### Do you have any questions regarding the tutorial or the overview document?
00:00:32 Interviewer
Do you have any questions about the tutorial or the document at all?
00:00:35 Interviewer
Or anything else.
00:00:39 Interviewer
Nope, I have though have to say honestly I'm not that deep into it now, have to read through it a few times but then.
00:00:44 Interviewee
Were we already what happened?
00:00:46 Interviewer
Bavaria. It's just all a bit text-heavy, probably been so.

### What is your current role in the company?
00:00:53 Interviewer
What is your current role in your company?
00:00:58 Interviewer
Network so I'm actually mainly network administrator and firewall security administrator.

### What kind of tasks do you usually do in your work?
00:01:06 Interviewer
OK, then that's probably interesting for you even.
00:01:08 Interviewer
So I actually found it very interesting, especially with the restrictions and we have that very often, so I.
00:01:13 Interviewee
Must very often.
00:01:15 Interviewee
Security holes often come up now and then I have to manually re-correct them.
00:01:19 Interviewee
Do you also do firewalls or I have to check then we, which is why that's so great, maybe automated somehow.
00:01:28 Interviewer
And that's then also so, 1st key you have to do. Immediately the next question yes, so just, if there are security gaps, plug the gaps and otherwise like yes.
00:01:36 Interviewee
Right, so if there really are vulnurabilities, let's say, in the firewall or some switch, or if there are security holesn through which attack may go, then I have to patch them for example. Yes, now I don't know if this framework would also come into question for something like that.

### Given enough time, can you understand the architecture of an application system that is
### described using an IaC script of an IaC technology you are familiar with?
00:01:53 Interviewee
So with my state of knowledge that would be feasible. It's more effort, because you have to model all the switches and the nix and whatever you use there, but we can answer that later at the end. Maybe it helps you there just certainly at that time to go into more depth, but if you had enough time now yes you can understand the architecture of application systems, yes with such a code, script or technology or something already made perfect.

### For how many years have you worked on tasks associated with IaC tools?
00:02:24 Interviewer
And how long have you been working with those now.
00:02:26 Interviewer
Tools for example.
00:02:31 Interviewer
Rough estimate will do.
00:02:34 Interviewer
You actually have to.
00:02:35 Interviewee
Say, We're already relatively, I know all that and we've also, we've looked at that, but we're already actually doing that.
00:02:40 Interviewee
Mostly by hand, I have to say honestly.
00:02:42 Interviewee
We don't actually do anything automated, we have that kind of thing. Don't know if you know that.
00:02:45 Interviewee
You KBK and stuff like that.
00:02:47 Interviewer
Never heard, sorry.
00:02:48 Interviewer
Maybe not. You can go automated on the switch, read out things and make changes, but it's individual steps, but something like that, for example, we've already said that.
00:02:59 Interviewer
Which helps you with that, used.
00:03:02 Interviewer
You definitely now just scripts.
00:03:04
Print you can your.
00:03:05 Interviewer
Nah, nah, nah, nah, so.
00:03:07 Interviewee
I then read out the config of all the switches that check for certain values or something and then either change them manually or if there are hundreds, then they have to be automated.
00:03:16 Interviewer
Yes, yes, that's okay. How big is the yes?
00:03:19 Interviewee
But you always have to come up with something for each use case.
00:03:21 Interviewer
Thinking about how to make it work.
00:03:22 Interviewer
Mhm, as a tip you could maybe think about creating templates. For such problems. Knows that its first step maybe automation there.
00:03:31 Interviewer
I don't know, there are certainly tools. We can also talk about it.

### How large is the company you currently work for?
### Answer: C
00:03:37 Interviewer
Next. So that I take too long. What's the approximate size of the company you're with?
00:03:42 Interviewer
Yes, WC.
00:03:45 Interviewer
1002 So c.
00:03:47 Interviewer
DOK.
00:03:49 Interviewer.
He has under 2000. c.
00:03:51 Interviewee.
Oh, I see, yeah.
00:03:53 Interviewee.
Yeah, I'm in the [redacted] too.
00:03:55 Interviewer.
Yeah, that's even still here. But we're grade C perfect here. OK, so that's demographics.

