flourishing innovations in application domains such as eHealth, smart city, intelligent transport systems, and smart manufacturing, it is critical to facilitate the creation and operation of trustworthy... Secure Systems Assess 3 3 27 21 6 -12 26 https://cyberwatching.eu/projects/1048/enact
178 PDP4E 214860 IA Jan 2021 Methods and tools for GDPR compliance through Privacy and Data Protection Engineering PDP4E is an innovation action that will provide software and system engineers with methods and software tools to systematically apply data protection principles in the projects they carry out, so that the products they create comply with the General Data Protection Regulation... Identity & Privacy Assess https://www.cyberwatching.eu/projects/1198/pdp4e
180 PROTASIS 200426 MSCA-RISE Apr 2020 Restoring Trust in the cyber space: a Systems Security Proposal Fueled by a string of high profile attacks and recent revelationsabout unprecedented cyber surveillance, interest in systems securityis rising-not just among industry and governments, but even amongindividual citizens across Europe. Corporate organizations worry aboutthe... Secure Systems Assess https://www.cyberwatching.eu/projects/1035/protasis
185 PANACEA 219939 RIA Dec 2021 Protection and privAcy of hospital and health iNfrastructures with smArt Cyber sEcurity and cyber threat toolkit for dAta and people PANACEA will deliver people-centric cybersecurity solutions in healthcare. The Partners will execute on a leanly-orchestrated research workplan, which envisages continuous involvement of the end-user Partners at three European health care centres, including also devices... Operational Risk Assess https://www.cyberwatching.eu/projects/1270/panacea
186 symbIoTe 199859 RIA Dec 2018 Symbiosis of smart objects across IoT environments Connected smart objects have invaded our everyday life across multiple domains, e.g. home withautomation solutions, assisted living with sensors and wearables to monitor personal activities, smart transportation and environmental monitoring. IoT is evolving around a plethora... Secure Systems Adopt
188 SecureIoT 213095 RIA Dec 2020 Predictive Security for IoT Platforms and Networks of Smart Objects The IoT market is currently undergoing transformation from applications involving semi-passive devices operating within a single platform, to applications involving smart objects with embedded intelligence while spanning multiple platforms. State-of-the-art security mechanisms... Secure Systems Assess
191 PANOPTESEC 111202 CP Oct 2016 Dynamic Risk Approaches for Automated Cyber Defence The PANOPTESEC consortium will deliver a beyond-state-of-the-art prototype of a cyber defence decision support system, demonstrating a risk based approach to automated cyber defence that accounts for the dynamic nature of information and communications technologies (ICT) and the constantly evolving capabilities of cyber attackers. 'Panoptes' is an ancient Greek term meaning 'all eyes' or 'all seeing'. This term has incorporated into the project name to represent the PANOPTESEC consortium because the overall goal of the PANOPTESEC project is to deliver a continuous cyber security monitoring and response capability.<br/>Organizations have become increasingly dependent on networks and computer systems to support their business operations and services. Unfortunately, as this dependency has grown, the motives and capabilities of cyber adversaries to attack these systems are also increasing. Attackers are often able to penetrate computer systems to extract sensitive information, tamper with accuracy of the information and prevent access to essential services. Given the organizational dependency on the systems and services, any one of these tactics can have significant negative impacts on an organization's business capabilities, reputation and liabilities. In the era of open networks and platforms, attackers continue to find more venues to exploit these systems to cause substantial damage.<br/>Despite the well-known need for continuous monitoring of ICT systems to detect vulnerabilities and attacks, as well as the need for rapid incident response, commercial solutions do not meet the demands of modern networks and systems.<br/>The PANOPTESEC prototype will address these challenges by proactively and reactively evaluating system weaknesses, identifying potential attack paths, providing a list of prioritized response actions, and delivering a means to execute these responses; all supported by automated analysis engines. The resulting PANOPTESEC prototype will provide a continuous monitoring and response capability to prevent, detect, manage and react to cyber incidents in real-time. The near market-ready system will support breach notifications and improve situation awareness while supporting the decision-making process required by security personnel. PANOPTESEC will deliver this capability through an integrated and modular, standards-based integration of technologies that will collectively deliver the required capabilities. Secure Systems Drop
192 SERENITI 186816 MC-CIG Feb 2018 Cyber Security and Resilience of Networked Critical Infrastructures Modern Networked Critical Infrastructures (NCIs), e.g. the electrical grid, rely on Information and Communication Technologies (ICT) for their operation since ICT can lead to cost reduction as well as greater efficiency, flexibility and interoperability between components. In the past NCIs were isolated environments and used proprietary hardware and protocols, limiting thus the threats that could affect them. Nowadays, with the adoption of Commercial Off-The-Shelf (COTS) ICT, NCIs are exposed to significant cyber threats that can lead to economical and human losses. To address the aforementioned issues, this project aims at elaborating novel holistic methodologies for the design of security and resilience-aware ICT infrastructures for NCIs. The project will develop state-of-the-art techniques and tools to aid engineers in designing secure and resilient industrial ICT-based installations. The novelty of the project consists in the fact that it will fuse together the cyber and physical dimensions of NCI, an important aspect that is missing from existing approaches. The project will create novel NCI network design techniques by solving multi-criteria optimization problems that take into account several aspects such as NCI design standards, e.g. NIST SP 800-82 and NERC CIP 002-009, resilient operation of physical process, but also installation-specific information, e.g. geographical aspects. The project will also provide more effective protection mechanisms, e.g. cyber-physical Intrusion Detection Systems, by combining data from cyber and physical sensors. The proposed research lies in the context of the 'European Programme for Critical Infrastructure Protection' (EPCIP), the 'Critical Information Infrastructure Protection' (CIIP) action plan and the 'Digital Agenda for Europe' (DAE) by addressing key security and resilience issues of NCIs that will ultimately lead to the better protection of existing and future Critical Infrastructures.' Secure Systems Hold
193 SecureCloud 200254 RIA Dec 2018 Secure Big Data Processing in Untrusted Clouds SecureCloud addresses the confidentiality, integrity and availability of applications executed in the cloud. Data at rest or in transit on the network is already nowadays protected by encryption. The main problem that we face is how to ensure the confidentiality of data while being processed. Our approach is based on upcoming hardware extensions of commodity CPUs like Intel's Secure Guard Extensions (SGX). By the help of these hardware extensions, we reduce the trusted computing base dramatically by excluding from it the millions of lines of source code of the cloud stack, operating systems and hypervisor. This permits us to ensure the confidentiality of computations even if the computers are under a different administrative control (like a cloud provider) or there is no physical security of the computers. Moreover, we ensure the confidentiality even if attackers would take control of the cloud stack, the hypervisor or the operating systems. As long as the hardware extensions of the CPU can be trusted, we can ensure the confidentiality of the computations. SecureCloud focuses on ensuring the confidential and dependable processing of Big Data. To keep the trusted computing base small, we use the concept of microservices: only the application logic that processes data (e.g., operators) is protected while all functionality that, e.g., shuffles and stores encrypted data is outside the trusted computing base. By monitoring the microservices, we can restart services that run on compromised hosts. We will evaluate and demonstrate our approach in the context of smart grids. In this use case context, we need to run across a physically distributed computing infrastructure with no or little physical security and partly untrusted administrators. We need to process large volumes of data and this big data processing would benefit by partial offloading into the cloud. In SecureCloud, we will show how to do this in a secure fashion even if clouds are untrusted. Secure Systems Adopt
194 ASCEMA 204371 SME-1 Nov 2016 ASCEMA: Content Aware Technology for IP Protection in Supply Chains Manufacturers increasingly rely upon development in the supply chain; e.g. a typical automotive company has 60% of components manufactured in the supply chain. A significant level of resistance, to sharing and enforcement of IP, is damaging supply chain partnerships and the manufacturing production processes that rely upon them; costs to industry estimated at millions of euro (NFF Symposium, 2013). This project, spanning 6 months, will investigate the feasibility of bringing to market a novel solution for protecting intellectual property across enterprise boundaries and will support a go to market plan for Ascema for Supply Chains, a patented technology that protects high value content across enterprise boundaries. The European Parliament ' Recognises that the enforcement of IPR is not merely a driver for jobs and growth across the Union but is essential for the proper functioning of the single market and plays a key role in stimulating innovation, creativity, competitiveness and cultural diversity.' (Towards a renewed consensus on the enforcement of IPR: An EU Action Plan, May 15). Ascema offers a disruptive solution where currently no other solutions exist. This project will undertake a feasibility study, including a full business plan, to verify the technological, practical and economic viability of GeoLang’s novel Ascema for Supply Chains data loss prevention platform. A planned Phase 2 project will provide a preproduction prototype of a digital information fingerprinting and tracking mechanism across boundaries with processes and requirements for inclusion within supply chain contractual arrangements identified that will support the market take-up of this novel platform which has won GeoLang Ltd the prize of UK's Most Innovative Small Cyber Security Company 2015. The results will support the uptake by industry of a technology that offers safe sharing of intellectual property in supply chains facilitating growth within the single market.' Secure Systems Drop
195 LipVerify 204581 SME-1 Dec 2016 Feasibility study on the development of LipVerify - a new viseme based user authentication service. The LipVerify project will explore the feasibility of commercialising a new service which provides secure access to sensitive data, applications and physical areas via a unique biometric authentication technique - based on analysis of the users lip movements. Significant R&D carried out over the last ten years within the Centre for Secure IT (CSIT) in Belfast has resulted in the development of a number of unique algorithms in the area of VISEME ANALYSIS. CSIT is a €40M innovation and knowledge centre based at Queen's University Belfast (QUB). With over 90 research staff in information security and cyber-physical security, it is the UK’s largest research centre in cyber security. It is recognised by the UK Research Council and GCHQ as an Academic Centre of Excellence in Cyber Security Research, specialising in fields such as applied cryptography, network security systems, critical infrastructure protection and intelligent surveillance systems. Implementation of the Viseme Analysis algorithms has demonstrated, through testing with a number of large and independent data sets, that leveraging the technology for user authentication can be highly accurate and secure. When accessing a sensitive application on e.g. a mobile device, the user is asked to say or mouth a random challenge phrase which is displayed on screen. The system provides secure user authentication AND verifies 'liveness' to ensure that the system is not being 'spoofed' - a common weakness with most biometric techniques. In 2015 Liopa Limited was formed as the commercial vehicle to onward develop and productise this technology. This feasibility study aims to do a detailed study of the market for biometric authentication systems, determine market requirements and potential market verticals, demonstrate an early version of the technology to a prospective customers in their environment, and product a high level business plan for the development and market introduction of a commercial product.' Secure Systems Drop
196 ConnectProtect 204585 SME-1 Dec 2016 A total cyber protection service to Small Businesses operating critical infrastructure and Residential customers This project focuses on cyber-security and aims to address any form of internal or external malware and cyber-attacks. Estimates of global financial losses due to cyber-crime are at least €350 billion per year and are expected to reach €1.89 trillion by 2019. Cyber-crime has led to the loss of up to 150,000 jobs in Europe, which is about 0.6% of the total unemployed population. In response to cyber-crime, we initiated ‘ConnectProtect’ in 2012, a total cyber protection service for SMEs and residential customers. We worked with about 20 SMEs in the UK to build this service and up to date, we developed a reporting engine capable of correlating events/logs from multiple security products across multiple organisations and constantly updating each event in real-time to generate the relevant classification of potential threat. The report engine is able to generate a case for our engineers to deal with an incident in real-time and allowing the customer to view their security state via a dashboard. We aim to further establish and understand our target market and conduct a detailed Europe wide cyber-security market study to establish the size and dynamics of the small business market; engage developmental, operational, and marketing partners for successful delivery of this project. We also seek to develop an Intellectual Property (IP) strategy to protect our solution from exploitation by other parties. Through this project we will reduce the cyber security burden in the EU from an average of €280 to between €10 and €70 per employee per month and we will create over 100 jobs through native sales language teams that would be set up in our various target countries. We will potentially save SMEs over 20% (i.e. over €1 billion) of revenue lost to cyber-crime in Europe. Secure Systems Drop
197 ThreatMark 205924 SME-1 Nov 2016 Advanced Fraud Detection System - Protecting digital transactions against cyber attacks ThreatMark vision is to secure the assets of people/companies by better protection of digital transaction systems against cyber-attacks. It dramatically improves the detection & protection capabilities of cyber-operators against threats, fraud & incidents. It allows them to increase their security by complex preparedness, rapid detection and faster response. Advanced machine learning and unique algorithms of ThreatMark make the detection of advanced threats and behavioral anomalies more sensitive and reliable while lowering the cost of operation. We challenge the conventional methods of transaction protection by bringing usually fragmented features under one roof: (online) fraud detection systems, web fraud detection, web application firewall, malware detection, criminal and account takeover detection. This is unique and appreciated by users, as proven by recent competitor analysis. The solution has been designed to answer the business opportunity that lays in plausible cyber-security market trends: (1) Steady growth of online transactions & cyber attacks/ online fraud at the same time; (2) Rise of as-a-service model providers & market (9.8%/ p.a.); (3) Pressure to decrease high expenses for complex security. The ultimate goal of this project is to bring to market system ThreatMark capable of improving the security of transactions and decreasing the resources needed. Four target groups were identified: on-line banks, high value transactions providers, secure apps, emerging digital services. Some strategic alliances with business partners exist. The sub-objectives of FS include requirements analysis, detailed business plan, technology roadmap update and company development strategy based on innovation management training. The company has already invested into its technology more than 200 000 EUR (equipment, travel, 1 500 own man-days, 2 000 man-days of academic partners from 2013). To fully enter the market in 2017 a strategic investment or funding is requested. Secure Systems Drop
198 Eye-O-T 205793 SME-1 Dec 2016 Cyber security system with a high IoT network visibility and fast vulnerability detection for Smart Homes. Today there are around 800 million connected devices in Smart Homes, which forecasted to reach 2 billion devices by 2020 - an uptick of about 250 million new devices per year. Smart Home networks become crowded, difficult to maintain and vulnerable. Today’s Smart Home systems, such as smart TVs, Internet-connected camera systems, alarm sensors, smart light bulbs or thermostats, can be hacked only in few minutes and provide a wealth of data about the way people live, bank information, legal information and etc. Perytons proposes a centralized diagnostic solution for the Smart Home Operators, called Eye-O-T. The Eye-O-T enables the operators to monitor and analyze in real time a large number of IoT networks, distributed over many remote sites and running different local communication protocols. The system is composed by plug & play probes that capture Smart Home IoT edge and gateway traffics and send it to the cloud through the existing broadband infrastructure; and an intuitive real-time dashboard. The Eye-O-T security system not only enables Smart Home owners to minimise their house and privacy vulnerability to security breaches and malicious attacks, but also reduces the Smart Home maintenance cost for operators by 30% and increases the operator’s deployment capacity of at least 10%. The Phase 1 project will allow Perytons to define a minimum viable product, plan a feasible cyber security and centralized monitoring system scale-up, elaborate the business scale up, and size the reachable market and a reliable market share. Within the overall project, Perytons aims to: scale up the solution to be able to support large scale IoT network deployment, ingrate the system with one large cloud service, interface the solution with common Network Management solutions and demonstrate Eye-O-T visibility and security trough a large scale pilot in houses with 300 probes deployed in Germany and the UK together with Smart Home Operators. Secure Systems Drop
