Essay: Modern DevSecOps Security #1347
Conversation
|
If I count the words locally with the suggested command from the lecture, the essay has 2082 words. What should I do? |
FeedbackSummaryOverall a great essay and introduction on the topic with good language, clear structure, and ample amount of references and figures/tables. Figure 1 could be modified slightly to make it visually clearer. The description of secondary requirements could be omitted if you feel that another section could benefit from the spare word count. 1 IntroductionA great introduction that briefly but efficiently gives the reader an introduction to Microsevices-based applications (MSAs) and what connection it has to DevOps and more specifically DevSecOps. The section is well referenced and ends with a focused research question which prepares the reader for the contents in the coming sections. 2 SecurityThe section gives a great technical description of the term "security". It can require some parts to be re-read to fully grasp (e.g. primary and secondary requirements). However, considering the constraints that require the essay to be compact, it does the job well with the text, figure, and bullet points! (Actionable)The figure is compact and dense with information. A way to make it easier to comprehend visually could be to use color-coding. For instance, arrows related to the attacker terms (e.g. exploits, violates, causes) could be color-coded as red and the arrows related to the security terms (e.g. resolves, removes) could be color-coded as blue. There is also a small typo in the figure 1 legend ("adabapted"). 3 Security in MSAsThis section could possibly be integrated with section 4 depending on the connection between them. 4 Layers for MSA SecurityThis section gives a solid understanding of the different layers, to consider from a security perspective, with good examples. However, the layers that are not specific to MSAs and the essay could be omitted to allow other parts to be articulated more if the author thinks it is needed. I personally appreciate the summary on each layer even if all of them are not relevant to the research question. (Actionable)The sub-sections could be ordered in the same order as they are mentioned in the first paragraph. Both for consistency and logical order of the abstraction levels. 5 Needed Security ServicesGreat representation of the mappings with the figure and table! (Actionable)Might be preferable to have the table legend above the table. 6 ConclusionA short but adequate conclusion that answers the research question posed in the introduction. ReferencesThe author does a great job supporting claims with references wherever applicable. The references also hold a very high quality with the majority of them being recent (written after 2010) and coming from scientific papers. (Actionable)There is an issue with the clickable link for reference number 2. The hyperref does not include the complete domain and path, only consisting of "https://martinfowler/". |
felix-seifert
changed the title
Our script runs this command |
|
Hi @khaes-kth I realised this just now. However, I am afraid whether the counter implemented by you is always correct. I inserted the whole text from the PDF document into Libre Office Writer. The word number was indeed to high (2241 words). I then removed the period signs which seperate titles and page numbers in the content table because I assumed that they are counted as words. After removing the period signs, I got a word count of 2084. By removing the periods from the text before counting the words with Before merging the PR with the essay, please let me implement the feedback. |
* Add color coding to figure 1 for `offense` and `defense` (red and green, suggested CD colors of KTH) * Add legend for `offense` and `defense` to figure 1 * Fixed typo in image caption * No intention to omit secondary security requirements as they are important and their description is not long * Merge sections `Security in MSAs` and `Layers for MSA Security` * Change order of first mentioning of layers * Change position of caption of table 1 * No intention to change ordering of figure 2 and table 1 because table gives final results and is more detailed than figure
|
@amarhod, I am thankful for this feedback. Even though the suggested changes were not the biggest, they helped a lot and implementing the changes was very straight forward. This is how I implemented the changes (link to associated commit):
The reference section does not include and never included any clickable links. The mentioned link to the website of Martin Fowler has a linebreak after the first dot of the domain; the URL continues in the next line and is complete. The reference list gets generated automatically by the LaTeX compiler. @khaes-kth, the PR can be merged now. |
|
Thanks @felix-seifert |
khaes-kth
added
essay
Essay: Modern DevSecOps Security
Needed Security Services for Security of Microservices-based Applications (MSAs)
Members
Felix Seifert ([email protected])
GitHub: felix-seifert
Description
The proposal can be found under the #933 .
I did not describe the implementation details for the required security services. However, a table clearly states which
security services are needed, which security requirement they address and which MSA layer they deal with.
I am waiting for feedback from @amarhod .
With this essay, I aim for a distinction. I do not want to assess how good or bad I met the grading criteria. However,
I provide a list of how I think about the different aspects.
The essay can be found in the file Modern DevSecOps Security - Needed Security Services for MSAs.pdf.