### How do you check the compliance of the software applications of your company?
00:04:05 Interviewer
So, and now for example this compliance story that there is a security gap. We checked, there s kind of like a check per se or is someone noticing?
00:04:17 Interviewer
So we use Qualis for example.
00:04:21 Interviewee
I don't know.
00:04:23 Interviewee
That's a manufacturer has scanner appliances, which we have on the internal networks differently, also from external and that simply scans, so is also agents installed on the computers and that simply scans the machines.
00:04:37 Interviewee
And feeds Qualis with vulnurability data.
00:04:41 Interviewer
So quasi already automated tool. And if a vulnerability is discovered somewhere, updates its database or something and then that checks for those as well.
00:04:49 Interviewer
Exactly. And then you just see CVEs so and so much which, but it's just of course, it's just monitoring, he can't do anything himself.
00:04:57 Interviewee
Mhm, but that's just.
00:04:59 Interviewee
One step, or yes.
00:05:01 Interviewer
Power, because I'm going yes.
00:05:03 Interviewer
By the way also so the questions.
00:05:04 Interviewer
So a little bit looser through.

### Do you use well###defined models for the compliance rules applicable to the software
### applications of your company?
00:05:05 Interviewer
Basically, you can also define your own rules, because that would be like a kind of compliance rule, so to speak. So you can define your own.
00:05:13 Interviewer
Do you define things?
00:05:16 Interviewer
Or we just use you again. These are kind of well defined models like it.
00:05:20 Interviewer
It would say yes here.
00:05:21 Interviewer.
Yeah, nah, so we just look at all the machines just off on all the gaps and he then shows for example 500 are affected by it, 1000 of it but now, we just take.
00:05:31 Interviewee
Well, we only build rules for people, for servers that shouldn't be scanned, if they keep on being too many things or can't be fixed, so actually only if things can't be fixed, then we take out and build rules for that, but now so that.
00:05:43 Interviewee
We before filter.
00:05:44 Interviewer.
OK, fog islands, mmm.
00:05:47 Interviewer.
OK, has that's kind of like that too. That's the kind of language you write those, those rules for example, where that or even not, gell, don't you know now?
00:05:57 Interviewer
How is a good one? So there is not now somehow so that you write why code somehow or otherwise.
00:06:03 Interviewer
Nah, so already wg then and.
00:06:05 Interviewee
Where you just.
00:06:05 Interviewee
Then the actually just enters the networks and what are scanned. The rest of the user friendly.


### Do you think having a well-defined and machine-readable format for compliance rules
### reduces the complexity associated with checking them?
00:06:13 Interviewer
And that's for you then too. So you think that simplifies it either way probably, but that's the way to understand it, just like that.
00:06:19 Interviewer
What kind of problems that gives you there.
00:06:21 Interviewee.
Yeah, so it covers a lot of gaps. So every month thousands are added, this can be automated, so the process, there is a gap for our end clients, so discovered on a machine there are security gaps, there is no Windows patch, you have to do something else, then it is just from our ECM so the was software distribution makes is just accordingly then built a package and that is then chased out to all but everything always manually.

### Do you think having a well###defined and machine-readable format for compliance rules
### reduces the uncertainty associated with interpreting them?
00:06:48 Interviewer
Mhm, but in itself you think that through the tool you also just feel safer? Basically yes, that's. You know what can be problems?
00:06:57 Interviewer
Well, it does bring something. Definitely.
00:06:59 Speaker 2
That's the way it is.
00:07:00 Interviewer
So it's also raising awareness, above all, that you have a little bit of back of your head and that you have to do something and that you also have to take action.
00:07:07 Speaker 2
Mhm, not anymore.

### How often do you have to deal with new compliance rules?
00:07:10 Interviewer
Then, how often do you make new rules now in the.
00:07:13 Interviewer
Cut. Something like that.
00:07:15 Interviewer.
With each month was once a week, right?
00:07:17 Interviewer
So are scanned gross I think.
00:07:21 Interviewer
And so I don't really deal with that at all. My 2 colleagues who do, well, they sit next to me, and they have an audit once a month, so to speak.
00:07:31 Interviewee
Where they often.
00:07:31 Interviewee
Gladly look at everything again and also then is so whenever they feel like it, they look in there and try to close gaps, but that's real workaround, says OK.
00:07:39 Interviewer
And then there's also K.
00:07:42 Interviewer
OK, so basically if it's once a month is checked, but now define new rules or something, in that case the ones with scans or something, those are done less frequently now.
00:07:51 Interviewee
Nah, not really.
00:07:53 Interviewer
Actually not ok.
00:07:55 Interviewee
Well, we don't have any rules. That actually means if those are fixed, he shouldn't even show up next time DVE or something.
00:08:01 Interviewer
Mhm, yeah yeah, once quasi defined and then the again.
00:08:05 Interviewer
Showing up at best.