199 PerfectDashboard 2.0 207125 SME-1 Dec 2016 First single platform for efficient and security aware management of CMS based websites This proposal addresses the very up-to-date challenge in the domain of cyber security which affects today thousands of websites administrators worldwide – ability to efficiently introduce updates to popular website engines and extensions to popular CMS platforms such as WordPress and Joomla!. In our proposal we show how our solution can increase safety in the Internet by helping web page managers be far more effective in their daily routines. These are primarily focused on updating web pages commonly developed with popular CMS platforms in order to remove identified vulnerabilities and thus prevent or mitigate hackers’ activities. With our application already proven by individual web admins an administrator may not only introduce necessary changes in the code mitigating the risk of a security breach much faster than ever before, but he or she can ensure the final effect does not impact on the web page layout and its contents. These are the features highly needed by corporate users what was verified through discussions with corporate users in media, technology and entertainment sectors. With our solution they can ensure their web services are provided in an undisturbed and secure way avoiding potential loss of reputation due to web page break and potential change of its contents. In our proposal we present the current stage of Perfect Dashboard 2.0 development, demonstrate results of the conducted trails and cornerstones of our business plan which we would like to enhance during the Phase 1 project targeting corporate users. Finally, we anticipate our plans for further evolution of our solution and its subsequent commercialization along with presentation of our potential. Perfect Dashboard 2.0 is strategically important for our company and Phase 1 project may accelerate this process beyond our current capabilities helping us resolve vital market related questions and boost our business in short time. Secure Systems Drop
200 CHINO 208765 SME-1 Jun 2017 The Health Data Security Platform for EU Developers Enterprises Digital health applications are disrupting the healthcare sector by bringing huge innovation and improving the quality of care. However, this innovation brings also some risks since those apps collect and store extremely privacy sensitive data in cloud and mobile environments. According to analysis performed by 39 Data Protection Authorities worldwide in 2014, 85% of the 1.211 analyzed mobile health apps do not comply with data protection laws and security requirements. This behavior puts at serious risk users’ privacy and trust in digital health. Chino helps application developers and enterprises to solve security and privacy law compliance issues by offering a secure platform to manage application users and how they access, store and share health sensitive data. Developers can easily integrate the Chino platform (its API) into their apps to ensure compliance, increase security, speed up application development, shorten time to market, at affordable pay-per-use cost. To ensure security of data transfers and storage Chino applies security-by-design principles and state-of-the-art security mechanisms. From compliance point of view, Chino terms of service define its liabilities and it ensures that the data management is performed according to EU and Member States laws. In addition, Chino is working on ISO 9001 & 27001 certifications, giving more guarantees to its customers. Thanks to its innovative services, the market opportunity, and the EC support (which will speed up the adequate team growth, marketing plan, technological roadmap implementation and international commercialization), the company expect to create over 46 high qualified jobs and generate a turnover over 10M€ by 2020. Furthermore, the overall results of this project will catapult Chino company as a global leader on the digital health & cyber security market. Secure Systems Hold
201 CyberSure 206520 MSCA-RISE Dec 2020 CYBER Security InSURancE — A Framework for Liability Based Trust CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems. The purpose of creating such policies will be to enhance the trustworthiness of cyber systems and provide a sound basis for liability in cases of security and privacy breaches in them. The framework will be supported by a platform of tools enabling an integrated risk cyber system security risk analysis, certification and cyber insurance, based on the analysis of objective evidence during the operation of such systems. CyberSure will develop its cyber insurance platform at TRL-7 by building upon and integrating state of the art tools, methods and techniques. These will include: (1) the state of the art continuous certification infrastructure (tools) for cloud services developed by the EU project CUMULUS; (2) the risk management tool of NIS enhanced by the NESSOS risk management methodology; and (3) insurance management tools of HELLAS. The development of the CyberSure platform will be driven by certification, risk analysis and cyber insurance scenarios for cyber system pilots providing cloud and e-health services. Through these, CyberSure will address the conditions required for offering effective cyber insurance for interoperable service chains cutting across application domains and jurisdictions. Verification & Assurance Assess
203 LocationWise 208763 SME-1 Aug 2017 LocationWise Payment Card Validation: A cloud based location verification system that willsignificantly lower cost of payment card cyber security The vision of LocationWise project is to lower fraud costs incurred by banks from €1.03 to €0.55 per transaction and thus saving Europe ca. €456 million annually. Card fraud directly costs the Single Euro Payments Area ca. €1.44 billion annually and €14.55 billion globally with banks bearing 62% of costs and merchants 38%. These are not the only costs associated with payment card fraud. The other cost (amounting to €13.13 billion globally) is associated with measures to handle legitimate transactions that would have been incorrectly flagged as fraudulent and hence blocked, for example call centre costs and lost transaction fees. Reducing or minimising these costs is no easy solution as tightening fraud risk rules directly increases false positives while loosening them has the converse effect of increasing fraudulent transactions. Given that ca. 86% of adults carry their mobile phones with them there is a high probability that the location of the mobile device is close or the same location where a transaction is occurring. LocationWise automatically queries the user’s mobile device to determine his/her location without human intervention so that fraud detection systems can, with greater accuracy, apply location data to reduce the number of fraudulent transactions and false positives. Because of its access to the widest global mobile coverage and use of multiple verification methods, LocationWise gives the most accurate location data. This reduces the number of genuine card transactions that are incorrectly flagged (based on location) as fraudulent by 51% and the number of actual fraudulent transactions by 62%. Among other things, the purpose of Feasibility Study is to better understand the target market, determine optimum platform resources required to handle a given volume of transactions and to further refine IP strategy. Secure Systems Hold
206 UNFRAUD 211535 SME-1 Sep 2017 An advanced online anti-fraud software equipped with deep learning Artificial Intelligence thatcan face and detect, current fraudulent techniques and their continued evolution in a cost effective man The impact of cybercrime is a growing concern in a society that increasingly interacts online. In the EU the cost of cybercrime has reached €871 billion a year and fraudulent card transactions amounted to €1.27 billion. The high number of online frauds coupled with the low level of cybersecurity deters businesses, and in particular SMEs who may not be able to afford comprehensive anti-fraud services, from fully exploiting the potential of e-commerce. UNFRAUD is a software product that prevents potential online fraud scenarios by analysing previous and current fraudulent invents through deep learning artificial intelligence to tackle the new challenges that fraudsters devise. UNFRAUD’s algorithms are similar to one’s used by Google for self driving cars and facial recognition (i.e. deep AI that recognizes human errors, behaviours and surroundings) and through this deep learning it is able to detect 'fraudulent' behaviour. This makes UNFRAUD much more reliable as well as greatly reducing the cost of anti-fraud services, allowing companies to operate and grow safely. During the Phase 1 feasibility study the project will focus on identifying and securing the key partners required for commercialisation, establishing a sound business model and commercialization strategy, and planning a pilot test with a bank, big e-commerce, enterprise, telecommunication company and public administration in order to fully demonstrate and assess the products capabilities.' Secure Systems Hold
207 CLTRe 211489 SME-1 Nov 2017 The Cybersecurity Behavioural Toolkit Organizations worldwide struggle to measure and document the security behaviours of their employees, effectively making it impossible to know the impact of their security awareness training programs. Human error is the main source of cybersecurity incidents, and a reduction by only a few percents could translate into millions of Euros every year. Current suppliers of Security Awareness Computer Based Training (CBT) provide training content, without being able to demonstrate end user behavioural change, only measuring training attendance or specific behaviours (pshishing assessments) that do not describe the complete use behaviours. In contrast with existing solutions, the CLTRe Toolkit is assessing the actual ideas, habits and behaviours of the employees in order to measure and improve the security culture of an organisation. The solution stores behavioural assessments over time to provide the organization with trend analysis in order to understand behavioural change over time. CLTRe offers the first the application of social sciences to measure and improve the security culture of an organization, based on a robust framework and a comprehensive toolkit. The CLTRe approach addresses the €2.6B security computer-based training and can help reduce the 121M data breaches recorded in 2015. The CTLRe toolkit leverages the existing footprint of the Security Culture Framework (a free tool developed by CTLRe and already used by 20,000 users). The phase 1 project will validate the technical and commercial feasibility of a cybersecurity behavioural toolkit offered as Software as a Service. The project will confirm the market interest (competitive analysis, willingness to pay) and recruit corporate organizations willing to trial the prototype. Identity & Privacy Hold
209 GO 4G 211188 SME-1 Dec 2017 InvizBox Go 4G - Security and Privacy, Everywhere The annual cost of cybercrime is estimated to reach nearly €3 trillion by 2019 and the value of the cyber security market will hit €100 billion. Across the EU, 68% of Internet users say they are concerned about identity theft. The highest levels of concern can be observed in France (where 80% are concerned) and Spain (79%). The problem for many people is that they are unsure how to protect themselves from these attacks on their security and privacy. This has several knock-on effects, including reduced consumer confidence, identity theft, lost revenue, lost intellectual property, and reputational damage to companies and individuals. InvizBox Go 4G provides an innovative approach to securing data on the internet and protecting user privacy with ease. InvizBox Go 4G addresses a major market opportunity by bringing to market a solution for cyber-security that currently is only available to companies and consumers by installing and configuring software on each and every device that they wish to protect. The Go 4G project will look to conduct a full technical and economic feasibility study of InvizBox Go 4G and develop a business strategy that ensures that the product’s commercial potential is maximized. The accomplishment of the project objectives will boost company growth and internationalization with an expected accumulated turnover of €19.9 million over 5 years after commercialization and generating 20 new jobs. It will also contribute to strengthening the EU competitiveness in the Cyber Security industry. Identity & Privacy Hold
211 TFence 212154 SME-1 Nov 2017 A patent pending solution/microchip for the IoT cybersecurity market requirements: no access toonline software updates, very small size, inexpensive hardware, low energy consumption. Terafence is developing a state-of-the-art Firmware/microchip, “TFence™”, patents pending, for cyber-secured connectivity, and mechanical waves to control medical implants. This advanced Firmware/chip ensures total protection from tampering by enabling data outflow while completely blocking data entry and with it malicious attacks. · The “TFence™” is designed to meet the IoT cyber security market requirements. Data outflow while completely blocking data entry and malicious attacks · One-way communication by means of small & cheap hardware Converting multi protocols from the secured network to multi protocols for the unsecured network · Supporting numerous sensors at the secured network and analyzing initial real time profiling/statistics · IoT/sensors profiling to protect from botnet activities Secure Systems Hold
212 UltraFiBi 212153 SME-1 Mar 2018 Next-generation Strong Ultrasonic Fingerprint Biometrics Biometrics is becoming increasingly popular to allow secure and passwordless authentication. The conventional fingerprint sensors currently in use are basically low-cost products mainly targeting mobile applications, such as smartphones and tablets. Due to security problems (easy to spoof), they do not meet the end-user requirements when true security and strong authentication is needed. Because ultrasound waves easily travel inside matter, a fingerprint sensor based on ultrasound provides significantly more secure authentication as it is able to capture 3D features. Ultrasound sensor is as convenient to use as other competing fingerprint sensors. Thus far, full benefits of ultrasound technology have not yet been used to meet the all end-user needs. MODULEUS will exploit technological advantages of ultrasound to address end-user needs related to high security confidence, usage convenience and privacy safeguard. The SME Phase 1 project will focus on security sector with the main objective to conceive comprehensive business plan with a strong go-to market strategy to facilitate the market expansion to high-volume markets. Secure Systems Hold
213 ProtonSuite 213334 SME-1 Mar 2018 The world’s largest secure collaboration suite Nowadays, individuals and businesses are more concerned about privacy and security than in the past and demand more secure and reliable products and services. Moreover, on May 25 2018, a new European privacy regulation, the General Data Protection Regulation (GDPR), will come into effect. This regulation will be implemented in all local privacy laws across the entire EU region and it will apply to all companies selling to and storing personal information about citizens in Europe. To achieve GDPR compliance, organisations will have to secure all communication channels (email, chat, data sharing) with customers, for which end-to-end encryption will play a key role. In such a scenario, companies have no choice than quickly adapt their data protection procedures and acquire technology that complies with the new regulation. ProtonSuite will is the first cloud-based cybersecure collaboration platform that provides users with end-to-end secure communication channels and collaboration tools. The platform is built following the essence of privacy by design, which means that privacy is taken into account from the inception of the product concept. Furthermore, the solution goes even further and tackles the biggest problem that is preventing the encryption to reach the mass audience: key distribution and key authentication. Our aim is to bring to the market ProtonSuite in 2020 with a clear vision in mind: democratize data privacy and security. Our commercial success will be based on our ability to up-sale the product to our existing customer base, attract new customers and foster our collaboration with open source community (GitHub, OpenPGP) and universities (EPFL, MIT), which are acting as our prominent evangelists. After the completion of the project, with the product commercialization we will achieve a forecasted cumulative revenue of € 98 Million. Considering the funding for phase 2 (1.8M €), we forecast a R.O.I of 6.9 (2020-2024) while payback will be reached in 2021. Identity & Privacy Hold
216 ASCLEPIOS 219333 RIA Nov 2021 Advanced Secure Cloud Encrypted Platform for Internationally Orchestrated Solutions in Healthcare The vision of ASCLEPIOS is to maximize and fortify the trust of users on cloud-based healthcare services by developing mechanisms for protecting both corporate and personal sensitive data. The core idea of the project is derived from two observations. The first is based on an extensive analysis of the market on currently available cloud-based health services that aim to preserve users’ privacy without sacrificing functionality. From this study, we observed the following: “Once data is placed on the cloud in an unencrypted form or encrypted with a key that is known to the cloud service provider, data privacy becomes an illusion”. The second observation is based on the consideration of the latest advancements in cryptography. More precisely, one of the saddest but at the same time most fascinating things about cryptography is how little cryptography we actually use. While researchers have developed many theoretical models that could enhance the security level of healthcare services, only a rudimentary set of techniques are currently in use. ASCLEPIOS is addressing these limitations by utilizing several modern cryptographic approaches to build a cloud-based eHealth framework that protects users’ privacy and prevents both internal and external attacks. ASCLEPIOS also offers the ability to users to verify the integrity of their medical devices prior using them while at the same time receiving certain guarantees about the trustworthiness of their cloud service provider. Furthermore, ASCLEPIOS offers a novel solution through which healthcare practitioners and medical researchers are able to calculate statistics on medical data in a privacy-preserving way. Finally, a list of activities with the aim to raise security awareness within the healthcare industry will be organized by project. All these results will be showcased by three real-life near production quality demonstrators provided by ASCLEPIOS healthcare partners, involving three leading European hospitals. Identity & Privacy Assess
217 CUREX 220350 RIA Nov 2021 seCUre and pRivate hEalth data eXchange The Health sector’s increasing dependence on digital information and communication infrastructures renders it vulnerable to threats to privacy and cybersecurity, especially as the theft of health data has become particularly lucrative for cyber criminals. At the same time, a breach of integrity of health data can have dramatic consequences for the patients affected. CUREX addresses comprehensively the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess the realistic cybersecurity and privacy risks they are exposed to and suggest mathematically optimal strategies for addressing these risks with safeguards tailored specifically for each business case and application. CUREX is fully GDPR compliant by design. At its core, a decentralised architecture enhanced with a private blockchain infrastructure ensures the integrity of the risk assessment process and of all data transactions that occur between the diverse range of stakeholders involved. Crucially, CUREX expands beyond technical measures and places emphasis also on improving cyber hygiene through training and raising awareness activities for a healthcare institution’s personnel. Its validation focuses on the highly challenging condition of (cross-border) health data exchange, spanning patient cross-border mobility, remote healthcare, and data exchange for research. CUREX consortium will also utilise the outcomes of the well-known MyHealthMyData project in a dedicated demonstration that will use their blockchain-enabled platform which will control the actual data exchange. We envisage that CUREX will impact the European market developing one of the first blockchain platform for risk assessment management under the GDPR. Operational Risk Assess
