Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series
November 10, 2016

Improving Cybersecurity Through Cyber Intelligence

 Jeffrey Smith (Microsoft)

Jared Ettinger

"Basically cyber intelligence is more like a subset of cybersecurity. It is going to be a forced multiplier to your overall cybersecurity picture or platform for your organization."

"Basically cyber intelligence is more like a subset of cybersecurity. It is going to be a forced multiplier to your overall cybersecurity picture or platform for your organization."
October 27, 2016

A Requirement Specification Language for AADL

 Jeffrey Smith (Microsoft)

Peter H. Feiler

"The problem space that we are dealing with is embedded software systems, especially safety critical. What we are encountering is that things go wrong, and we do not detect that until these systems are in operation. This is due to missing and incomplete requirements and mismatched assumptions in component interactions."

"The problem space that we are dealing with is embedded software systems, especially safety critical. What we are encountering is that things go wrong, and we do not detect that until these systems are in operation. This is due to missing and incomplete requirements and mismatched assumptions in component interactions."

Categories: Software Architecture

October 13, 2016

Predicting Quality Assurance with Software Metrics and Security Methods

 Jeffrey Smith (Microsoft)

Carol Woody, PhD

"Through our research we were able to identify a connection between security vulnerabilities and quality defects."

"Through our research we were able to identify a connection between security vulnerabilities and quality defects."
September 29, 2016

Network Flow and Beyond

 Jeffrey Smith (Microsoft)

Timothy J. Shimeall

"The interesting question is are there departures from the diurnal curve? Is there a sudden interruption? Is there a particularly high spike? Now, I can turn to other data sources to help me drill down and understand that. Can I look at my firewall records and see whether or not there was some interruption in terms of blocked traffic or network connection problems with respect to that? Can I look at my web server logs and see whether or not there was a big spike of activity for whatever reason?"

"The interesting question is are there departures from the diurnal curve? Is there a sudden interruption? Is there a particularly high spike? Now, I can turn to other data sources to help me drill down and understand that. Can I look at my firewall records and see whether or not there was some interruption in terms of blocked traffic or network connection problems with respect to that? Can I look at my web server logs and see whether or not there was a big spike of activity for whatever reason?"
September 15, 2016

A Community College Curriculum for Secure Software Development

 Jeffrey Smith (Microsoft)

Girish Seshagiri

"This initiative will succeed if it is employer driven. These are the people that have the jobs. Those are the people that you need to have on board to actually pay the apprentice an apprentice wage, so we do not have the student debt and all of that.  "

"This initiative will succeed if it is employer driven. These are the people that have the jobs. Those are the people that you need to have on board to actually pay the apprentice an apprentice wage, so we do not have the student debt and all of that.  "