Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series
February 23, 2017

DNS Best Practices

 Jeffrey Smith (Microsoft)

Mark Langston

"One of the interesting things that I’ve seen over time is that many people, usually for performance reasons, will disable logging on their name servers. It is unfortunate because DNS logging is one of the primary ways you would notice somebody doing something untoward with your DNS infrastructure."

"One of the interesting things that I’ve seen over time is that many people, usually for performance reasons, will disable logging on their name servers. It is unfortunate because DNS logging is one of the primary ways you would notice somebody doing something untoward with your DNS infrastructure."

Categories:

January 26, 2017

Three Roles and Three Failure Patterns of Software Architects

 Jeffrey Smith (Microsoft)

John Klein

"Different system lifecycle phases require different skills from a software architect. Rare is the architect who can seamlessly transition through all three phases, and software architects, developers, and program managers must be aware of these limitations moving forward."

"Different system lifecycle phases require different skills from a software architect. Rare is the architect who can seamlessly transition through all three phases, and software architects, developers, and program managers must be aware of these limitations moving forward."

Categories: Software Architecture

January 12, 2017

Security Modeling Tools

 Jeffrey Smith (Microsoft)

Julien Delange

"We started to develop these tools a year ago to see how you can present your vulnerabilities; how you can see how a fault propagates within the architecture."

"We started to develop these tools a year ago to see how you can present your vulnerabilities; how you can see how a fault propagates within the architecture."

Categories: Software Architecture

December 19, 2016

Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks

 Jeffrey Smith (Microsoft)

Rachel Kartch

"Something that people will ask me is, How can I keep somebody from attacking me? The answer is, go off the internet. If you want to prevent somebody from trying to attack you, unplug your website and go home, and do not ever check your email, and do not worry about it...I will not say this is a solved problem, but the good news is that there are a lot of tools available so that people can protect themselves at least from being completely overwhelmed or protect themselves from being completely out of business.  "

"Something that people will ask me is, How can I keep somebody from attacking me? The answer is, go off the internet. If you want to prevent somebody from trying to attack you, unplug your website and go home, and do not ever check your email, and do not worry about it...I will not say this is a solved problem, but the good news is that there are a lot of tools available so that people can protect themselves at least from being completely overwhelmed or protect themselves from being completely out of business.  "
December 08, 2016

Cyber Security Engineering for Software and Systems Assurance

 Jeffrey Smith (Microsoft)

Nancy R. Mead

 Jeffrey Smith (Microsoft)

Carol Woody, PhD

"We have made risk management the driving focus. In essence that is because nobody goes out and just buys security for the sake of security. There has got to be a reason that they need that type of control or structure around the data and what happens with their technology."

"We have made risk management the driving focus. In essence that is because nobody goes out and just buys security for the sake of security. There has got to be a reason that they need that type of control or structure around the data and what happens with their technology."