218 V-SPHERE 213311 SME-1 May 2018 Vulnerability Search and Prevention through Holistic End-to-end Risk Evaluation In the so-called ‘age of information’, information and communication systems (ICT) are the backbone of our digitalised society. Especially from an industrial perspective, we entrust our most delicate details to these tools and, logically, we demand the highest level of integrity and availability to avoid any eventual data loss, unavailability or, maybe more important, misuse. However, cyberattacks in EU are costing businesses around €38 billion/ year. How can we maximise our protection against these risks? Our company, Prosa Security, is developing V-SPHERE; a new solution for industrial cyber security that unveils and prevents vulnerabilities of any ICT system in a holistic way, i.e., covering all the development cycle and all company perspectives. Involving all the stakeholders in the security process, this unique approach has demonstrated to be 10 to 100 times more effective in detection than traditional methods, as well as to reduce by 3 the time allocated for quality and security assurance in SW development projects, resulting in saving from €45,000 to €300,000 per SW development project. The overall objectives of this project are: assessing the viability of V-SPHERE and building a solid business and operational plan (Phase 1); conducting the planned technical and commercial activities to prepare its commercialisation (Phase 2); and initiate the formal large scale commercialisation, seeking the promotion of V-SPHERE and the networking with financers (Phase 3). Our business opportunity is promising, with the European market of cybersecurity to reach €38.10 billion and the specific market of security testing solutions valued at €2.71 billion in 2022. The expected outcome of the project is estimated at €23.3 million by 2023, besides the creation of 27 job positions. Secure Systems Adopt
219 AF-Cyber 210306 MSCA-IF-EF-ST Jan 2020 Logic-based Attribution and Forensics in Cyber Security Recent studies states that 'Devices will continue to grow in volume and variety, and the forecast for connected devices by 2020 is 200 billion and climbing'. The increase of connectivity brings a drastic impact on the increase of cyber attacks. Protecting measurements are not enough, while finding who did the attack is a crucial for preventing the escalation of cyber attacks. AF-Cyber will relieve part of the cyberattacks problem, by supporting forensics investigation and attribution with logical-based frameworks representation, reasoning and supporting tools. AF-Cyber main core will be a logic-based framework for performing attribution of cyber attacks, based on forensics evidence and an intelligent methodology for dynamic evidence collection. It will analyse and valuate analytically Cyber Forensics applications. Different forensics reasoning rules and techniques will be extracted and a categorization of forensics evidence will be constructed. A new logical formalism will be introduced for representing the analytical and non-monotonic reasoning needed for solving the attribution problem. A tool, based on the logical framework for the attribution reasoning, will be developed. The tool will be tested with different real examples. The tool given the different evidence gives as result a quantitative/probabilistic answer of where the attack came from. A second version of the tool will be developed which will guide the forensics analyst during his work on collecting the evidence, and reasoning about them. A dynamic forensics evidence collection will be designed based on the different reasoning rules, and the involvement of data mining/machine learning algorithms. Cyber security concerns are part of ICT security and Digital Security call. AF-Cyber is in-line with the latest EU Commissions measures for addressing cyber threats, the Connected Digital Single Market: Digital Security call and ENISA’s calls for threat landscapes & cyber security exercises.' Verification & Assurance Assess
220 SIGAGuard 217549 SME-1 Jul 2018 Cybersecurity anomaly detection solution for critical infrastructures SIGAGuard is a next generation cybersecurity technology measuring low-level electric signals in order to detect at an early stage cybersecurity threats and operational anomalies in ICS-SCADA systems. SIGAGuard is the first cybersecurity solution today that monitors electrical signals generated between the control systems (PLC) and the end-point. This is important because 1) it makes the SIGA technology itself immune to cyber-attacks, as well as completely transparent to cyber-attacks on the SCADA system it is monitoring, and 2) it means that SIGAGuard effectively “insulates” the SCADA-controlled equipment from any outside interference (hacking) via the rest of the system, and can provide accurate early warning when an anomaly is detected, reducing unexpected equipment damage and increasing operational safety, efficiency, and reliability. SIGAGuard has successfully been tested with 2 large Israeli operators (Hagihon Water Company and Israel Electric Corporation) and is ready to be rolled out into the critical infrastructure protection market, estimated to grow from €90Bn in 2016 to €130 Bn by 2021 (source: Market and Markets). SIGAGuard is sold as a package of hardware and software (one-time fee depending on size/complexity, average €250k per customer) plus a 15% annual fee for service & maintenance. Unlike competing solutions that can be deceived by advanced malware able to feed fake operational parameters to supervisory systems, SIGAGuard is deployed at the lowest tier of the infrastructure (end point), providing direct feedback on the physical parameters (electric signals) of the industrial components to be monitored. This capability makes SIGAGuard the first uncircumventable solution for the detection of anomalies in critical infrastructures. SIGA is led by the former Director and the Deputy Director of Israel’s National Cyber Security Authority. Secure Systems Adopt
221 TrueProactive 217838 SME-1 Aug 2018 ROMAD TrueProactive - a next generation cyber defence software for European SMEs Modern society is increasingly dependent on electronic networks and information systems, but the evolution of ICT systems has also brought rapid growth of criminal activity that threatens citizens, businesses, governments and critical infrastructures. The cost of cybercrime reached €500B (2015) and continues to increase. Furthermore, according to EC Cybersecurity research ransomware attacks have increased by 300% since 2015. This situation with exponentially growing cybercrime numbers demonstrates that traditional antivirus protects only from KNOWN malware variants, but criminals are always one step ahead. This leaves the end users (mainly SME’s and home users) and thus European economy highly vulnerable. ROMAD Holding Ltd is a cyber security startup company originally founded in 2012 in Ukraine (registered in Cyprus). Our ground-breaking next generation endpoint defence platform will be the first able to address the burning needs of the industry. The key innovation of True Proactive™ lays on the concept of malware families and their immutable behavioral characteristics. Our platform genetically sequencing entire malware families, enabling proactively detect and block new strains. We aim at bringing Romad True Proactive™ to the market in 2021. Further testing and intensive development of core architecture, processing apparatus and the Genome database must be performed before commercialisation. During current (Phase 1) project we will re-evaluate the commercialization plan, incl. identifying target entry markets, identify most suitable distributors on each of entry markets, define strategy how to approach them. Finally, based on our Initial business plan a business opportunity of €115M arises for ROMAD Holding Ltd. We plan to make cumulative profit of €46M and hire at least 40 new employees by the 5th year of commercialization. Our mission is to give TrueProactive™ v2.0 for free of charge to schools and universities. Secure Systems Adopt
222 RESISTO 214347 IA Apr 2021 RESIlience enhancement and risk control platform for communication infraSTructure Operators Communications play a fundamental role in the economic and social well-being of the citizens and on operations of most of the CIs. Thus they are a primary target for criminals having a multiplier effect on the power of attacks and providing enormous resonance and gains. Also extreme weather events and natural disasters represents a challenge due to their increase in frequency and intensity requiring smarter resilience of the Communication CIs, which are extremely vulnerable due to the ever-increasing complexity of the architecture also in light of the evolution towards 5G, the extensive use of programmable platforms and exponential growth of connected devices. The fact that most enterprises still manage physical and cyber security independently represents a further challenge. RESISTO platform is an innovative solution for Communication CIs holistic situation awareness and enhanced resilience (aligned with ECSO objectives). Based on an Integrated Risk and Resilience analysis management and improvement process availing all resilience cycle phases (prepare, prevent, detect, absorb, etc.) and technical resilience capabilities (sense, model, infer, act, adopt), RESISTO implements an innovative Decision Support System to protect communication infrastructures from combined cyber-physical threats exploiting the Software Defined Security model on a suite of state of the art cyber/physical security components (Blockchain, Machine Learning, IoT security, Airborne threat detection, holistic audio-video analytics) and services (Responsible Disclosure Framework) for detection and reaction in presence of attacks or natural disasters. Through RESISTO Communications Operators, will be able to implement a set of mitigation actions and countermeasures that significantly reduce the impact of negative events in terms of performance losses, social consequences, and cascading effects in particular by bouncing efficiently back to original and forward to operational states of operation. Operational Risk Assess
223 SECREDAS 216109 ECSEL-RIA Apr 2021 Cyber Security for Cross Domain Reliable Dependable Automated Systems Title : Cyber Security for Cross Domain Reliable Dependable Automated Systems. Goal : SECREDAS aims to develop and validate multi-domain architecting methodologies, reference architectures & components for autonomous systems, combining high security and privacy protection while preserving functional-safety and operational performance. Verification & Assurance Assess
224 ELIoT Pro 217354 SME-2 May 2020 KEEPING YOUR CONNECTED SMART DEVICES PROTECTED AGAINST HACKERS AND CYBER ATTACKS Cyberus Labs is developing a novel cyber security platform for ultra-secure Internet of Things (IoT) networks. Currently, IoT is the wild west of cyberspace. Secure IoT is an urgent need in numerous industrial sectors. 48% of companies using IoT have been affected by breaches with detrimental impact on revenue and reputation. Cybersecurity is one of the main drivers of the IoT market growing at a CAGR of 44% but current solutions fail to provide needed protection. Strong IoT cybersecurity needs to eliminate all exploitable weak points that can be used for user and IoT device identity theft, device takeover, data theft, DDoS, cloning and Man-in-the-Middle attacks, being scalable and suitable for even the simplest devices e.g. sensors. Passwords and actionable credentials for Human to Machine (H2M) and Machine to Machine (M2M) authentication in IoT are the weakest link in cybersecurity today and credentials theft is a huge global problem. For users, passwords are a frustrating experience and for business a major cybersecurity risk. The solution: ELIoT (Easy&Lightweight IoT Protector) – an end-to-end cybersecurity solution for IoT networks. For H2M authentication in IoT environments the solution eliminates passwords – nothing for hackers to steal. Our core technology is based on the One-Time Password (OTP) user authentication protocol, mathematically proven unbreakable. For M2M in IoT environments ELIoT Pro ensures secure device-to-device authentication and data security using a lightweight encryption protocol. Unlike other crypto methods it is suitable for even simple sensors and saves battery power, which extends device lifespan. Our system is universal, easy to deploy, easy to use and ultra-secure. It is highly compatible with the growing trend of voice-controlled IoT hubs e.g. Alexa. Our 5 global technology partners are eager to license and integrate ELIoT into their IoT products, spreading its use in various IoT markets and driving company growth. Secure Systems Assess
225 CYBERSECURITY 214480 MSCA-IF-EF-ST Jul 2020 Cyber Security Behaviours The key purpose of CYBERSECURITY at the University of Oxford (UOXF or Oxford) is to carry out empirical research to understand the determinants of individual cyber security behaviours of students in France and the UK. Human Aspects Assess
226 Blocknetwork 217257 SME-1 Feb 2019 Blocknetwork - Fusing Big Data and Implementing Novel Cyber Security Solutions Data science is a driving force in today's information age. As per IDC, global revenues for Big Data and business analytics will grow from $bn 151 in 2017 to more than $bn 210 in 2020, a CAGR of 11.9%. The constant discovery of vulnerabilities in ICT components, applications, services and systems is placing the entire digital society at risk. As private and public stakeholders are becoming increasingly dependent on critical cyber-infrastructure, new solutions are needed to increase detection and response capabilities. Collecting, transferring, processing, analyzing and eventually fusing Big Data remains a complex R&D topic for even the most advanced organization. Those that can surpass the challenges and extract business value will gain significant competitive advantages. Distributed data fusion based on DataUniTor’s Blocknetwork scheme enables a highly secure but still “lightweight” solution capable of handling flowing petabytes (10^15) of data. Blocknetwork is DataUniTor’s unique implementation of blockchain schemes. DataUniTor believes that a self-organized cryptographic Blocknetwork with an evolutionary extension model is the next logical step for blockchain to track complex transactions. The Blocknetwork fuses data sources while also offering additional security features - handling larger volumes, taking fewer instructions and providing a simpler and faster response. The proprietary solution can integrate modules independently of the product provider, allowing for highly flexible structures. Based on technology demonstrations, we assess to be at TRL 6. The overriding objective of the Feasibility Study is to map out the full development and commercialization of the Blocknetwork scheme. We will analyse the technical and economic feasibility of achieving a fast market uptake to exploit a near-term € 133 mill. business opportunity (revenue 2019E-2022E) based on targeting sophisticated medium to large private and public enterprises (B2B). Secure Systems Adopt
227 SAFECARE 214348 IA Aug 2021 SAFEguard of Critical heAlth infrastructure Over the last decade the European Union has faced numerous threats that quickly increased in their magnitude, changing the lives, the habits and the fears of hundreds of millions of citizens. The sources of these threats have been heterogeneous, as well as weapons to impact the population. As Europeans, we know now that we must increase our awareness against these attacks that can strike the places we rely upon the most and destabilize our institutions remotely. Today, the lines between physical and cyber worlds are increasingly blurred. Nearly everything is connected to the Internet and if not, physical intrusion might rub out the barriers. Threats cannot be analysed solely as physical or cyber, and therefore it is critical to develop an integrated approach in order to fight against such combination of threats. Health services are at the same time among the most critical infrastructures and the most vulnerable ones. They are widely relying on information systems to optimize organization and costs, whereas ethics and privacy constraints severely restrict security controls and thus increase vulnerability. The aim of this proposal is to provide solutions that will improve physical and cyber security in a seamless and cost-effective way. It will promote new technologies and novel approaches to enhance threat prevention, threat detection, incident response and mitigation of impacts. The project will also participate in increasing the compliance between security tools and European regulations about ethics and privacy for health services. Finally, project pilots will take place in the hospitals of Marseille, Turin and Amsterdam, involving security and health practitioners, in order to simulate attack scenarios in near-real conditions. These pilot sites will serve as reference examples to disseminate the results and find customers across Europe. Secure Systems Assess
228 ADVERSARY 220487 SME-1 Feb 2019 Digital platform for hands-on cybersecurity training The cybersecurity panorama is alarming: cyberattacks in EU are costing businesses approx. €208 billion/year (1.6% of GDP), i.e. around €1.6 to €10.8 million per company. Indeed, 97% of companies are breached, only 53% of attacks are detected by internal resources and each attack takes a mean time of 99 days to be detected. Even though 90% of costs derived from cyberattacks are caused by vulnerabilities in production systems, companies still pose a reactive attitude towards attacks: 90% of them consider security an afterthought, trying to patch the eventual vulnerabilities once the system has been developed; and common security controls are focused on ‘firefighting’ attacks towards systems in the production stage instead of preventing them. However, each defect in a production system costs up to 95 times more than in the development stage, so it is clear that a more preventive approach for cybersecurity would decrease by orders of magnitude the damages caused by attacks by unveiling in earlier stages the vulnerabilities of IT systems. In order to solve these problems, ADVERSARY is a novel cybersecurity platform that helps companies minimising vulnerabilities from the very early stages of development, thanks to effective training of IT Managers and SW Developers. Our platform provides tools for hands-on cybersecurity training through a gamified experience that fosters participation, comprehension and reduces drop-outs. These activities are performed in real environments where users can experience different phenomena, and this active learning has shown to be 80% to 800% more effective for acquiring knowledge and skills. By receiving proper training on cybersecurity, our users are able to prevent vulnerabilities from the early stage of development, minimising the greater damage caused in the later stage of production. Human Aspects Adopt
229 SPHINX 220226 RIA Dec 2021 A Universal Cyber Security Toolkit for Health-Care Industry Hospitals and care centres are prime targets for cyber criminals, especially concerning data theft, denial-of-service and ransomware. This reflects the need of Healthcare Institutions for a Holistic Cyber Security vulnerability assessment toolkit, that will be able to proactively assess and mitigate cyber-security threats known or unknown, imposed by devices and services within a corporate ecosystem. SPHINX aims to introduce a Universal Cyber Security Toolkit, thus enhancing the cyber protection of Health IT Ecosystem and ensuring the patient data privacy and integrity. SPHINX toolkit will provide an automated zero-touch device and service verification toolkit that will be easily adapted or embedded on existing, medical, clinical or health available infrastructures, whereas a user/admin will be able to choose from a number of available security services through SPHINX cyber security toolkit. The SPHINX toolkit will enable service providers to specify complete services and sell or advertise these through a secure and easy to use interface. SPHINX Toolkit will be validated through pan-European demonstrations in three different scenarios. The operational properties of the proposed cyber-security ecosystem and overall solution will be validated and evaluated against performance, effectiveness and usability indicators at three different countries (Romania, Portugal and Greece). Hospitals, care centers and device manufacturers participating in the project’s pilots will deploy and evaluate the solution at business as usual and emergency situations across various use case scenarios. Secure Systems Assess
