-
Notifications
You must be signed in to change notification settings - Fork 427
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* doc: Course automation proposal * Feedback proposal: Feedback on Essay #933 * doc: Added the feedback provided on essay * doc: Updated criterias achieved for feedback task
- Loading branch information
Showing
1 changed file
with
50 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,51 @@ | ||
| # Feedback proposal (Essay): Security of Microservices-based Applications #933 | ||
| ## Members | ||
| # Feedback | ||
|
|
||
|
|
||
| ### Members | ||
| Amar Hodzic (amarh@kth.se) | ||
|
|
||
| Github: [amarhod](https://github.com/amarhod) | ||
|
|
||
| ## Feedback on the essay "Security of Microservices-based Applications" #933 | ||
| The first essay draft can be found at #1347 | ||
| ### Summary | ||
| Overall a great essay and introduction on the topic with good language, clear structure, and ample amount of references and figures/tables. Figure 1 could be modified slightly to make it visually clearer. The description of secondary requirements could be omitted if you feel that another section could benefit from the spare word count. | ||
| Since the essay exceeds the 2100 limit (word count of 2239) according to the action that uses the "pdftotext filename | wc -w", it will have to be shortened somewhat for the final submission. | ||
| ### 1 Introduction | ||
| A great introduction that briefly but efficiently gives the reader an introduction to Microsevices-based applications (MSAs) and what connection it has to DevOps and more specifically DevSecOps. The section is well referenced and ends with a focused research question which prepares the reader for the contents in the coming sections. | ||
|
|
||
| ### 2 Security | ||
| The section gives a great technical description of the term "security". It can require some parts to be re-read to fully grasp (e.g. primary and secondary requirements). However, considering the constraints that require the essay to be compact, it does the job well with the text, figure, and bullet points! | ||
| ##### (Actionable) | ||
| The figure is compact and dense with information. A way to make it easier to comprehend visually could be to use color-coding. For instance, arrows related to the attacker terms (e.g. exploits, violates, causes) could be color-coded as red and the arrows related to the security terms (e.g. resolves, removes) could be color-coded as blue. There is also a small typo in the figure 1 legend ("adabapted"). | ||
| ### 3 Security in MSAs | ||
| This section could possibly be integrated with section 4 depending on the connection between them. | ||
| Giving a brief description (within the sentence) of the method "perimeter security" and the necessity (if there is one) of a layered approach for the "trust no one" paradigm would benefit the reader. | ||
|
|
||
| ### 4 Layers for MSA Security | ||
| This section gives a solid understanding of the different layers, to consider from a security perspective, with good examples. However, the layers that are not specific to MSAs and the essay could be omitted to allow other parts to be articulated more if the author thinks it is needed. I personally appreciate the summary on each layer even if all of them are not relevant to the research question. | ||
| ##### (Actionable) | ||
| The sub-sections could be ordered in the same order as they are mentioned in the first paragraph. Both for consistency and logical order of the abstraction levels. | ||
| ### 5 Needed Security Services | ||
| Great representation of the mappings with the figure and table! | ||
| ##### (Actionable) | ||
| Might be preferable to have the table legend above the table. | ||
| ### 6 Conclusion | ||
| A short but adequate conclusion that answers the research question posed in the introduction. | ||
|
|
||
|
|
||
| ### References | ||
| The author does a great job supporting claims with references wherever applicable. The references also hold a very high quality with the majority of them being recent (written after 2010) and coming from scientific papers. | ||
| ##### (Actionable) | ||
| There is an issue with the clickable link for reference number 2. The hyperref does not include the complete domain and path, only consisting of "https://martinfowler/". | ||
|
|
||
| ### Criterias | ||
| The criterias achieved for the whole feedback task | ||
| | | Yes | No | Remarkable | | ||
| |-------------------------------------------- | ----|----|-------------| | ||
| |The feedback includes both strengths and weaknesses about the task | Yes :small_orange_diamond:| No | n-a | | ||
| |The feedback is provided 4 business days before the task deadline | Yes | No | Within 24h after the task submission :small_orange_diamond:| | ||
| |All points are clearly actionable | Yes :small_orange_diamond:| No | PR on PR | | ||
| |The feedback is substantiated | Yes (at least 500 words) :small_orange_diamond:| No | At least 1000 words | | ||
| |The feedback contains pointers to additional material | Yes | No | One pointer is less than one week | | ||
| |The students act upon the feedback they receive | Yes | No | Document the changes made after feedback :small_orange_diamond:| |