### How much do you agree with the following statement: using IACMF reduces the effort
### associated with defining and checking compliance rules?
### Answer: 3
00:08:12 Interviewer
Now the questions come to the tool itself. Yes, that's more of a number enter and I'm really standing now on the question just how much we falling statement using ISCMF reduced the afford associated with defining and checking compliance rules 125.
00:08:39 Interviewee
What is it about now? About success, right?
00:08:42 Interviewer
The the effort so to speak. Do you think the effort to define and check such rules compliance rules now?
00:08:51 Interviewer
Will be reduced by that.
00:08:55 Interviewer
I'm not offended. Just death honestly.
00:08:59 Interviewer
So I would have it again at.
00:09:03 Interviewee
Now times with maybe 3 or 4, because I must say, it is indeed really good and I would also support that, but it is already real, if I think about, I have now my boss here 169 SG Dingsbums there must be made now and I want them first of all the 169 created have you now automatic import gives somehow simply reinziehen and then that would be of course a 5.
00:09:29 Interviewee
But I think of course.
00:09:29 Interviewer.
So a 3 or a.
00:09:31 Interviewer
4 Just say paid a three, okay.
00:09:35 Interviewee.
A 3 because it does have each for each. So if I think about, these are with us for example, that has 1000 security gaps and if I now here security somehow.
00:09:44 Interviewee
First have to create it manually.
00:09:48 Interviewee
OK, but is of course for the gap. You just put, once you have it on a stand, then you put.
00:09:53 Interviewee
Every single other one.
00:09:56 Interviewer.
Interesting, then we can think if you can integrate something like that. So next question yes.
00:09:59 Interviewee
Exactly, if you just automate that, then would be.
00:10:02 Interviewer
That's already awesome. Yeah, exactly so next question you think.
00:10:08 Interviewer
You, that on which? On how?

### How much do you agree with the following statement: using IACMF reduces the complexity
### associated with defining and checking compliance rules?
### Answer: 4
00:10:12 Interviewer
On which of a scale from 1 to 5 would you say that ERCMF reduces the complexity with the defined checks of compliance? So now creating a rule like that, that's easier than if you had to do it all by hand now or write a new script like that every time you do 1000 boxes now or whatever.
00:10:35 Interviewee
Yeah, I would say do it then.
00:10:38 Interviewer.
 OK, a 4 like that.

### How much do you agree with the following statement: using well###defined models for
### compliance rules reduces the uncertainty associated with interpreting them?
### Answer: 4
00:10:45 Interviewer
Now it's ne, is sort of a follow up question to the previous one. Basically you think that so what is called well defined models, just fixed language or so ne, so ne language has basically the uncertainty with interpreting such rules somehow reduced or improved. Yeah so now if you know, OK, there's some vulnerability now and I can now write down how the vulnerability aussi
00:11:09 Interviewer
And and sort of to find out that it, that it's there somewhere. Do you think that helps you to use models like that to make the problem a little bit more tangible then.
00:11:27 Interviewee.
I have to be honest, I don't understand the question.
00:11:30 Interviewer
OK, wait try another way then.
00:11:34 Interviewer
So the institution and social interpreting.
00:11:39 Interviewer
Do you think describing such a security problem so a rule makes it easier for you to understand it also then what yes actually.
00:11:47 Interviewer
Oh so I feel myself.
00:11:48 Interviewer
Yes, for yourself is
00:11:49 Interviewee
Or for others.
00:11:50 Interviewer
Oh, of course. So if I have to deal with it and exactly so.
00:11:54 Interviewee
But there I would.
00:11:55 Interviewer
So if you just city loose text now just like hey like this sticks. Yeah, were these sticks in the video start, that's more like a prose text. Quotation marks already has yeah but now if I were to say OK I could kind of graphically or some code style kind of write it down directly that's it.
00:12:12 Interviewer
Problem if it's better for you then to identify and interpret this so n problem than now so a text the question basically.
00:12:20 Interviewer.
Yeah, yeah, actually 5.
00:12:21 Speaker 2.
I would say.
00:12:24 Interviewer
Where do you have to do? Ne 4?
00:12:26 Interviewer
B 4 OK.
00:12:28 Interviewer
But it makes already consciously also of the rulebooks then afterwards, if what there is made directly.
00:12:34 Interviewer.
As if that is now piece of code or now really so a graphic model or otherwise completely independent of it is just there. Is just something fixed fixed language behind it so to speak or model language OK.