230 SERUMS 220166 RIA Dec 2021 Securing Medical Data in Smart Patient-Centric Healthcare Systems In order to achieve high quality healthcare provision, it is increasingly important to collect highly confidential and personal medical data that has been obtained from a variety of sources, including personal medical medical devices and to share this through a variety of means, including public networks and other systems whose security cannot be implicitly trusted. Patients rightly expect full privacy, except where permission has been explicitly given, but they equally expect to be provided with the best possible medical treatment. Evidence suggests that integrating home-based healthcare into a holistic treatment plan is more cost effective, reduces travel-associated risks and costs, and increases the quality of health-care provision, by allowing the incorporation of more frequent home-, work- and environment-based monitoring and testing into medical diagnostics. There is a strong and urgent demand to deliver better, more efficient and more effective healthcare solutions that can achieve excellent patient-centric healthcare provision, while also complying with increasingly strict regulations on the use and sharing of patient data. This provision needs to be multi-site, crossing traditional physical and professional boundaries of hospitals, health centers, home and workplace, and even national borders. It needs to engage hospitals, medical practitioners, consultants and other specialists, as well as incorporating patient-provided data that is produced by personal monitoring devices, health-care apps, environmental monitoring etc. This creates huge pressures The goal of the SERUMS project is to put patients at the center of future health-care provision, enhancing their personal care, and maximizing the quality of treatment that they can receive, while ensuring trust in the security and privacy of their confidential medical data. Secure Systems Assess
231 SECONDO 218323 MSCA-RISE Dec 2022 a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era SECONDO addresses the question “How can decisions about cyber security investments and cyber insurance pricing be optimised?” SECONDO will support professionals who seek cyber security investments, developed to support human decision making, and a complete well-founded security strategy. This is a timely research problem, as the rapid growth of cyber-attacks is expected to continue its upwards trajectory. Such growth presents a prominent threat to normal business operations and the EU society itself. On the other hand, an interesting, well-known, finding is that an organisation's computer systems may be less secure than a competitor's, despite having spent more money in securing them. Budget setting, cyber security investment choices and cyber insurance, in the face of uncertainties, are highly challenging tasks with massive business implications. SECONDO aims to make impact on the operation of EU businesses who often: (i) have a limited cyber security budget; and (ii) ignore the importance of cyber insurance. Cyber insurance can play a critical role to the mitigation of cyber risk. This can be done by imposing a cost on firms' cyber risk through a premium that they have to pay and the potential for paying a smaller premium should they reduce their current cyber security risk. SECONDO has a cross-disciplinary nature, combining mathematical and engineering insights to empower innovative software. Apart from the novel research results, the project will offer a software platform to narrow the gap between theoretical understanding and practice. To achieve this, the four industrial project partners will i) lead the part of the project where industrial needs will be entered as input to the requirements collection phase, and, ii) provide their innovative software for risk assessment. The three academic partners will work together to i) design and thoroughly describe the proposed methodologies, but also ii) contribute to their software development. Operational Risk Assess
232 TRINITY 219103 IA Dec 2022 Digital Technologies, Advanced Robotics and increased Cyber-security for Agile Production in Future European Manufacturing Ecosystems The main objective of TRINITY is to create a network of multidisciplinary and synergistic local digital innovation hubs (DIHs) composed of research centers, companies, and university groups that cover a wide range of topics that can contribute to agile production: advanced robotics as the driving force and digital tools, data privacy and cyber security technologies to support the introduction of advanced robotic systems in the production processes. The result will be a one-stop shop for methods and tools to achieve highly intelligent, agile and reconfigurable production, which will ensure Europe’s welfare in the future. The network will start its operation by developing demonstrators in the areas of robotics we identified as the most promising to advance agile production, e.g. collaborative robotics including sensory systems to ensure safety, effective user interfaces based on augmented reality and speech, reconfigurable robot workcells and peripheral equipment (fixtures, jigs, grippers, …), programming by demonstration, IoT, secure wireless networks, etc. These demonstrators will serve as reference implementation for two rounds of open calls for application experiments, where companies with agile production needs and sound business plans will be supported by TRINITY DIHs to advance their manufacturing processes. Besides technology-centered services, primarily laboratories with advanced robot technologies and know-how to develop innovative application experiments, TRINITY network of DIHS will also offer training and consulting services, including support for business planning and access to financing. Services of participating DIHs and dissemination of information to wider public will be provided through a digital access point that will be developed in the project. Another important activity of the project will be the preparation of a business plan to sustain the network after the end of the project funding. Secure Systems Assess
233 RADDICS 220096 ERC-COG Dec 2023 Reliable Data-Driven Decision Making in Cyber-Physical Systems This ERC project pushes the boundary of reliable data-driven decision making in cyber-physical systems (CPS), by bridging reinforcement learning (RL), nonparametric estimation and robust optimization. RL is a powerful abstraction of decision making under uncertainty and has witnessed dramatic recent breakthroughs. Most of these successes have been in games such as Go - well specified, closed environments that - given enough computing power - can be extensively simulated and explored. In real-world CPS, however, accurate simulations are rarely available, and exploration in these applications is a highly dangerous proposition. We strive to rethink Reinforcement Learning from the perspective of reliability and robustness required by real-world applications. We build on our recent breakthrough result on safe Bayesian optimization (SAFE-OPT): The approach allows - for the first time - to identify provably near-optimal policies in episodic RL tasks, while guaranteeing under some regularity assumptions that with high probability no unsafe states are visited - even if the set of safe parameter values is a priori unknown. While extremely promising, this result has several fundamental limitations, which we seek to overcome in this ERC project. To this end we will (1) go beyond low-dimensional Gaussian process models and towards much richer deep Bayesian models; (2) go beyond episodic tasks, by explicitly reasoning about the dynamics and employing ideas from robust control theory and (3) tackle bootstrapping of safe initial policies by bridging simulations and real-world experiments via multi-fidelity Bayesian optimization, and by pursuing safe active imitation learning. Our research is motivated by three real-world CPS applications, which we pursue in interdisciplinary collaboration: Safe exploration of and with robotic platforms; tuning the energy efficiency of photovoltaic powerplants and safely optimizing the performance of a Free Electron Laser. Operational Risk Assess
234 FeatureCloud 220225 RIA Dec 2023 Privacy preserving federated machine learning and blockchaining for reduced cyber risks in a world of distributed healthcare The digital revolution, in particular big data and artificial intelligence (AI), offer new opportunities to transform healthcare. However, it also harbors risks to the safety of sensitive clinical data stored in critical healthcare ICT infrastructure. In particular data exchange over the internet is perceived insurmountable posing a roadblock hampering big data based medical innovations. FeatureCloud’s transformative security-by-design concept will minimize the cyber-crime potential and enable first secure cross-border collaborative data mining endeavors. FeatureCloud will be implemented into a software toolkit for substantially reducing cyber risks to healthcare infrastructure by employing the world-wide first privacy-by-architecture approach, which has two key characteristics: (1) no sensitive data is communicated through any communication channels, and (2) data is not stored in one central point of attack. Federated machine learning (for privacy-preserving data mining) integrated with blockchain technology (for immutability and management of patient rights) will safely apply next-generation AI technology for medical purposes. Importantly, patients will be given effective means of revoking previously given consent at any time. Our ground-breaking new cloud-AI infrastructure only exchanges learned model representations which are anonymous by default. Collectively, our highly interdisciplinary consortium from IT to medicine covers all aspects of the value chain: assessment of cyber risks, legal considerations and international policies, development of federated AI technology coupled to blockchaining, app store and user interface design, implementation as certifiable prognostic medical devices, evaluation and translation into clinical practice, commercial exploitation, as well as dissemination and patient trust maximization. FeatureCloud’s goals are bold, necessary, achievable, and paving the way for a socially agreeable big data era of the Medicine 4.0 age. Secure Systems Assess
Raw
tech_radar_leap.csv
name ring quadrant isNew description
EDT Quick Wins Adopt Accelerate Digital FALSE <p>Strategic</p>
SQL Data Mart Trial Data & Analytics FALSE <p>Strategic</p>
Parachute (Phase 1) Adopt Digital Distribution FALSE <p>Contractual obligation</p>
Parachute (Phase 2) Trial Digital Distribution FALSE <p>TBD</p>
Commercial Service Line Solution Trial New Solutions FALSE <p>Revenue growth</p>
Big "I" - Innovation Assess New Solutions TRUE <p>Revenue growth</p>
Small "i" - Lift and Shift Assess New Solutions FALSE <p>Revenue growth</p>
Product Code Rework Adopt New Solutions FALSE <p>Strategic</p>
Raw
tech_radar_leap_tracks.csv
name ring quadrant isNew description
EDT Quick Wins Adopt Accelerate Digital FALSE <p>Strategic</p>
SQL Data Mart Trial Data & Analytics FALSE <p>Strategic</p>
Parachute (Phase 1) Adopt Digital Distribution FALSE <p>Contractual obligation</p>
Parachute (Phase 2) Trial Digital Distribution FALSE <p>TBD</p>
Commercial Service Line Solution Trial New Solutions FALSE <p>Revenue growth</p>
Big "I" - Innovation Assess New Solutions TRUE <p>Revenue growth</p>
Small "i" - Lift and Shift Assess New Solutions FALSE <p>Revenue growth</p>
Product Code Rework Adopt New Solutions FALSE <p>Strategic</p>
Applied Technology Lab Trial Applied Technology FALSE <p>Committed to at the end of 2021</p>
Acturis Enhancements Adopt Client Management FALSE <p>BAU</p>
Raw
tech_radar_sample.csv
name ring quadrant isNew description
Four key metrics Adopt Techniques FALSE <p>To measure software delivery performance, more and more organizations are defaulting to the <strong>four key metrics</strong> as defined by the <a href="https://www.devops-research.com/">DORA research</a> program: change lead time, deployment frequency, mean time to restore (MTTR) and change fail percentage. This research and its statistical analysis have shown a clear link between high-delivery performance and these metrics; they provide a great leading indicator for how a delivery organization as a whole is doing.</p> <p>We're still big proponents of these metrics, but we've also learned some lessons. We're still observing misguided approaches with tools that help teams measure these metrics based purely on their continuous delivery (CD) pipelines. In particular when it comes to the stability metrics (MTTR and change fail percentage), CD pipeline data alone doesn't provide enough information to determine what a deployment failure with real user impact is. Stability metrics only make sense if they include data about real incidents that degrade service for the users.</p> <p>We recommend always to keep in mind the ultimate intention behind a measurement and use it to reflect and learn. For example, before spending weeks building up sophisticated dashboard tooling, consider just regularly taking the <a href="https://www.devops-research.com/quickcheck.html">DORA quick check</a> in team retrospectives. This gives the team the opportunity to reflect on which <a href="https://www.devops-research.com/research.html#capabilities">capabilities</a> they could work on to improve their metrics, which can be much more effective than overdetailed out-of-the-box tooling. Keep in mind that these four key metrics originated out of the organization-level research of high-performing teams, and the use of these metrics at a team level should be a way to reflect on their own behaviors, not just another set of metrics to add to the dashboard.</p>
Single team remote wall Adopt Techniques FALSE <p>A <strong>single team remote wall</strong> is a simple technique to reintroduce the team wall virtually. We recommend that distributed teams adopt this approach; one of the things we hear from teams who moved to remote working is that they miss having the physical team wall. This was a single place where all the various story cards, tasks, status and progress could be displayed, acting as an information radiator and hub for the team. The wall acted as an integration point with the actual data being stored in different systems. As teams have become remote, they've had to revert to looking into the individual source systems and getting an "at a glance" view of a project has become very difficult. While there might be some overhead in keeping this up-to-date, we feel the benefits to the team are worth it. For some teams, updating the physical wall formed part of the daily "ceremonies" the team did together, and the same can be done with a remote wall.</p>
Data mesh Trial Techniques FALSE <p><a href="https://martinfowler.com/articles/data-monolith-to-mesh.html"><strong>Data mesh</strong></a> is a <em>decentralized</em> organizational and technical approach in sharing, accessing and managing data for analytics and ML. Its objective is to create a <em>sociotechnical</em> approach that scales out getting value from data as the organization's complexity grows and as the use cases for data proliferate and the sources of data diversify. Essentially, it creates a <em>responsible</em> data-sharing model that is in step with organizational growth and continuous change. In our experience, interest in the application of data mesh has grown tremendously. The approach has inspired many organizations to embrace its adoption and technology providers to repurpose their existing technologies for a mesh deployment. Despite the great interest and growing experience in data mesh, its implementations face high cost of integration. Moreover, its adoption remains limited to sections of larger organizations and technology vendors are distracting the organizations from the hard <em>socio</em> aspects of data mesh — decentralized data ownership and a federated governance operating model.</p> <p>These ideas are explored in <em><a href="https://www.amazon.com/Data-Mesh-Delivering-Data-Driven-Value/dp/1492092398">Data Mesh, Delivering Data-Driven Value at Scale</a></em>, which guides practitioners, architects, technical leaders and decision makers on their journeys from traditional big data architecture to data mesh. It provides a complete introduction to data mesh principles and its constituents; it covers how to design a data mesh architecture, guide and execute a data mesh strategy and navigate organizational design to a decentralized data ownership model. The goal of the book is to create a TRUE framework for deeper conversations and lead to the next phase in maturity of data mesh.</p>
Definition of production readiness Trial Techniques TRUE <p>In an organization that practices the "you build it, you run it" principle, a <strong>definition of production readiness</strong> (DPR) is a useful technique to support teams in assessing and preparing the operational readiness of new services. Implemented as a checklist or a template, a DPR gives teams guidance on what to think about and consider before they bring a new service into production. While DPRs do not define specific service-level objectives (SLOs) to fulfill (those would be hard to define one-size-fits-all), they remind teams what categories of SLOs to think of, what organizational standards to comply with and what documentation is required. DPRs provide a source of input that teams turn into respective product-specific requirements around, for example, observability and reliability, to feed into their product backlogs.</p> <p>DPRs are closely related to Google's concept of a <a href="https://sre.google/sre-book/evolving-sre-engagement-model/#:%7E:text=The%20most%20typical,of%20a%20service">production readiness review (PRR)</a>. In organizations that are too small to have a dedicated site reliability engineering team, or who are concerned that a review board process could negatively impact a team's flow to go live, having a DPR can at least provide some guidance and document the agreed-upon criteria for the organization. For highly critical new services, extra scrutiny on fulfilling the DPR can be added via a PRR when needed.</p>
Documentation quadrants Trial Techniques TRUE <p>Writing good documentation is an overlooked aspect of software development that is often left to the last minute and done in a haphazard way. Some of our teams have found <strong><a href="https://documentation.divio.com/">documentation quadrants</a></strong> a handy way to ensure the right artifacts are being produced. This technique classifies artifacts along two axes: The first axis relates to the nature of the information, practical or theoretical; the second axis describes the context in which the artifact is used, studying or working. This defines four quadrants in which artifacts such as tutorials, how-to guides or reference pages can be placed and understood. This classification system not only ensures that critical artifacts aren't overlooked but also guides the presentation of the content. We've found this particularly useful for creating onboarding documentation that brings developers up to speed quickly when they join a new team.</p>
Rethinking remote standups Trial Techniques TRUE <p>The term <em>standup</em> originated from the idea of standing up during this daily sync meeting, with the goal of making it short. It's a common principle many teams try to abide by in their standups: keep it crisp and to the point. But we're now seeing teams challenge that principle and <strong>rethinking remote standups</strong>. When co-located, there are lots of opportunities during the rest of the day to sync up with each other spontaneously, as a complement to the short standup. Remotely, some of our teams are now experimenting with a longer meeting format, similar to what the folks at Honeycomb call a “<a href="https://www.honeycomb.io/blog/standup-meetings-are-dead/">meandering team sync</a>.”</p> <p>It's not about getting rid of a daily sync altogether; we still find that very important and valuable, especially in a remote setup. Instead, it's about extending the time blocked in everybody's calendars for the daily sync to up to an hour, and use it in a way that makes some of the other team meetings obsolete and brings the team closer together. Activities can still include the well-tried walkthrough of the team board but are then extended by more detailed clarification discussions, quick decisions, and taking time to socialize. The technique is considered successful if it reduces the overall meeting load and improves team bonding.</p>
