Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series
September 07, 2017

Verifying Software Assurance with IBM’s Watson

 Jeffrey Smith (Microsoft)

Mark Sherman

"The thought was that Watson could read all of these documents on behalf of a program manager or some other interested party. Then you can start asking questions of Watson, Is this a true thing about the system that I am looking at?"

"The thought was that Watson could read all of these documents on behalf of a program manager or some other interested party. Then you can start asking questions of Watson, Is this a true thing about the system that I am looking at?"

Categories:

August 31, 2017

The CERT Software Assurance Framework

 Jeffrey Smith (Microsoft)

Carol Woody, PhD

 Jeffrey Smith (Microsoft)

Christopher J. Alberts

"The key areas relative to addressing cybersecurity have not been well recognized by high-maturity organizations. One of the areas that we have been looking at is, How do we articulate what needs to be added to all of these excellent engineering practices to bring them up to the level we need for cybersecurity?"

"The key areas relative to addressing cybersecurity have not been well recognized by high-maturity organizations. One of the areas that we have been looking at is, How do we articulate what needs to be added to all of these excellent engineering practices to bring them up to the level we need for cybersecurity?"

Categories:

August 03, 2017

Scaling Agile Methods

 Jeffrey Smith (Microsoft)

Eileen Wrubel

 Jeffrey Smith (Microsoft)

Will Hayes

"One of the interesting things about Agile is you are planning to fail. You are planning to fail in small pieces so that you can learn from that to go forward."

"One of the interesting things about Agile is you are planning to fail. You are planning to fail in small pieces so that you can learn from that to go forward."

Categories:

July 14, 2017

Ransomware: Best Practices for Prevention and Response

 Jeffrey Smith (Microsoft)

Alexander Volynkin

 Jeffrey Smith (Microsoft)

Angela Horneman

"Newer versions of ransomware seem to be targeting not just your storage of data on your documents, folders, and things like this, but also go after backups, data-baseed backups, and so on, either on the personal computers or on the network storage and other storage devices. It is important to have this, what we call, air gap between the network that is currently running and the database backup that needs to exist elsewhere."

"Newer versions of ransomware seem to be targeting not just your storage of data on your documents, folders, and things like this, but also go after backups, data-baseed backups, and so on, either on the personal computers or on the network storage and other storage devices. It is important to have this, what we call, air gap between the network that is currently running and the database backup that needs to exist elsewhere."

Categories:

June 29, 2017

Integrating Security in DevOps

 Jeffrey Smith (Microsoft)

Hasan Yasar

"There are many steps in the lifecycle that can be checked. But security operational folks, as I said at the beginning, do more at the end, which is too late because then it is costing so much time in terms of fixing any known vulnerabilities, or fixing anything that has been discovered late, because it’s going to go back to the sprint plan, depending on what type of application development method they were using."

"There are many steps in the lifecycle that can be checked. But security operational folks, as I said at the beginning, do more at the end, which is too late because then it is costing so much time in terms of fixing any known vulnerabilities, or fixing anything that has been discovered late, because it’s going to go back to the sprint plan, depending on what type of application development method they were using."