###  How do you reconstruct the architecture of running application instances you need to
### understand?
### Answer: Networktopology by hand
00:12:52 Interviewer
If you have an application now for example, do you guys.
00:12:55 Interviewer.
Quasi reconstruct the architecture of the application or the network, in your case probably somehow. So if you for example there's anything switches that didn't recognize or maybe a wireless around or something in between do something something, build topologies or whatever.
00:13:13 Interviewer
But you know then.
00:13:13 Interviewer
Basically always what thing is just simple.
00:13:16 Interviewer
So we have network plan halt by hand times.
00:13:18 Interviewer
Made for example.
00:13:20 Interviewee
But now also for our servers. So we have hundreds of servers running.
00:13:25 Interviewee
No, actually. They just run.

### Do you use any (semi-)automated tools for this purpose?
### Answer: A tool which scans single machine for vulnerabilities 
00:13:30 Interviewer
So you guys don't have automated tool now.
00:13:32 Interviewer
Or something like that.
00:13:33 Interviewer
Or a semi-automated tool. If you now for example this what's it called again quasi for everything, sorry that Qualis that there's just network IP and then look at you or like.
00:13:46 Interviewee
Right there IP goes on and then it hunts against it and looks for the gaps.
00:13:51 Interviewer
So there's not kind of like a discovery tool that says hey do you have network and look what you find in there. Kind of like a universal.
00:13:58 Interviewer
Plug n Play.
00:13:59 Interviewer
Or some kind of call, right?
00:14:01 Interviewer
He doesn't do it that way either.
00:14:03 Interviewer
Nah, but it is indeed like that. So our entire network infrastructure is going to be completely rebuilt in the next few months.
00:14:12 Interviewee
And there's a DNA center from Cisco. I don't know if I said that.
00:14:16 Interviewee
But it's from Cisco monitoring, monitoring and distribution. That is, there is actually so, there would be then templates for the switch written, for the different locations, so best are actually all the same, but then you plug switch and.
00:14:31 Interviewee
That then finds.
00:14:33 Interviewee
You are network automatic. The center then gets all its config settings automatically.
00:14:38 Interviewer
So there is such an automatic deployment configuration.
00:14:41 Interviewer
Exactly. But then the switch is also in a certain state and is monitored. But there will be no further ne now.
00:14:46 Interviewer
But that is not yet the case. That is currently not yet so OK.
00:14:50 Interviewer
Nah, that's coming now. So we have the goods is.
00:14:52 Interviewee
Everything in the basement, but if you.
00:14:54 Interviewer.
Mhm. OK, yeah.
00:14:56 Interviewee
A couple of hundred thousand has to.
00:14:57 Interviewer
OK, so currently you don't really have an automated tool now or you could say now and so times concretely to say you have this now.
00:15:05 Interviewer
The tool what the halt where the IP purely gives it does for a box maybe so on check what is there so on it or so and then I see OK that.
00:15:13 Interviewer
Is something already?
00:15:14 Interviewer
So we have given certain ranks of the servers and such a little. We don't have to work, we all know P CS with us we have almost the same office stuff or something on it.

### How much do you agree with the following statement: using IACMF reduces the effort
### associated with reconstructing the architecture of running application instances?
## Answer: 4
00:15:23 Interviewer
OK so I'll believe right then.
00:15:26 Interviewer
The 1st to 5th question again.
00:15:31 Interviewer
The IACMF does the reconstruct from the architecture or in your case network just kind of simplify the task. Do you think it's not or is it?
00:15:43 Interviewer
Have you seen a video now that there are different systems that could enable that there?
00:15:49 Interviewer
So for our use case. We don't have that many different things, but I would say if you really then so with this Open tosca and then Kubernetes cluster if.
00:15:58 Interviewee
You have something like that then.
00:15:59 Interviewee
Mhm, then also thousands of machines running or so or applications, or that is of course already ne crasse.
00:16:06 Interviewee
Mhm, so I would rather go to.
00:16:08 Interviewee
Also go to the 4.
00:16:10 Interviewer
On the 4. OK, good.
00:16:13 Interviewer.
Yeah, you can expand that, of course. It's always one of those things because it's, I think, specific because so network Discovery I've also hacked before and also another story.
00:16:22 Interviewer
Let's see but that can be done, so that's also, network therefore do, and I think that will be your same, there some space, so next question.