Server-driven UI Trial Techniques TRUE <p>When putting together a new volume of the Radar, we're often overcome by a sense of déjà vu, and the technique of <strong>server-driven UI</strong> sparks a particularly strong case with the advent of frameworks that allow mobile developers to take advantage of faster change cycles while not falling foul of an app store's policies around revalidation of the mobile app itself. We've blipped about this before from the perspective of enabling mobile development to <a href="/radar/techniques/micro-frontends-for-mobile">scale across teams</a>. Server-driven UI separates the rendering into a generic container in the mobile app while the structure and data for each view is provided by the server. This means that changes that once required a round trip to an app store can now be accomplished via simple changes to the responses the server sends. Note, we're not recommending this approach for all UI development, indeed we've experienced some horrendous, overly configurable messes, but with the backing of behemoths such as AirBnB and Lyft, we suspect it's not only us at Thoughtworks getting tired of <a href="/radar/techniques/spa-by-default">everything being done client side</a>. Watch this space.</p>
Software Bill of Materials Trial Techniques FALSE <p>With continued pressure to keep systems secure and no reduction in the general threat landscape, a machine-readable <strong>Software Bill of Materials</strong> (SBOM) may help teams stay on top of security problems in the libraries that they rely on. The recent <a href="https://en.wikipedia.org/wiki/Log4Shell">Log4Shell</a> zero-day remote exploit was critical and widespread, and if teams had had an SBOM ready, it could have been scanned for and fixed quickly. We've now had production experience using SBOMs on projects ranging from small companies to large multinationals and even government departments, and we're convinced they provide a benefit. Tools such as <a href="/radar/tools/syft">Syft</a> make it easy to use an SBOM for vulnerability detection.</p>
Tactical forking Trial Techniques TRUE <p><strong><a href="https://faustodelatog.wordpress.com/2020/10/16/tactical-forking/">Tactical forking</a></strong> is a technique that can assist with restructuring or migrating from monolithic codebases to microservices. Specifically, this technique offers one possible alternative to the more common approach of fully modularizing the codebase first, which in many circumstances can take a very long time or be very challenging to achieve. With tactical forking a team can create a new fork of the codebase and use that to address and extract one particular concern or area while deleting the unnecessary code. Use of this technique would likely be just one part of a longer-term plan for the overall monolith.</p>
Team cognitive load Trial Techniques FALSE <p>A system's architecture mimics an organizational structure and its communication. It's not big news that we should be intentional about how teams interact — see, for instance, the <a href="/radar/techniques/inverse-conway-maneuver">Inverse Conway Maneuver</a>. Team interaction is one of the variables for how fast and how easily teams can deliver value to their customers. We were happy to find a way to measure these interactions; we used the <a href="https://teamtopologies.com/book">Team Topologies</a> author's <a href="https://github.com/TeamTopologies/Team-Cognitive-Load-Assessment">assessment</a> which gives you an understanding of how easy or difficult the teams find it to build, test and maintain their services. By measuring <strong>team cognitive load</strong>, we could better advise our clients on how to change their teams' structure and evolve their interactions.</p>
Transitional architecture Trial Techniques TRUE <p>A <strong><a href="https://martinfowler.com/articles/patterns-legacy-displacement/transitional-architecture.html">transitional architecture</a></strong> is a useful practice used when replacing legacy systems. Much like scaffolding might be built, reconfigured and finally removed during construction or renovation of a building, you often need interim architectural steps during legacy displacement. Transitional architectures will be removed or replaced later on, but they're not just throwaway work given the important role they play in reducing risk and allowing a difficult problem to be broken into smaller steps. Thus they help with avoiding the trap of defaulting to a "big bang" legacy replacement approach, because you cannot make smaller interim steps line up with a final architectural vision. Care is needed to make sure the architectural "scaffolding" is eventually removed, lest it just become technical debt later on.</p>
CUPID Assess Techniques TRUE <p>How do you approach writing good code? How do you judge if you've written good code? As software developers, we're always looking for catchy rules, principles and patterns that we can use to share a language and values with each other when it comes to writing simple, easy-to-change code.</p> <p>Daniel Terhorst-North has recently made a new attempt at creating such a checklist for good code. He argues that instead of sticking to a set of rules like <a href="https://en.wikipedia.org/wiki/SOLID">SOLID</a>, using a set of properties to aim for is more generally applicable. He came up with what he calls the <strong><a href="https://dannorth.net/2022/02/10/cupid-for-joyful-coding/">CUPID</a></strong> properties to describe what we should strive for to achieve "joyful" code: Code should be composable, follow the Unix philosophy and be predictable, idiomatic and domain based.</p>
Inclusive design Assess Techniques TRUE <p>We recommend organizations assess <a href="https://www.microsoft.com/design/inclusive/"><strong>inclusive design</strong></a> as a way of making sure accessibility is treated as a first-class requirement. All too often requirements around accessibility and inclusivity are ignored until just before, if not just after, the release of software. The cheapest and simplest way to accommodate these requirements, while also providing early feedback to teams, is to incorporate them fully into the development process. In the past, we've highlighted techniques that perform a "shift-left" for security and cross-functional requirements; one perspective on this technique is that it achieves the same goal for accessibility.</p>
Operator pattern for nonclustered resources Assess Techniques FALSE <p>We're continuing to see increasing use of the <a href="/radar/tools/kubernetes-operators">Kubernetes Operator</a> pattern for purposes other than managing applications deployed on the cluster. Using the <strong>Operator pattern for nonclustered resources</strong> takes advantage of custom resource definitions and the event-driven scheduling mechanism implemented in the Kubernetes control plane to manage activities that are related to yet outside of the cluster. This technique builds on the idea of <a href="/radar/techniques/kube-managed-cloud-services">Kube-managed cloud services</a> and extends it to other activities, such as continuous deployment or reacting to changes in external repositories. One advantage of this technique over a purpose-built tool is that it opens up a wide range of tools that either come with Kubernetes or are part of the wider ecosystem. You can use commands such as diff, dry-run or apply to interact with the operator's custom resources. Kube's scheduling mechanism makes development easier by eliminating the need to orchestrate activities in the proper order. Open-source tools such as <a href="/radar/tools/crossplane">Crossplane</a>, <a href="https://fluxcd.io/">Flux</a> and <a href="/radar/platforms/argo-cd">Argo CD</a> take advantage of this technique, and we expect to see more of these emerge over time. Although these tools have their use cases, we're also starting to see the inevitable misuse and overuse of this technique and need to repeat some old advice: Just because you <em>can</em> do something with a tool doesn't mean you <em>should</em>. Be sure to rule out simpler, conventional approaches before creating a custom resource definition and taking on the complexity that comes with this approach.</p>
Service mesh without sidecar Assess Techniques TRUE <p><a href="/radar/techniques/service-mesh">Service mesh</a> is usually implemented as a reverse-proxy process, aka sidecar, deployed alongside each service instance. Although these sidecars are lightweight processes, the overall cost and operational complexity of adopting service mesh increases with every new instance of the service requiring another sidecar. However, with the advancements in <a href="/radar/platforms/ebpf">eBPF</a>, we're observing a new <a href="https://isovalent.com/blog/post/2021-12-08-ebpf-servicemesh"><strong>service mesh without sidecar</strong></a> approach where the functionalities of the mesh are safely pushed down to the OS kernel, thereby enabling services in the same node to communicate transparently via sockets without the need of additional proxies. You can try this with <a href="https://github.com/cilium/cilium-service-mesh-beta">Cilium service mesh</a> and simplify the deployment from one proxy-per-service to one proxy-per-node. We're intrigued by the capabilities of eBPF and find this evolution of service mesh to be important to assess.</p>
SLSA Assess Techniques TRUE <p>As software continues to grow in complexity, the threat vector of software dependencies becomes increasingly challenging to guard against. The recent Log4J vulnerability showed how difficult it can be to even <em>know</em> those dependencies — many companies who didn't use Log4J directly were unknowingly vulnerable simply because other software in their ecosystem relied on it. Supply chain Levels for Software Artifacts, or <strong><a href="https://slsa.dev">SLSA</a></strong> (pronounced "salsa"), is a consortium-curated set of guidance for organizations to protect against supply chain attacks, evolved from internal guidance Google has been using for years. We appreciate that SLSA doesn't promise a "silver bullet," tools-only approach to securing the supply chain but instead provides a checklist of concrete threats and practices along a maturity model. The <a href="https://slsa.dev/spec/v0.1/threats">threat model</a> is easy to follow with real-world examples of attacks, and the <a href="https://slsa.dev/spec/v0.1/requirements">requirements</a> provide guidance to help organizations prioritize actions based on levels of increasing robustness to improve their supply chain security posture. We think SLSA provides applicable advice and look forward to more organizations learning from it.</p>
The streaming data warehouse Assess Techniques TRUE <p>The need to respond quickly to customer insights has driven increasing adoption of event-driven architectures and stream processing. Frameworks such as <a href="/radar/platforms/apache-spark">Spark</a>, <a href="/radar/platforms/apache-flink">Flink</a> or <a href="/radar/platforms/kafka-streams">Kafka Streams</a> offer a paradigm where simple event consumers and producers can cooperate in complex networks to deliver real-time insights. But this programming style takes time and effort to master and when implemented as single-point applications, it lacks interoperability. Making stream processing work universally on a large scale can require a significant engineering investment. Now, a new crop of tools is emerging that offers the benefits of stream processing to a wider, established group of developers who are comfortable using SQL to implement analytics. Standardizing on SQL as the universal streaming language lowers the barrier for implementing streaming data applications. Tools like <a href="/radar/languages-and-frameworks/ksqldb">ksqlDB</a> and <a href="/radar/platforms/materialize">Materialize</a> help transform these separate applications into unified platforms. Taken together, a collection of SQL-based streaming applications across an enterprise might constitute a <strong>streaming data warehouse</strong>.</p>
TinyML Assess Techniques TRUE <p>Until recently, executing a machine-learning (ML) model was seen as computationally expensive and in some cases required special-purpose hardware. While creating the models still broadly sits within this classification, they can be created in a way that allows them to be run on small, low-cost and low-power consumption devices. This technique, called <strong><a href="https://towardsdatascience.com/an-introduction-to-tinyml-4617f314aa79">TinyML</a></strong>, has opened up the possibility of running ML models in situations many might assume infeasible. For example, on battery-powered devices, or in disconnected environments with limited or patchy connectivity, the model can be run locally without prohibitive cost. If you've been considering using ML but thought it unrealistic because of compute or network constraints, then this technique is worth assessing.</p>
Azure Data Factory for orchestration Hold Techniques FALSE <p>For organizations using Azure as their primary cloud provider, <a href="https://azure.microsoft.com/en-us/services/data-factory/">Azure Data Factory</a> is currently the default for orchestrating data-processing pipelines. It supports data ingestion, copying data from and to different storage types on prem or on Azure and executing transformation logic. Although we've had adequate experience with Azure Data Factory for simple migrations of data stores from on prem to the cloud, we discourage the use of <strong>Azure Data Factory for orchestration</strong> of complex data-processing pipelines and workflows. We've had some success with Azure Data Factory when it's used primarily to move data between systems. For more complex data pipelines, it still has its challenges, including poor debuggability and error reporting; limited observability as Azure Data Factory logging capabilities don't integrate with other products such as Azure Data Lake Storage or Databricks, making it difficult to get an end-to-end observability in place; and availability of data source-triggering mechanisms only to certain regions. At this time, we encourage using other open-source orchestration tools (e.g., <a href="/radar/tools/airflow">Airflow</a>) for complex data pipelines and limiting Azure Data Factory for data copying or snapshotting. Our teams continue to use Data Factory to move and extract data, but for larger operations we recommend other, more well-rounded workflow tools.</p>
Miscellaneous platform teams Hold Techniques TRUE <p>We previously featured <a href="/radar/techniques/platform-engineering-product-teams">platform engineering product teams</a> in Adopt as a good way for internal platform teams to operate, thus enabling delivery teams to self-service deploy and operate systems with reduced lead time and stack complexity. Unfortunately we're seeing the "platform team" label applied to teams dedicated to projects that don't have clear outcomes or a well-defined set of customers. As a result, these <strong>miscellaneous platform teams</strong>, as we call them, struggle to deliver due to high cognitive loads and a lack of clearly aligned priorities as they're dealing with a miscellaneous collection of unrelated systems. They effectively become just another general support team for things that don't fit or that are unwanted elsewhere. We continue to believe platform engineering product teams focused around a clear and well-defined (internal) product offer a better set of outcomes.</p>
Production data in test environments Hold Techniques FALSE <p>We continue to perceive <strong>production data in test environments</strong> as an area for concern. Firstly, many examples of this have resulted in reputational damage, for example, where an incorrect alert has been sent from a test system to an entire client population. Secondly, the level of security, specifically around protection of private data, tends to be less for test systems. There is little point in having elaborate controls around access to production data if that data is copied to a test database that can be accessed by every developer and QA. Although you <em>can</em> obfuscate the data, this tends to be applied only to specific fields, for example, credit card numbers. Finally, copying production data to test systems can break privacy laws, for example, where test systems are hosted or accessed from a different country or region. This last scenario is especially problematic with complex cloud deployments. Fake data is a safer approach, and tools exist to help in its creation. We do recognize there are reasons for <em>specific</em> elements of production data to be copied, for example, in the reproduction of bugs or for training of specific ML models. Here our advice is to proceed with caution.</p>
SPA by default Hold Techniques TRUE <p>We generally avoid putting blips in Hold when we consider that advice too obvious, including blindly following an architectural style without paying attention to trade-offs. However, the sheer prevalence of teams choosing a single-page application (SPA) by default when they need a website has us concerned that people aren't even recognizing SPAs as an architectural style to begin with, instead immediately jumping into framework selection. SPAs incur complexity that simply doesn't exist with traditional server-based websites: search engine optimization, browser history management, web analytics, first page load time, etc. That complexity is often warranted for user experience reasons, and tooling continues to evolve to make those concerns easier to address (although the churn in the React community around state management hints at how hard it can be to get a generally applicable solution). Too often, though, we don't see teams making that trade-off analysis, blindly accepting the complexity of <strong>SPAs by default</strong> even when the business needs don't justify it. Indeed, we've started to notice that many newer developers aren't even aware of an alternative approach, as they've spent their entire career in a framework like React. We believe that many websites will benefit from the simplicity of server-side logic, and we're encouraged by techniques like <a href="/radar/techniques/hotwire">Hotwire</a> that help close the gap on user experience.</p>
Azure DevOps Trial Platforms FALSE <p>As the <strong><a href="https://azure.microsoft.com/en-us/services/devops/">Azure DevOps</a></strong> ecosystem keeps growing, our teams are using it more with success. These services contain a set of managed services, including hosted Git repos, build and deployment pipelines, automated testing tooling, backlog management tooling and artifact repository. We've seen our teams gaining experience in using this platform with good results, which means Azure DevOps is maturing. We particularly like its flexibility; it allows you to use the services you want even if they're from different providers. For instance, you could use an external Git repository while still using the Azure DevOps pipeline services. Our teams are especially excited about <a href="https://azure.microsoft.com/en-us/services/devops/pipelines/">Azure DevOps Pipelines</a>. As the ecosystem matures, we're seeing an uptick in onboarding teams that are already on the Azure stack as it easily integrates with the rest of the Microsoft world.</p>
Azure Pipeline templates Trial Platforms TRUE <p><strong><a href="https://docs.microsoft.com/en-us/azure/devops/pipelines/process/templates?view=azure-devops">Azure Pipeline templates</a></strong> allow you to remove duplication in your Azure Pipeline definition through two mechanisms. With "includes" templates, you can reference a template such that it will expand inline like a parameterized C++ macro, allowing a simple way of factoring out common configuration across stages, jobs and steps. With "extends" templates, you can define an outer shell with common pipeline configuration, and with the <a href="https://docs.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass#required-template">required template approval</a>, you can fail the build if the pipeline doesn't extend certain templates, preventing malicious attacks against the pipeline configuration itself. Along with <a href="/radar/platforms/circleci">CircleCI</a> Orbs and the newer <a href="/radar/platforms/reusable-workflows-in-github-actions">GitHub Actions Reusable Workflows</a>, Azure Pipeline templates are part of the trend of creating modularity in pipeline design across multiple platforms, and several of our teams have been happy using them.</p>
