Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
SEI Podcast Series
December 08, 2016

Cyber Security Engineering for Software and Systems Assurance

 Jeffrey Smith (Microsoft)

Nancy R. Mead

 Jeffrey Smith (Microsoft)

Carol Woody, PhD

"We have made risk management the driving focus. In essence that is because nobody goes out and just buys security for the sake of security. There has got to be a reason that they need that type of control or structure around the data and what happens with their technology."

"We have made risk management the driving focus. In essence that is because nobody goes out and just buys security for the sake of security. There has got to be a reason that they need that type of control or structure around the data and what happens with their technology."
November 30, 2016

Moving Target Defense

 Jeffrey Smith (Microsoft)

Andrew O. Mellinger

"Imagine a brick wall, a strong door, a gate or something like that. All those defenses, what they evoke is this kind of big monolithic, static set of walls, OK? Within enterprise networks, what we find is that that gives a lot of opportunity to our attackers to understand what we do."

"Imagine a brick wall, a strong door, a gate or something like that. All those defenses, what they evoke is this kind of big monolithic, static set of walls, OK? Within enterprise networks, what we find is that that gives a lot of opportunity to our attackers to understand what we do."
November 10, 2016

Improving Cybersecurity Through Cyber Intelligence

 Jeffrey Smith (Microsoft)

Jared Ettinger

"Basically cyber intelligence is more like a subset of cybersecurity. It is going to be a forced multiplier to your overall cybersecurity picture or platform for your organization."

"Basically cyber intelligence is more like a subset of cybersecurity. It is going to be a forced multiplier to your overall cybersecurity picture or platform for your organization."
October 27, 2016

A Requirement Specification Language for AADL

 Jeffrey Smith (Microsoft)

Peter H. Feiler

"The problem space that we are dealing with is embedded software systems, especially safety critical. What we are encountering is that things go wrong, and we do not detect that until these systems are in operation. This is due to missing and incomplete requirements and mismatched assumptions in component interactions."

"The problem space that we are dealing with is embedded software systems, especially safety critical. What we are encountering is that things go wrong, and we do not detect that until these systems are in operation. This is due to missing and incomplete requirements and mismatched assumptions in component interactions."

Categories: Software Architecture

October 13, 2016

Predicting Quality Assurance with Software Metrics and Security Methods

 Jeffrey Smith (Microsoft)

Carol Woody, PhD

"Through our research we were able to identify a connection between security vulnerabilities and quality defects."

"Through our research we were able to identify a connection between security vulnerabilities and quality defects."