### What do you do if you find out that a running application instance violates a compliance
### rule?
00:16:36 Interviewer
That's actually already addressed a little bit like that. So what does you do when the running application breaks yes any rules? Yes, that's where you have the tool of course of fix.
00:16:44 Interviewer
Did you say.
00:16:44 Interviewer
Right.
00:16:46 Interviewer
Basically or one time stop.
00:16:49 Interviewee
By hand solution search if these are policies or so group policies on Windows domain or.
00:16:56 Interviewee
Mhm must be rationalized, then it is simply ironed over, but that is then looked at individually for each case and then?
00:17:04 Interviewer
That looks yes, but then it just does it through this Windows configuration of these groups, policies and all the it.
00:17:10 Interviewer
There is yes.
00:17:12 Interviewer
Or just about this. Microsoft has also MEC a software distribution solution.
00:17:16 Interviewer
And about the then simply either the latest Windows updates or the latest the software just made different. Yeah something like that.
00:17:25 Interviewer
OK, so.
00:17:25 Interviewer
And with both switching just more complicated. We actually have to do a lot of that as well.
00:17:32 Interviewee
Is the readout of the 1. With switches you can just have the CONFIG looked at with our tool and then I can hold the I s written he then so parameter looks easy and then we hold that writes I know how much approximately but then the change affects.
00:17:47 Interviewee
I do them rather manually.
00:17:50 Interviewer
OK, but that's just once per switch or just a script. Then per switch makes or so or?
00:17:58
Yeah, OK.
00:18:00 Interviewer
But it just takes forever. So a lot of time, for example, we now have about 20 firewalls in use, area-wide.
00:18:08 Interviewee
Like all the page connections and if there is a security patch, which there was 2 weeks ago, then it takes a few hours again because you have to look at every single one, install it, or we already have it, if it were automated it would be great.
00:18:25 Interview
There is apparently nothing from Cisco.
00:18:28 Interviewee
So there won't be.
00:18:28 Interviewer
As a network is always hard, I have to be honest. So we had that also with Open Top chambers, so discussion wanted to configure actually do you type times briefly with your C oh rather not you are cold water.


### How much do you agree with the following statement: using IACMF reduces the effort
### associated with fixing compliance violations?
### Answer: 5
00:18:43 Interviewer
OK, then next questions. You see already are.
00:18:48 Interviewer
1 to 5 questions.
00:18:52 Interviewer
The EMF reduces the effort to fix so set of rules, break, breaks.
00:19:01 Interviewer
Yes, that's it, 5 yes.
00:19:05 Interviewer.
Can be inserted is and I then all the machines in one fell swoop.
00:19:08 Interviewer
Maybe already super.
00:19:09 Interviewer
Yes OK 5.

### How much do you agree with the following statement: having well defined models for
### compliance jobs reduces the uncertainty associated with handling detected compliance
### violations?
### Answer: 4
00:19:17 Interviewer
Peter is a mistake, if you now just again the question about this language model, history yes so if I now again a fixed language or so somehow a graphic model would have or otherwise like that me what helps me yes these around such a Compliance break or so ne rule break to discover or watch, yes that helps me with the understanding for it also would.
00:19:39 Interviewer
You say yes or no rather.
00:19:42 Interviewer.
Yes, more like ne 4.
00:19:56 Interviewer
So, and that's where I think we are.
00:19:58 Interviewer.
On the last one.


### How do you evaluate the novelty of the framework?
### Answer: It seems to be novel enough ? (had some connection issues it seems)
00:20:02 Interviewer.
How would you describe the.
00:20:04 Interviewer
So you think IACMF is something new? Really kind of, what not. Maybe not groundbreaking, but something that would be kind of maybe very useful and still kind of has a gap in the day to day life of sort of an IT administrator in that case.
00:20:19 Interviewer
Yes, it is.
00:20:21 Interviewer.
I would definitely see it that way. Yeah, so I do.
00:20:24 Interviewer
Haven't heard anything about it now, all that.
00:20:28 Interviewee
I could run it all automated.
00:20:31 Interviewee
I think that's good, but.
00:20:33 Interviewee
As I said, it's a lot of work.
00:20:35 Interviewer
The effort ne.
00:20:36 Interviewer
Dictate how old.
00:20:39 Interviewee
Please, if I have to do it.
00:20:46 Interviewer.
It's still there.
00:20:48 Interviewer.
Yeah, now I'm back, maybe kicked out.
00:20:52 Interviewer
Now it's just catching a little bit, but I see that you.
00:20:54 Interviewer
Moving you OK.