CircleCI Trial Platforms FALSE <p>Many of our teams choose <strong><a href="http://circleci.com/">CircleCI</a></strong> for their continuous integration needs, and they appreciate its ability to run complex pipelines efficiently. The CircleCI developers continue to add new features with CircleCI, now in version 3.0. <a href="https://circleci.com/docs/2.0/concepts/#orbs">Orbs</a> and <a href="https://circleci.com/docs/2.0/executor-types/">executors</a> were called out by our teams as being particularly useful. Orbs are reusable snippets of code that automate repeated processes, speed up project setup and make it easy to integrate with third-party tools. The wide variety of executor types provides flexibility to set up jobs in Docker, Linux, macOS or Windows VMs.</p>
Couchbase Trial Platforms FALSE <p>When we originally blipped <strong><a href="https://www.couchbase.com/">Couchbase</a></strong> in 2013, it was seen primarily as a persistent cache that evolved from a merger of <a href="https://github.com/membase">Membase</a> and <a href="https://couchdb.apache.org/">CouchDB</a>. Since then, it has undergone steady improvement and an ecosystem of related tools and commercial offerings has grown up around it. Among the additions to the product suite are Couchbase Mobile and the Couchbase Sync Gateway. These features work together to keep persistent data on edge devices up-to-date even when the device is offline for periods of time due to intermittent connectivity. As these devices proliferate, we see increasing need for embedded persistence that continues to work whether or not the device happens to be connected. Recently, one of our teams evaluated Couchbase for its offline sync capability and found that this off-the-shelf capability saved them considerable effort that they otherwise would have had to invest themselves.</p>
eBPF Trial Platforms FALSE <p>For several years now, the Linux kernel has included the extended Berkeley Packet Filter (<strong><a href="https://ebpf.io/">eBPF</a></strong>), a virtual machine that provides the ability to attach filters to particular sockets. But eBPF goes far beyond packet filtering and allows custom scripts to be triggered at various points within the kernel with very little overhead. Although this technology isn't new, it's now coming into its own with the increasing use of microservices deployed as orchestrated containers. Kubernetes and service mesh technology such as <a href="/radar/platforms/istio">Istio</a> are commonly used, and they employ sidecars to implement control functionality. With new tools — <a href="https://github.com/solo-io/bumblebee">Bumblebee</a> in particular makes building, running and distributing eBPF programs much easier — eBPF can be seen as an alternative to the traditional sidecar. A maintainer of <a href="/radar/tools/cilium">Cilium</a>, a tool in this space, has even proclaimed the <a href="https://isovalent.com/blog/post/2021-12-08-ebpf-servicemesh">demise of the sidecar</a>. An approach based on eBPF reduces some overhead in performance and operation that comes with sidecars, but it doesn't support common features such as SSL termination.</p>
GitHub Actions Trial Platforms FALSE <p><strong><a href="https://docs.github.com/en/actions">GitHub Actions</a></strong> has grown considerably last year. It has proven that it can take on more complex workflows and call other actions in composite actions among other things. It still has some shortcomings, though, such as its inability to re-trigger a single job of a workflow. Although the ecosystem in the <a href="https://github.com/marketplace?type=actions">GitHub Marketplace</a> has its obvious advantages, giving third-party GitHub Actions access to your build pipeline risks sharing secrets in insecure ways (we recommend following GitHub's advice on <a href="https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions">security hardening</a>). However, the convenience of creating your build workflow directly in GitHub next to your source code combined with the ability to run GitHub Actions locally using open-source tools such as <a href="https://github.com/nektos/act">act</a> is a compelling option that has facilitated setup and onboarding of our teams.</p>
GitLab CI/CD Trial Platforms TRUE <p>If you're using <a href="https://gitlab.com/">GitLab</a> to manage your software delivery, you should also look at <strong><a href="https://docs.gitlab.com/ee/ci/">GitLab CI/CD</a></strong> for your continuous integration and continuous delivery needs. We've found it especially useful when used with on-premise GitLab and self-hosted runners, as this combination gets around authorization headaches often caused by using a cloud-based solution. Self-hosted runners can be fully configured for your purposes with the right OS and dependencies installed, and as a result pipelines can run much faster than using a cloud-provisioned runner that needs to be configured each time.</p> <p>Apart from the basic build, test and deploy pipeline, GitLab's product supports Services, Auto Devops and ChatOps among other advanced features. Services are useful in running Docker services such as Postgres or <a href="/radar/languages-and-frameworks/testcontainers">Testcontainer</a> linked to a job for integration and end-to-end testing. Auto Devops creates pipelines with zero configuration which is very useful for teams that are new to continuous delivery or for organizations with many repositories that would otherwise need to create many pipelines manually.</p>
Google BigQuery ML Trial Platforms FALSE <p>Since we last blipped about <strong><a href="https://cloud.google.com/bigquery-ml/docs">Google BigQuery ML</a></strong>, more sophisticated models such as Deep Neural Networks and AutoML Tables have been added by connecting BigQuery ML with TensorFlow and Vertex AI as its backend. BigQuery has also introduced support for time series forecasting. One of our concerns previously was <a href="/radar/techniques/explainability-as-a-first-class-model-selection-criterion">explainability</a>. Earlier this year, <a href="https://cloud.google.com/bigquery-ml/docs/reference/standard-sql/bigqueryml-syntax-xai-overview">BigQuery Explainable AI</a> was announced for general availability, taking a step in addressing this. We can also export BigQuery ML models to Cloud Storage as a Tensorflow SavedModel and use them for online prediction. There remain trade-offs like ease of "continuous delivery for machine learning" but with its low barrier to entry, BigQuery ML remains an attractive option, particularly when the data already resides in BigQuery.</p>
Google Cloud Dataflow Trial Platforms FALSE <p><strong><a href="https://cloud.google.com/dataflow/">Google Cloud Dataflow</a></strong> is a cloud-based data-processing service for both batch and real-time data-streaming applications. Our teams are using Dataflow to create processing pipelines for integrating, preparing and analyzing large data sets, with <a href="https://beam.apache.org/">Apache Beam</a>'s unified programming model on top to ease manageability. We first featured Dataflow in 2018, and its stability, performance and rich feature set make us confident to move it to Trial in this edition of the Radar.</p>
Reusable workflows in Github Actions Trial Platforms TRUE <p>We've seen increased interest in <a href="/radar/platforms/github-actions">GitHub Actions</a> since we first blipped it two Radars ago. With the release of <a href="https://docs.github.com/en/actions/using-workflows/reusing-workflows">reusable workflows</a>, GitHub continues to evolve the product in a way that addresses some of its early shortcomings. <strong>Reusable workflows in Github Actions</strong> bring modularity to pipeline design, allowing parameterized reuse even across repositories (as long as the workflow repository is public). They support explicit passing of confidential values as secrets and can pass outputs to the calling job. With a few lines of YAML, GitHub Actions now gives you the type of flexibility you see with <a href="/radar/platforms/circleci">CircleCI</a> Orbs or <a href="/radar/platforms/azure-pipeline-templates">Azure Pipeline Templates</a>, but without having to leave GitHub as a platform.</p>
Sealed Secrets Trial Platforms FALSE <p><a href="/radar/platforms/kubernetes">Kubernetes</a> natively supports a key-value object known as a secret. However, by default, Kubernetes secrets aren't really secret. They're handled separately from other key-value data so that precautions or access control can be applied separately. There is support for encrypting secrets before they are stored in <a href="https://etcd.io/">etcd</a>, but the secrets start out as plain text fields in configuration files. <strong><a href="https://github.com/bitnami-labs/sealed-secrets">Sealed Secrets</a></strong> is a combination operator and command-line utility that uses asymmetric keys to encrypt secrets so that they can only be decrypted by the controller in the cluster. This process ensures that the secrets won't be compromised while they sit in the configuration files that define a Kubernetes deployment. Once encrypted, these files can be safely shared or stored alongside other deployment artifacts.</p>
VerneMQ Trial Platforms TRUE <p><strong><a href="https://github.com/vernemq/vernemq">VerneMQ</a></strong> is an open-source, high-performance, distributed MQTT broker. We've blipped other MQTT brokers in the past like <a href="/radar/platforms/mosquitto">Mosquitto</a> and <a href="/radar/platforms/emq">EMQ</a>. Like EMQ and RabbitMQ, VerneMQ is also based on Erlang/OTP which makes it highly scalable. It scales horizontally and vertically on commodity hardware to support a high number of concurrent publishers and consumers while maintaining low latency and fault tolerance. In our internal benchmarks, we've been able to achieve a few million concurrent connections in a single cluster. While it's not new, we've used it in production for some time now, and it has worked well for us.</p>
actions-runner-controller Assess Platforms TRUE <p><strong><a href="https://github.com/actions-runner-controller/actions-runner-controller">actions-runner-controller</a></strong> is a Kubernetes <a href="https://kubernetes.io/docs/concepts/architecture/controller/">controller</a> that operates <a href="https://docs.github.com/en/actions/hosting-your-own-runners">self-hosted runners</a> for <a href="/radar/platforms/github-actions">GitHub Actions</a> on your Kubernetes cluster. With this tool you create a runner resource on Kubernetes, and it will run and operate the self-hosted runner. Self-hosted runners are helpful in scenarios where the job that your GitHub Actions runs needs to access resources that are either not accessible to GitHub cloud runners or have specific operating system and environmental requirements that are different from what GitHub provides. In those cases where you have a Kubernetes cluster, you can run your self-hosted runners as a Kubernetes pod, with the ability to scale up or down hooking into GitHub webhook events. actions-controller-runner is lightweight and scalable.</p>
Apache Iceberg Assess Platforms TRUE <p><strong><a href="https://iceberg.apache.org/">Apache Iceberg</a></strong> is an open table format for very large analytic data sets. Iceberg supports modern analytical data operations such as record-level insert, update, delete, <a href="https://iceberg.apache.org/docs/latest/spark-queries/#time-travel">time-travel queries</a>, ACID transactions, <a href="https://iceberg.apache.org/docs/latest/partitioning/#icebergs-hidden-partitioning">hidden partitioning</a> and <a href="https://iceberg.apache.org/docs/latest/evolution/">full schema evolution</a>. It supports multiple underlying file storage formats such as <a href="https://parquet.apache.org/">Apache Parquet</a>, <a href="https://orc.apache.org/">Apache ORC</a> and <a href="https://avro.apache.org/docs/1.2.0/">Apache Avro</a>. Many data-processing engines support Apache Iceberg, including SQL engines such as <a href="https://www.dremio.com/">Dremio</a> and <a href="https://trino.io/">Trino</a> as well as (structured) streaming engines such as <a href="https://spark.apache.org/">Apache Spark</a> and <a href="https://flink.apache.org/">Apache Flink</a>.</p> <p>Apache Iceberg falls in the same category as <a href="https://delta.io/">Delta Lake</a> and <a href="https://hudi.apache.org/">Apache Hudi</a>. They all more or less support similar features, but each differs in the underlying implementations and detailed feature lists. Iceberg is an independent format and is not native to any specific processing engine, hence it's supported by an increasing number of platforms, including <a href="https://docs.aws.amazon.com/athena/latest/ug/querying-iceberg.html">AWS Athena</a> and <a href="https://www.snowflake.com/">Snowflake</a>. For the same reason, Apache Iceberg, unlike native formats such as Delta Lake, may not benefit from optimizations when used with Spark.</p>
Blueboat Assess Platforms TRUE <p><strong><a href="https://github.com/losfair/blueboat">Blueboat</a></strong> is a multitenant platform for serverless web applications. It leverages the popular V8 JavaScript engine and implements commonly used web application libraries natively in <a href="/radar/languages-and-frameworks/rust">Rust</a> for security and performance. You can think of Blueboat as an alternative to <a href="/radar/platforms/cloudflare-workers">CloudFlare Workers</a> or <a href="https://deno.com/deploy">Deno Deploy</a> but with an important distinction — you have to operate and manage the underlying infrastructure. That said, we recommend you carefully assess Blueboat for your on-prem serverless needs.</p>
Cloudflare Pages Assess Platforms TRUE <p>When <a href="/radar/platforms/cloudflare-workers">Cloudflare Workers</a> was released, we highlighted it as an early function as a service (FaaS) for edge computing with an interesting implementation. The release of <strong><a href="https://pages.cloudflare.com/">Cloudflare Pages</a></strong> last April didn't feel as noteworthy, because Pages is just one in a class of many Git-backed site-hosting solutions. It did have continuous previews, a useful feature not found in most alternatives. Now, though, Cloudflare has more tightly <a href="https://blog.cloudflare.com/cloudflare-pages-goes-full-stack/">integrated Workers and Pages</a>, creating a fully integrated <a href="/radar/techniques/jamstack">Jamstack</a> solution running on the CDN. The inclusion of a key-value store and a strongly consistent coordination primitive further enhance the attractiveness of the new version of Cloudflare Pages.</p>
Colima Assess Platforms TRUE <p><strong><a href="https://github.com/abiosoft/colima">Colima</a></strong> is becoming a popular open alternative to Docker for Desktop. It provisions the Docker container runtime in a Lima VM, configures the Docker CLI on macOS and handles port-forwarding and volume mounts. Colima uses <a href="https://containerd.io/">containerd</a> as runtime, which is also the runtime on most managed Kubernetes services (thus improved dev-prod parity). With Colima you can easily use and test the latest features of containerd, such as lazy loading for container images. With its good performance, we're watching Colima as a strong potential for the open-source choice alternative to Docker for Desktop.</p>
Collibra Assess Platforms TRUE <p>In the increasingly crowded space that is the enterprise data catalog market, our teams have enjoyed working with <strong><a href="https://www.collibra.com/us/en">Collibra</a></strong>. They liked the deployment flexibility of either a SaaS or self-hosted instance, the wide range of functionality included out of the box, including data governance, lineage, quality and observability. Users also have the option to use a smaller subset of capabilities required by a more decentralized approach such as a <a href="/radar/techniques/data-mesh">data mesh</a>. The real feather in its cap has been their often overlooked customer support, which our people have found to be collaborative and supportive. Of course, there's a tension between simple data catalogs and more full featured enterprise platforms, but so far the teams using it are happy with how Collibra has supported their needs.</p>
CycloneDX Assess Platforms TRUE <p><strong><a href="https://cyclonedx.org/">CycloneDX</a></strong> is a standard for describing a machine-readable <a href="/radar/techniques/software-bill-of-materials">Software Bill of Materials</a> (SBOM). As software and compute fabrics increase in complexity, <em>software</em> becomes harder to define. Originating with OWASP, CycloneDX improves on the older SPDX standard with a broader definition that extends beyond the local machine dependencies to include runtime service dependencies. You'll also find implementations in several languages, an <a href="https://cyclonedx.org/tool-center/">ecosystem</a> of supporting integrations and a <a href="https://github.com/CycloneDX/cyclonedx-cli">CLI tool</a> that lets you analyze and change SBOMs with appropriate signing and verification.</p>
Embeddinghub Assess Platforms TRUE <p><strong><a href="https://github.com/featureform/embeddinghub">Embeddinghub</a></strong> is a vector database for machine-learning <a href="https://www.featureform.com/post/the-definitive-guide-to-embeddings">embeddings</a>, and quite similar to <a href="/radar/platforms/milvus-2-0">Milvus</a>. However, with out-of-the-box support for approximate nearest neighbor operations, partitioning, versioning and access control, we recommend you assess Embeddinghub for your embedding vector use cases.</p>
Temporal Assess Platforms TRUE <p><strong><a href="https://temporal.io/">Temporal</a></strong> is a platform for developing long-running workflows, particularly for microservice architectures. A fork of Uber’s previous OSS <a href="https://github.com/uber/cadence">Cadence</a> project, it has an event-sourcing model for long-running workflows so they can survive process/machine crashes. Although we don’t recommend using distributed transactions in microservice architectures, if you do need to implement them or long-running <a href="https://microservices.io/patterns/data/saga.html">Sagas</a>, you may want to look at Temporal.</p>
tfsec Adopt Tools FALSE <p>For our projects using <a href="/radar/tools/terraform">Terraform</a>, <strong><a href="https://github.com/liamg/tfsec">tfsec</a></strong> has quickly become a default static analysis tool to detect potential security risks. It's easy to integrate into a CI pipeline and has a growing library of checks against all of the major cloud providers and platforms like Kubernetes. Given its ease of use, we believe tfsec could be a good addition to any Terraform project.</p>
AKHQ Trial Tools TRUE <p><strong><a href="https://akhq.io/docs/#installation">AKHQ</a></strong> is a GUI for Apache Kafka that lets you manage topics, topics data, consumer groups and more. Some of our teams have found AKHQ to be an effective tool to watch the real-time status of a Kafka cluster. You can, for example, browse the topics on a cluster. For each topic, you can visualize the name, the number of messages stored, the disk size used, the time of the last record, the number of partitions, the replication factor with the in-sync quantity and the consumer group. With options for Avro and Protobuf deserialization, AKHQ can help you understand the flow of data in your Kafka environment.</p>
cert-manager Trial Tools FALSE <p><strong><a href="https://cert-manager.io/">cert-manager</a></strong> is a tool to manage your X.509 certificates within your <a href="/radar/platforms/kubernetes">Kubernetes</a> cluster. It models certificates and issuers as first-class resource types and provides certificates as a service securely to developers and applications working within the Kubernetes cluster. The obvious choice when using the Kubernetes default ingress controller, it's also recommended for others and much preferred over hand-rolling your own certificate management. Several of our teams have been using cert-manager extensively, and we've also found that its usability has much improved in the past few months.</p>
Cloud Carbon Footprint Trial Tools FALSE <p><strong><a href="https://www.cloudcarbonfootprint.org/">Cloud Carbon Footprint</a></strong> (CCF) is an open-source tool that uses cloud APIs to provide visualizations of estimated carbon emissions based on usage across AWS, GCP and Azure. The Thoughtworks team has <a href="https://www.thoughtworks.com/clients/Bringing-green-cloud-optimization-to-a-green-energy-business">successfully used the tool</a> with several organizations, including energy technology companies, retailers, digital service providers and companies that use AI. Cloud platform providers realize that it's important to help their customers understand the carbon impact of using their services, so they've begun to build similar functionality themselves. Because CCF is cloud agnostic, it allows users to view energy usage and carbon emissions for multiple cloud providers in one place, while translating carbon footprints into real-world impact such as flights or trees planted.</p> <p>In recent releases, CCF has begun to include Google Cloud and AWS-sourced optimization recommendations alongside potential energy and CO2 savings, as well as to support more cloud instance types such as GPU instances. Given the traction the tool has received and the continued addition of new features, we feel confident moving it to Trial.</p>
Conftest Trial Tools FALSE <p><strong><a href="https://github.com/open-policy-agent/conftest">Conftest</a></strong> is a tool for writing tests against structured configuration data. It relies on the <a href="https://www.openpolicyagent.org/docs/latest/policy-language/#what-is-rego">Rego language</a> from <a href="/radar/tools/open-policy-agent-opa">Open Policy Agent</a> to write tests for <a href="/radar/platforms/kubernetes">Kubernetes</a> configurations, <a href="/radar/platforms/tekton">Tekton</a> pipeline definitions or even <a href="/radar/tools/terraform">Terraform</a> plans. We've had great experiences with Conftest — and its shallow learning curve. With fast feedback from tests, our teams iterate quickly and safely on configuration changes to Kubernetes.</p>
kube-score Trial Tools TRUE <p><strong><a href="https://github.com/zegl/kube-score">kube-score</a></strong> is a tool that does static code analysis of your Kubernetes object definitions. The output is a list of recommendations for what you can improve to make your application more secure and resilient. It has a list of <a href="https://github.com/zegl/kube-score/blob/master/README_CHECKS.md">predefined checks</a> which includes best practices such as running containers with non-root privileges and correctly specifying resource limits. It's been around for some time, and we've used it in a few projects as part of a CD pipeline for Kubernetes manifests. A major drawback of kube-score is that you can't add custom policies. We typically supplement it with tools like <a href="/radar/tools/conftest">Conftest</a> in these cases.</p>
Lighthouse Trial Tools FALSE <p><strong><a href="https://developers.google.com/web/tools/lighthouse/">Lighthouse</a></strong> is a tool written by Google to assess web applications and web pages, collecting performance metrics and insights on good development practices. We've long advocated for <a href="/radar/techniques/performance-testing-as-a-first-class-citizen">performance testing as a first-class citizen</a>, and the additions to Lighthouse that we mentioned five years ago certainly helped with that. Our thinking around <a href="/radar/techniques/architectural-fitness-function">architectural fitness functions</a> created strong motivation for tools such as Lighthouse to be run in build pipelines. With the introduction of <a href="https://github.com/GoogleChrome/lighthouse-ci">Lighthouse CI</a>, it has become easier than ever to include Lighthouse in pipelines managed by <a href="https://github.com/GoogleChrome/lighthouse-ci/blob/main/docs/getting-started.md#configure-your-ci-provider">various tools</a>.</p>
Metaflow Trial Tools TRUE <p><strong><a href="https://github.com/Netflix/metaflow">Metaflow</a></strong> is a user-friendly Python library and back-end service that helps data scientists and engineers build and manage production-ready data processing, ML training and inference workflows. Metaflow provides Python APIs that structure the code as a directed graph of steps. Each step can be decorated with flexible configurations such as the required compute and storage resources. Code and data artifacts for each step's run (aka task) are stored and can be retrieved either for future runs or the next steps in the flow, enabling you to recover from errors, repeat runs and track versions of models and their dependencies across multiple runs.</p> <p>The value proposition of Metaflow is the simplicity of its idiomatic Python library: it fully integrates with the build and run-time infrastructure to enable running data engineering and science tasks in local and scaled production environments. At the time of writing, Metaflow is heavily integrated with AWS services such as S3 for its data store service and step functions for orchestration. Metaflow supports R in addition to Python. Its core features are open sourced.</p> <p>If you're building and deploying your production ML and data-processing pipelines on AWS, Metaflow is a lightweight full-stack alternative framework to more complex platforms such as <a href="/radar/tools/mlflow">MLflow</a>.</p>
Micrometer Trial Tools TRUE <p><strong><a href="https://micrometer.io/">Micrometer</a></strong> is a platform-agnostic library for metrics instrumentation on the JVM that supports Graphite, New Relic, CloudWatch and many other integrations. We've found that Micrometer has benefited both library authors and teams: library authors can include metrics instrumentation code in their libraries without needing to support each and every metrics system that their users are using; and teams can support many different metrics on back-end registries which enables organizations to collect metrics in a consistent way.</p>
NUKE Trial Tools TRUE <p><strong><a href="https://nuke.build/">NUKE</a></strong> is a build system for .NET and an alternative to either the traditional MSBuild or <a href="https://cakebuild.net/">Cake</a> and <a href="https://fake.build/">Fake</a> which we've featured previously in the Radar. NUKE represents build instructions as a C# DSL, making it easy to learn and with good IDE support. In our experience, NUKE made it really simple to build automation for .NET projects. We like the accurate static code checks and hints. We also like that we can use any NuGet package seamlessly and that the automation code can be compiled to avoid problems at runtime. NUKE isn't new, but its novel approach — using a C# DSL — and our positive overall experience prompted us to include it here.</p>
Pactflow Trial Tools FALSE <p>We've used <a href="https://github.com/pact-foundation">Pact</a> for contract testing long enough to see some of the complexity that comes with scale. Some of our teams have successfully used <strong><a href="https://pactflow.io/">Pactflow</a></strong> to reduce that friction. Pactflow runs both as software as a service and as an on-prem deployment with the same features as the SaaS offering, and it adds improved usability, security and auditing on top of the open-source Pact Broker offering. We've been pleased with our use so far and are happy to see continued effort to remove some of the overhead of managing contract testing at scale.</p>
Podman Trial Tools FALSE <p>As an alternative to <a href="/radar/platforms/docker">Docker</a>, <strong><a href="https://github.com/containers/podman">Podman</a></strong> has been validated by many of our teams. Podman introduces a daemonless engine for managing and running containers which is an interesting approach in comparison to what Docker does. Additionally, Podman can be easily run as a normal user <a href="/radar/platforms/rootless-containers">without requiring root privileges</a>, which reduces the attack surface. By using either <a href="https://opencontainers.org/">Open Container Initiative</a> (OCI) images built by <a href="https://github.com/containers/buildah">Buildah</a> or Docker images, Podman can be adapted to most container use cases. Apart from some compatibility issues with macOS, our team has had generally good experiences with Podman on Linux distributions.</p>
Sourcegraph Trial Tools FALSE <p>In our previous Radar, we featured two tools that search and replace code using an abstract syntax tree (AST) representation, <a href="/radar/tools/comby">Comby</a> and <strong><a href="https://about.sourcegraph.com/">Sourcegraph</a></strong>. Although they share some similarities, they also differ in several ways. Sourcegraph is a commercial tool (with a 10-user free tier). It's particularly suited for searching, navigating or cross-referencing in large codebases, with an emphasis on an interactive developer experience. In contrast, Comby is a lightweight open-source command-line tool for automating repetitive tasks. Because Sourcegraph is a hosted service, it also has the ability to continuously monitor code bases and send alerts when a match occurs. Now that we've gained more experience with Sourcegraph, we decided to move it into the Trial ring to reflect our positive experience — which doesn't mean that Sourcegraph is better than Comby. Each tool focuses on a different niche.</p>
Syft Trial Tools TRUE <p>One of the key elements of improving "supply chain security" is using a <a href="/radar/techniques/software-bill-of-materials">Software Bill of Materials (SBOM)</a>, which is why publishing an SBOM along with the software artifact is increasingly important. <strong><a href="https://github.com/anchore/syft">Syft</a></strong> is a CLI tool and Go library for generating an SBOM from container images and file systems. It can generate the SBOM output in multiple formats, including JSON, <a href="/radar/platforms/cyclonedx">CycloneDX</a> and SPDX. The SBOM output of Syft can be used by <a href="/radar/tools/grype">Grype</a> for vulnerability scanning. One way to publish the generated SBOM along with the image is to add it as an attestation using <a href="/radar/tools/cosign">Cosign</a>. This allows consumers of the image to verify the SBOM and to use it for further analysis.</p>
Volta Trial Tools TRUE <p>When working on multiple JavaScript codebases at the same time, it's often necessary to use different versions of Node and other JavaScript tools. On developer machines, these tools are usually installed in the user account or the machine itself, which means a solution is needed to switch between multiple installations. For Node itself there's nvm, but we want to highlight <strong><a href="https://volta.sh/">Volta</a></strong> as an alternative that we're seeing in use with our teams. Volta has several advantages over using nvm: it can manage other JavaScript tools such as Yarn; it also has the notion of pinning a version of the toolchain on a project basis, which means that developers can simply use the tools in a given code directory without having to worry about manually switching between tool versions — Volta simply uses shims in the path to select the pinned version. Written in Rust, Volta is fast and ships as a single binary without dependencies.</p>
Web Test Runner Trial Tools TRUE <p><strong><a href="https://modern-web.dev/docs/test-runner/overview/">Web Test Runner</a></strong> is a package within the <a href="https://modern-web.dev/">Modern Web</a> project, which provides several high-quality tools for modern web development with support for web standards like ES Modules. Web Test Runner is a test runner for web applications. One of its advantages compared to existing test runners is that it runs tests in the browser (which could be headless). It supports multiple browser launchers — including <a href="/radar/languages-and-frameworks/puppeteer">Puppeteer</a>, <a href="/radar/tools/playwright">Playwright</a>, and Selenium — and uses Mocha by default for the test framework. The tests run pretty fast, and we like that we can open a browser window with devtools when debugging. Web Test Runner internally uses <a href="https://modern-web.dev/docs/dev-server/overview/">Web Dev Server</a> which allows us to leverage its great plugin API for adding customized plugins for our test suite. Modern Web tools look like a very promising developer toolchain, and we're already using it in a few projects.</p>
CDKTF Assess Tools TRUE <p>By now many organizations have created sprawling landscapes of services in the cloud. Of course, this is only possible when using <a href="/radar/techniques/infrastructure-as-code">infrastructure as code</a> and mature tooling. We still like <a href="/radar/tools/terraform">Terraform</a>, not the least because of its rich and growing ecosystem. However, the lack of abstractions in HCL, Terraform's default configuration language, effectively creates a glass ceiling. Using <a href="/radar/tools/terragrunt">Terragrunt</a> pushes that up a bit further, but more and more often our teams find themselves longing for the abstractions afforded by modern programming languages. <a href="https://www.terraform.io/cdktf"><strong>Cloud Development Kit for Terraform (CDKTF)</strong></a>, which resulted from a collaboration between AWS's <a href="/radar/platforms/aws-cloud-development-kit">CDK</a> team and Hashicorp, makes it possible for teams to use several programming languages, including TypeScript and Java, to define and provision infrastructure. With this approach it follows the lead of <a href="/radar/platforms/pulumi">Pulumi</a> while remaining in the Terraform ecosystem. We've had good experiences with CDKTF but have decided to keep it in the Assess ring until it moves out of beta.</p>
Chrome Recorder panel Assess Tools TRUE <p><strong><a href="https://developer.chrome.com/docs/devtools/recorder/">Chrome Recorder panel</a></strong> is a preview feature in Google Chrome 97 that allows for simple record and playback of user journeys. While this definitely isn't a new idea, the way in which it is integrated into Chrome allows for quick creation, editing and running of scripts. The panel also integrates nicely with the performance panel, which makes getting repeated consistent feedback on page performance easier. While record/playback style testing always needs to be used with care in order to avoid brittle tests, we think this preview feature is worth assessing, especially if you're already using the Chrome Performance panel to measure your pages.</p>
Excalidraw Assess Tools TRUE <p><strong><a href="https://excalidraw.com/">Excalidraw</a></strong> is a simple but powerful online drawing tool that our teams enjoy using. Sometimes teams just need a quick picture instead of a formal diagram, for remote teams Excalidraw provides a quick way to create and share diagrams. Our teams also like the "lo-fi" look of the diagrams it can produce, which is reminiscent of the whiteboard diagrams they would have produced when co-located. One caveat: you need to pay attention to the default security — at the time of writing, anyone who has the link can see the diagram. A paid-for version provides further authentication.</p>
GitHub Codespaces Assess Tools TRUE <p><strong><a href="https://github.com/features/codespaces">GitHub Codespaces</a></strong> allows developers to create <a href="/radar/techniques/development-environments-in-the-cloud">development environments in the cloud</a> and access them through an IDE as though the environment were local. GitHub isn't the first company to implement this idea; we previously blipped about <a href="/radar/tools/gitpod">Gitpod</a>. We like that Codespaces allows environments to be standardized by using dotfiles configuration, making it quicker to onboard new team members, and that they offer VMs with up to 32 cores and 64GB memory. These VMs can be spun up in under ten seconds, potentially offering environments more powerful than a developer laptop.</p>
GoReleaser Assess Tools TRUE <p><a href="https://github.com/goreleaser/goreleaser"><strong>GoReleaser</strong></a> is a tool that automates the process of building and releasing a Go project for different architectures via multiple repositories and channels, a common need for Go projects targeting different platforms. You run the tool either from your local machine or via CI, with the tool available via several CI services thus minimizing set-up and maintenance. GoReleaser takes care of build, packaging, publishing and announcement of each release and supports different combinations of package format, package repository and source control. Although it's been around for a few years, we're surprised that more teams are not using it. If you're regularly releasing a Go codebase, this tool is worth assessing.</p>
Grype Assess Tools TRUE <p>Securing the software supply chain has become a commonplace concern among delivery teams, a concern that is reflected by the growing number of new tools in this space. <strong><a href="https://github.com/anchore/grype">Grype</a></strong> is a new lightweight vulnerability scanning tool for Docker and OCI images. It can be installed as a binary, can scan images before they're pushed to a registry, and it doesn't require a Docker daemon to run on your build agents. Grype comes from the same team that is behind <a href="/radar/tools/syft">Syft</a>, which generates <a href="/radar/techniques/software-bill-of-materials">SBOMs</a> in various formats from container images. Grype can consume the SBOM output of Syft to scan for vulnerabilities.</p>
Infracost Assess Tools TRUE <p>One often-cited advantage of moving to the cloud is transparency around infrastructure spend. In our experience, this is often not the case. Teams don't always think about the decisions they make around infrastructure in terms of financial cost which is why we previously blipped about <a href="/radar/techniques/run-cost-as-architecture-fitness-function">run cost as architecture fitness function</a>. We're intrigued by the release of a new tool called <strong><a href="https://infracost.io/">Infracost</a></strong> which aims to make cost trade-offs visible in Terraform pull requests. It's open-source software and available for macOS, Linux, Windows and Docker and supports pricing for AWS, GCP and Microsoft Azure out of the box. It also provides a public API that can be queried for current cost data. Our teams are excited by its potential, especially when it comes to gaining better cost visibility in the IDE.</p>
jc Assess Tools TRUE <p>In our previous Radar, we placed <a href="/radar/tools/modern-unix-commands">modern Unix commands</a> in Assess. One of the commands featured in that collection of tools was jq, effectively a sed for JSON. <strong><a href="https://kellyjonbrazil.github.io/jc/docs/">jc</a></strong> performs a related task: it takes the output of common Unix commands and parses the output into JSON. The two commands together provide a bridge between the Unix CLI world and the raft of libraries and tools that operate on JSON. When writing <em>simple</em> scripts, for example, for software deployment or gathering troubleshooting information, having the myriad of different Unix command output formats mapped into well-defined JSON can save a lot of time and effort. As with jq, you need to make sure the command is available. It can be installed from many of the well-known package repositories.</p>
skopeo Assess Tools TRUE <p><strong><a href="https://github.com/containers/skopeo">skopeo</a></strong> is a command line utility that performs various operations on container images and image repositories. It doesn't require a user to be root to do most of its operations nor does it require a daemon to be running. It's a useful part of a CI pipeline; we've used it to copy images from one registry to another as we promote the images. It's better than doing a pull and a push as we don't need to store the images locally. It's not a new tool, but it's useful enough and underutilized that we felt it's worth calling it out.</p>
SQLFluff Assess Tools TRUE <p>While linting is an ancient practice in the software world, it's had slower adoption in the data world. <strong><a href="https://docs.sqlfluff.com/en/stable/">SQLFluff</a></strong> is a cross-dialect SQL linter written in Python that ships with a simple command line interface (CLI), making it easy to incorporate into a CI/CD pipeline. If you're comfortable with the default conventions, then SQLFluff works without any additional configuration after installing it and will enforce a strongly opinionated set of formatting standards; setting your own conventions involves adding a configuration dotfile. The CLI can automatically fix certain classes of violations that involve formatting concerns like whitespace or uppercasing of keywords. SQLFluff is still new, but we're excited to see SQL getting some attention in the linting world.</p>
Terraform Validator Assess Tools TRUE <p>Organizations that have adopted <a href="/radar/techniques/infrastructure-as-code">infrastructure as code</a> and self-service infrastructure platforms are looking for ways to give teams a maximum of autonomy while still enforcing good security practices and organizational policies. We've highlighted <a href="/radar/tools/tfsec">tfsec</a> before and are moving it into the Adopt category in this Radar. For teams working on GCP, <a href="https://github.com/GoogleCloudPlatform/terraform-validator"><strong>Terraform Validator</strong></a> could be an option when creating a policy library, a set of constraints that are checked against Terraform configurations.</p>