### How do you evaluate the extensibility of the framework?
### Answer: Reporting is one big feature which must be extensible
00:20:57 Interviewer
So then straight to the next question. How would you rate the extensibility of the framework, in your own words?
00:21:09 Interviewer
How can I extend it even more?
00:21:12 Interviewer
So you have, you've seen, you have these plugins above now architecture video to, so to Discovery.
00:21:19 Interviewer
Yeah, what is there on a box or how are you connected maybe? Could you extend everything, then of course you can extend discovery and in itself.
00:21:29 Interviewer
Was there as far as I know still in the video itself the the fixing of it there the there are also still reporting tools, so for example detects that someone gets an e mail.
00:21:39 Interviewer
Something like that were.
00:21:40 Interviewer
Built in I think, but that wouldn't hähä yeah now.
00:21:43 Interviewer
Yes, of course that is.
00:21:44 Speaker 2.
Do you think there's.
00:21:46 Interviewer
Yeah, so ne story is just, if you know that now. That's the expandability.
00:21:51 Interviewer
For example would you want to be able to kind of expand more on? There's some area where you see that maybe there's a gap.
00:22:01 Interviewer.
The number 1 will be *******.
00:22:02 Interviewer
To you that yes, or is that enough for you what's there?
00:22:08 Interviewee
So for the Linux machines now and for the Windows.
00:22:14 Interviewer
Tina and group Netis and.
00:22:17 Interviewee
So for my use case, of course, would be nice. Like I said, so Cisco IOS tethering could kind of.
00:22:25 Interviewee
But really thick.
00:22:25 Interviewer
The whole management frameworks ne.
00:22:27 Interviewee
Exactly. But the most important point is, the reporting. Is of course an authoritative one, what you as a customer on.
00:22:33 Interviewee
Every case needs.
00:22:34 Interviewee
Mhm, so if we had to use software now, for example, and s 1 couldn't do proper reporting, then he would actually be out of the running right away, because only what I also the.
00:22:46 Interviewee
supervisor or the data protection officer in the house or so, which she can then just look at, so much has been fixed.
00:22:54 Interviewee
It really has use.
00:22:57 Interviewee
Is already very important.
00:22:58 Interviewer
Yes, so reporting, yes, I know that also very important because people what is thing.
00:23:01 Interviewer
Do I have that?
00:23:03 Interviewer
What one after.
00:23:04 Interviewee
Properly can show is a little bit yes.
00:23:07 Interviewer
Yeah, they're just itching for the traffic lights at the end of the day.
00:23:11 Interviewer
Red, yellow or green? Yes.

###  Would you use the framework in your work?
###  Answer: Yes
00:23:15 Interviewer
So and of course the last question, second to last question, now would you use the framework in your work and if so what areas? Of course we talked now times, but just interview.
00:23:26 Interviewee
Yeah, so I would actually.
00:23:29 Interviewee
I guess I would also use it. I would just have to get into the Winery all the stuff and take everything.
00:23:35 Interviewee
But we already have a lot of switches as I said. Interesting it becomes in the area of Windows, one is so deeply on rather on Linux, with us is so, we have almost let's say 90% Windows server.
00:23:48 Interviewee
And I don't know now how it works there. Then agent on it or you have to install SSH client on the server and so?
00:23:53 Interviewee
Is it read out? I know.
00:23:55 Interviewee
Not how this framework worked.
00:23:59 Interviewer
So at could of course now just so in advance already so that's why write such a plugin, Windows knows what they do are TP or so what was that then not MT what's the Windows protocol called there?
00:24:14 Interviewer
You're not switching. Bonjour, that was Apple or something. Oh never mind, it can be extended, plug in basically probably.
00:24:21 Interviewee
OK, because it's already in there with Windows.
00:24:26 Interviewer.
I don't know what else the [redacted] did. I hacked half a year ago last there, with the but can be, I don't even remember.
00:24:34 Interviewer
But OK, so.
00:24:37 Interviewer
Would you do, would have to work in of course.
00:24:39 Interviewer
Exactly so and especially if halt also Windows.
00:24:42 Interviewer
With displayable, that would already be 1.
00:24:44 Interviewer
Is the Windows stuff accurate?
00:24:46 Interviewer
Exactly that makes patch stands not. What one there so everything.

### What is your general impression?
### Answers: maybe better integration with winery/modeller
### + Random talking
00:24:53 Interviewer
Do you have to times that we interesting evaluation of course then the question, of course the last, what is your general impression, can you give now again for you maybe so a summary or otherwise, what you wish, what you find good, what was not so good?
00:25:10 Interviewee
So I personally have to say, I have me, I needed a few until I understood what was in English, I'm so good and then there's technical background, then I'm so yes ne I found it really.
00:25:24 Interviewee
Really good that the hold.
00:25:26 Interviewee
First of all finds the machines this check and I keep very differentiate can what machines want to check so I don't leave so much or?
00:25:35 Interviewee
Must not always check everything if special part is. That is finds.
00:25:40 Interviewee
Then possibly still Fixt around me another report. Actually the process you would have to have
00:25:47 Interviewee
Found I personally a very good thing.
00:25:51 Interviewee
Then nicer for me would be if of course that was implemented somehow. So.
00:25:55 Interviewee
That you just now not so on 2 surfaces.
00:25:58 Interviewee
And then the one that has to copy.
00:26:01 Interviewee
But that one.
00:26:01 Interviewee
Says here lays.
00:26:05 Interviewee
It system on then here, wants to build the rules and do you want to filter so that it maybe so from A to z so.
00:26:10 Interviewee
Just by click bar.
00:26:12 Interviewer
Well, everything a pipes.
00:26:12 Interviewee
Is. And that's what it means, you're just carried out beautifully from start to finish and then you have.
00:26:18 Interviewee.
Everything about my work, everything covered. I guess times different when other.

00:26:25 Interviewer
Yeah, so that's just all this EDMM is. Yes, and that is actually an arrow at the end. Yes, so it can theoretically just take editor, if you are now rather so the type, yes then you do not have to paint now necessarily little pictures, yes, it goes also everything in such a typical modeling language or or text based if you want and from the time you can put any tools also over it, so that's already feasible.
00:26:51 Interviewee
That means that Winery.
00:26:53 Interviewee
There I only put on the systems to demonstrate them and so that then the that the framework knows against which machine to check.
00:27:02 Interviewer
Yeah, so that's kind of. It's such a generic, general modeling tool of our applications, and that's just extended.
00:27:10 Interviewer
Quasi to model now exactly these compliance rules.
00:27:13 Interviewer
But it's always this graph based story. Have you seen these trees and whatever you can say. And that's just the language underneath, whether that has to be this tool now is first.
00:27:22 Interviewer
Wurscht. Yes, and it's just this Tosca language. In the background is first of all mutton or XML just as you want and whether you now make your own tool on it or not at all, that's up to you, ne OK.
00:27:35 Interviewer
Of course, you could also consider whether it's better for you or not.

00:27:39 Interviewee
Yes, because that this pinwheels for example, which speaks this game, yes not at all with the servers the year before. Or but I have seen, that has then also the IP address.
00:27:52 Interviewee
I think since.
00:27:54 Interviewer
That was from the tool Halt from the Open Tosca tool, because Discovery worked with that tool, because now for example you can.
00:28:00 Interviewer
I don't know. Do you know boss?
00:28:01 Interviewer
Pup, PET or phone or anything like that ever heard of?
00:28:04 Interviewer
Reforms I know.
00:28:05 Interviewer
Yeah, so theoretically and now terra form extension you wanted to do. Could you now write such a plugin what Mr. Form knows and he then reads from Terra Form?
00:28:13 Interviewer
This application data out.
00:28:14 Interviewer
You have to store it in this Tosca for the framework. But whether that now reads out of Terra Form here.
00:28:22 Interviewer
With God from the simple processes that run on the box, you can also if you want to check individual processes, so also goes. Must halt for this system once worst case write. Stop yes.
00:28:34 Interviewer
Whether it's a script or a real Java plugin or something else, it doesn't matter.
00:28:44 Interviewer
You can do anything.
00:28:48 Interviewer
Any other comments?
00:28:55 Interviewer
Just, what's his now?
00:28:57 Interviewee
Thesis or or have you guys.
00:28:59 Interviewer.
That's the one.
00:29:00 Interviewer.
Is a research paper that is done in cooperation with [redacted].