Typesense Assess Tools TRUE <p><strong><a href="https://github.com/typesense/typesense">Typesense</a></strong> is a fast, typo-tolerant text search engine. For use cases with large volumes of data, Elasticsearch might still be a good option as it provides a horizontally scalable disk-based search solution. However, if you're building a latency-sensitive search application with a search index size that can fit in memory, Typesense is a powerful alternative and another option to evaluate alongside tools such as <a href="/radar/platforms/meilisearch">Meilisearch</a>.</p>
SwiftUI Adopt languages-and-frameworks FALSE <p>When Apple introduced <strong><a href="https://developer.apple.com/xcode/swiftui/">SwiftUI</a></strong> a few years ago, it was a big step forward for implementing user interfaces on all kinds of devices made by Apple. From the beginning, we liked the declarative, code-centric approach and the reactive programming model provided by <a href="/radar/languages-and-frameworks/combine">Combine</a>. We did notice, though, that writing a lot of view tests, which you still need with a model—view—viewmodel (MVVM) pattern, was not really sensible with the XCUITest automation framework provided by Apple. This gap has been closed by <a href="/radar/languages-and-frameworks/viewinspector">ViewInspector</a>. A final hurdle was the minimum OS version required. At the time of release, only the very latest versions of iOS and macOS could run applications written with SwiftUI, but because of Apple’s regular cadence of updates, SwiftUI apps can now run on practically all versions of macOS and iOS that receive security updates.</p>
Testcontainers Adopt languages-and-frameworks FALSE <p>We've had enough experience with <strong><a href="https://www.testcontainers.org/">Testcontainers</a></strong> that we think it's a useful default option for creating a reliable environment for running tests. It's a library, ported to <a href="https://github.com/testcontainers">multiple languages</a>, that Dockerizes common test dependencies — including various types of databases, queuing technologies, cloud services and UI testing dependencies like web browsers — with the ability to run custom Dockerfiles when needed. It works well with test frameworks like JUnit, is flexible enough to let users manage the container lifecycle and advanced networking and quickly sets up an integrated test environment. Our teams have consistently found this library of programmable, lightweight and disposable containers to make functional tests more reliable.</p>
Bob Trial languages-and-frameworks TRUE <p>When building an app with React Native you sometimes find yourself having to create your own modules. For example, we've encountered this need when building a UI component library for a React Native app. Creating such a module project isn't straightforward, and our teams report success using <strong><a href="https://github.com/callstack/react-native-builder-bob">Bob</a></strong> to automate this task. Bob provides a CLI to create the scaffolding for different targets. The scaffolding is not limited to core functionality but, optionally, can include example code, linters, build pipeline configuration and other features.</p>
Flutter-Unity widget Trial languages-and-frameworks TRUE <p>Flutter is increasingly popular for building cross-platform mobile apps, and Unity is great for building AR/VR experiences. A key piece in the puzzle for integrating Unity and Flutter is the <strong><a href="https://github.com/juicycleff/flutter-unity-view-widget">Flutter-Unity widget</a></strong>, which allows embedding Unity apps inside Flutter widgets. One of the key capabilities the widget offers is bi-directional communication between Flutter and Unity. We've found its performance to be pretty good as well, and we're looking forward to leveraging Unity in more Flutter apps.</p>
Kotest Trial languages-and-frameworks FALSE <p><strong><a href="https://kotest.io/">Kotest</a></strong> (previously KotlinTest) is a stand-alone testing tool for the <a href="/radar/languages-and-frameworks/kotlin">Kotlin</a> ecosystem that is continuing to gain traction within our teams across various Kotlin implementations — native, JVM or JavaScript. Key advantages are that it offers a variety of testing styles in order to structure the test suites and that it comes with a comprehensive set of matchers, which allow for expressive tests in an elegant internal DSL. In addition to its support for <a href="/radar/techniques/property-based-unit-testing">property-based testing</a> — a technique we've highlighted previously in the Radar — our teams like the solid IntelliJ plugin and the growing community of support.</p>
Swift Package Manager Trial languages-and-frameworks TRUE <p>Some programming languages, especially newer ones, have a package and dependency management solution built in. When it was introduced in 2014, Swift didn't come with a package manager, and so the macOS and iOS developer community simply kept using CocoaPods and <a href="/radar/tools/carthage">Carthage</a>, the third-party solutions that had been created for Objective-C. A couple of years later <strong><a href="https://github.com/apple/swift-package-manager">Swift Package Manager</a></strong> (SwiftPM) was started as an official Apple open-source project, and it then took another few years before Apple added support for it to Xcode. Even at that point, though, many development teams continued to use CocoaPods and Carthage, mostly because many packages were simply not available via SwiftPM. Now that most packages can be included via SwiftPM and processes have been further streamlined for both creators and consumers of packages, our teams are increasingly relying on SwiftPM.</p>
Vowpal Wabbit Trial languages-and-frameworks FALSE <p><strong><a href="https://vowpalwabbit.org/">Vowpal Wabbit</a></strong> is a general-purpose machine-learning library. Originally created at Yahoo! Research over a decade ago, Vowpal Wabbit continues to implement new algorithms in reinforcement learning. We want to highlight <a href="https://vowpalwabbit.org/blog/vowpalwabbit-9.0.0.html">Vowpal Wabbit 9.0</a>, a major release after six years, and encourage you to plan the <a href="https://vowpalwabbit.org/docs/vowpal_wabbit/python/latest/reference/python_8110_900_migration_guide.html">migration</a> as it has several usability improvements, new reductions and bug fixes.</p>
Android Gradle plugin - Kotlin DSL Assess languages-and-frameworks TRUE <p><strong>Android Gradle plugin Kotlin DSL</strong> added support for Kotlin Script as an alternative to Groovy for Gradle build scripts. The goal of replacing Groovy with Kotlin is to provide better support for refactoring and simpler editing in IDEs as well as ultimately to produce code that is easier to read and maintain. For teams already using Kotlin it also means working on the build in a familiar language. We had a team with an at least seven-year-old 450-line build script <a href="https://developer.android.com/studio/build/migrate-to-kts">migrate</a> within a few days. If you have large or complex gradle build scripts, then it's worth assessing whether Kotlin Script will produce better outcomes for your teams.</p>
Azure Bicep Assess languages-and-frameworks TRUE <p>For those who prefer a more natural language than JSON for infrastructure code, <strong><a href="https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview?tabs=bicep">Azure Bicep</a></strong> is a domain-specific language (DSL) that uses a declarative syntax. It supports reusable parameterized templates for modular resource definitions. A <a href="https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-bicep">Visual Studio Code extension</a> provides instant type-safety, intellisense and syntax checking, and the compiler allows bidirectional transpilation to and from ARM templates. Bicep's resource-oriented DSL and native integration with the Azure ecosystem make it a compelling choice for Azure infrastructure development.</p>
Capacitor Assess languages-and-frameworks TRUE <p>We've been debating the merits of cross-platform mobile development tools for nearly as long as we've been publishing the Technology Radar. We first noted a new generation of tools in 2011 when blipping about <a href="/radar/tools/cross-mobile-platforms">cross-mobile platforms</a>. Although we were skeptical of them at first, these tools have been perfected and widely adopted over the years. And nobody can debate the enduring popularity and usefulness of <a href="/radar/languages-and-frameworks/react-native">React Native</a>. <strong><a href="https://capacitorjs.com/">Capacitor</a></strong> is the latest generation of a line of tools starting with PhoneGap, then renamed to <a href="/radar/platforms/phonegap-apache-cordova">Apache Cordova</a>. Capacitor is a complete rewrite from Ionic that embraces the <a href="/radar/techniques/progressive-web-applications">progressive web app</a> style for stand-alone applications. So far, our developers like that they can address web, iOS and Android applications with a single code base and that they can manage the native platforms separately with access to the native APIs when necessary. Capacitor offers an alternative to React Native, which has many years of cross-platform experience behind it.</p>
Java 17 Assess languages-and-frameworks TRUE <p>We don't routinely feature new versions of languages, but we wanted to highlight the new long-term support (LTS) version of Java, version 17. While there are promising new features, such as the preview of <a href="https://openjdk.java.net/jeps/406">pattern matching</a>, it's the switch to the new LTS process that should interest many organizations. We recommend organizations assess new releases of Java as and when they become available, making sure they adopt new features and versions as appropriate. Surprisingly many organizations do not routinely adopt newer versions of languages even though regular updates help keep things small and manageable. Hopefully the new LTS process, alongside organizations moving to regular updates, will help avoid the "too expensive to update" trap that ends with production software running on an end-of-life version of Java.</p>
Jetpack Glance Assess languages-and-frameworks TRUE <p>Android 12 brought significant changes to app widgets that have improved the user and developer experience. For writing regular Android apps, we've expressed our preference for <a href="/radar/languages-and-frameworks/jetpack-compose">Jetpack Compose</a> as a modern way of building native user interfaces. Now, with <strong><a href="https://developer.android.com/jetpack/androidx/releases/glance">Jetpack Glance</a></strong>, which is built on top of the Compose runtime, developers can use similar declarative Kotlin APIs for writing widgets. Recently, Glance has been <a href="https://android-developers.googleblog.com/2022/01/announcing-glance-tiles-for-wear-os.html">extended</a> to support Tiles for Wear OS.</p>
Jetpack Media3 Assess languages-and-frameworks TRUE <p>Android today has several media APIs: Jetpack Media, also known as MediaCompat, Jetpack Media2 and ExoPlayer. Unfortunately, these libraries were developed independently, with different goals but overlapping functionality. Android developers not only had to choose which library to use, they also had to contend with writing adaptors or other connecting code when features from multiple APIs were needed. <a href="https://developer.android.com/jetpack/androidx/releases/media3"><strong>Jetpack Media3</strong></a> is an effort, currently in early access, to create a new API that takes common areas of functionality from the existing APIs — including UI, playback and media session handling — combining them into a merged and refined API. The player interface from ExoPlayer has also been updated, enhanced and streamlined to act as the common player interface for Media3.</p>
MistQL Assess languages-and-frameworks TRUE <p><strong><a href="https://github.com/evinism/mistql">MistQL</a></strong> is a small domain-specific language for performing computations on JSON-like structures. Originally built for handcrafted feature extraction of machine-learning models on the frontend, MistQL currently supports a JavaScript implementation for browsers and a Python implementation for server-side use cases. We quite like its clean composable functional syntax, and we encourage you to assess it based on your needs.</p>
npm workspaces Assess languages-and-frameworks TRUE <p>While many tools support multipackage development in the node.js world, npm 7 adds direct support with the addition of <strong><a href="https://docs.npmjs.com/cli/v8/using-npm/workspaces">npm workspaces</a></strong>. Managing related packages together facilitates development, allowing you, for example, to store multiple related libraries in a single repo. With npm workspaces, once you add a configuration in a top-level package.json file to refer to one or more nested package.json files, commands like <code>npm install</code> work across multiple packages, symlinking the dependent source packages into the root node_modules directory. Other npm commands are also now workspace aware, allowing you, for example, to execute <code>npm run</code> and <code>npm test</code> commands across multiple packages with a single command. Having that flexibility out of the box decreases the need for some teams to reach for another package manager.</p>
Remix Assess languages-and-frameworks TRUE <p>We witnessed the migration from server-side rendering website to single-page application in the browser, now the pendulum of web development seems to swing back to the middle. <strong><a href="https://remix.run/">Remix</a></strong> is one such example. It's a full-stack JavaScript framework. It provides fast page loads by leveraging distributed systems and native browsers instead of clumsy static builds. It has made some optimizations on nested routing and page loading, which makes page rendering seem especially fast. Many people will compare Remix with <a href="/radar/languages-and-frameworks/next-js">Next.js</a>, which is similarly positioned. We're glad to see such frameworks cleverly combining the browser run time with the server run time to provide a better user experience.</p>
ShedLock Assess languages-and-frameworks TRUE <p>Executing a scheduled task once and only once in a cluster of distributed processors is a relatively common requirement. For example, the situation might arise when ingesting a batch of data, sending a notification or performing some regular cleanup activity. But this is a notoriously difficult problem. How does a group of processes cooperate reliably over laggy and less reliable networks? Some kind of locking mechanism is required to coordinate actions across the cluster. Fortunately, a variety of distributed stores can implement a lock. Systems like <a href="https://zookeeper.apache.org/">ZooKeeper</a> and <a href="/radar/tools/consul">Consul</a> as well as databases such as DynamoDB or <a href="/radar/platforms/couchbase">Couchbase</a> have the necessary underlying mechanisms to manage consensus across the cluster. <strong><a href="https://github.com/lukas-krecan/ShedLock">ShedLock</a></strong> is a small library for taking advantage of these providers in your own Java code, if you're looking to implement your own scheduled tasks. It provides an API for acquiring and releasing locks as well as connectors to a wide variety of lock providers. If you're writing your own distributed tasks but don't want to take on the complexity of an entire orchestration platform like <a href="/radar/platforms/kubernetes">Kubernetes</a>, ShedLock is worth a look.</p>
SpiceDB Assess languages-and-frameworks TRUE <p><strong><a href="https://github.com/authzed/spicedb">SpiceDB</a></strong> is a database system, inspired by Google's <a href="https://research.google/pubs/pub48190">Zanzibar</a>, for managing application permissions. With SpiceDB, you create a schema to model the permissions requirements and use the <a href="https://docs.authzed.com/reference/api#client-libraries">client library</a> to apply the schema to one of the <a href="https://docs.authzed.com/spicedb/selecting-a-datastore">supported databases</a>, insert data and query to efficiently answer questions like "Does this user have access to this resource?" or even the inverse "What are all the resources this user has access to?" We usually advocate separating the authorization policies from code, but SpiceDB takes it a step further by separating data from the policy and storing it as a graph to efficiently answer authorization queries. Because of this separation, you have to ensure that the changes in your application's primary data store are reflected in SpiceDB. Among other Zanzibar-inspired implementations, we find SpiceDB to be an interesting framework to assess for your authorization needs.</p>
sqlc Assess languages-and-frameworks TRUE <p><strong><a href="https://github.com/kyleconroy/sqlc">sqlc</a></strong> is a compiler that generates type-safe idiomatic Go code from SQL. Unlike other approaches based on object-relational mapping (ORM), you continue to write plain SQL for your needs. Once invoked, sqlc checks the correctness of the SQL and generates performant Go code, which can be directly called from the rest of the application. With stable support for both PostgreSQL and MySQL, sqlc is worth a look, and we encourage you to assess it.</p>
The Composable Architecture Assess languages-and-frameworks TRUE <p>Developing apps for iOS has become more streamlined over time, and <a href="https://www.thoughtworks.com/radar/languages-and-frameworks/swiftui">SwiftUI</a> moving into Adopt is a sign of that. Going beyond the general nature of SwiftUI and other common frameworks, <a href="https://github.com/pointfreeco/swift-composable-architecture#the-composable-architecture"><strong>The Composable Architecture</strong></a> (TCA) is both a library and an architectural style for building apps. It was designed over the course of a series of videos, and the authors state that they had composition, testing and ergonomics in mind, building on a foundation of ideas from The Elm Architecture and Redux. As expected, the narrow scope and opinionatedness is both a strength and a weakness of TCA. We feel that teams who don't have a lot of expertise in writing iOS apps, which are often teams who may be looking after multiple related codebases with different tech stacks, stand to benefit the most from using an opinionated framework like TCA, and we like the opinions expressed in TCA.</p>
WebAssembly Assess languages-and-frameworks FALSE <p><strong><a href="http://webassembly.org/">WebAssembly</a></strong> (WASM) is the W3C standard that provides capabilities of executing code in the browser. Supported by all major browsers and backward compatible, it's a binary compilation format designed to run in the browser at near native speeds. It opens up the range of languages you can use to write front-end functionality, with early focus on C, C++ and Rust, and it's also an <a href="https://llvm.org/">LLVM compilation</a> target. When run in the sandbox, it can interact with JavaScript and shares the same permissions and security model. Portability and security are key capabilities that will enable most platforms, including mobile and IoT.</p>
Zig Assess languages-and-frameworks TRUE <p><strong><a href="https://ziglang.org/">Zig</a></strong> is a new language that shares many attributes with C but with stronger typing, easier memory allocation, support for namespacing and a host of other features. Its syntax, however, is reminiscent of JavaScript rather than C, which some may hold against it. Zig's aim is to provide a very simple language with straightforward compilation that minimizes side-effects and delivers predictable, easy-to-trace execution. Zig also provides simplified access to LLVM's <a href="https://llvm.org/">cross-compilation capability</a>. Some of our developers have found this feature so viable, they're using Zig as a cross-compiler even though they aren't writing Zig code. Zig is a novel language and worth looking into for applications where C is being considered or already in use as well as for low-level systems applications that require explicit memory manipulation.</p>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment