SEI Blog

SEI Bloghttp://sei.cmu.edu/feeds/latest/Updates on changes and additions to the SEI Blog.en-usWed, 06 May 2026 00:00:00 -0400The ELM Library: An LLM Evaluation Toolsethttps://www.sei.cmu.edu/blog/the-elm-library-an-llm-evaluation-toolset/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesTo help teams meet the need for rigorous evaluation methods, researchers in SEI’s AI Division developed a library built on best practices for LLM evaluation and benchmarking.Violet Turri, Natalie Schieber, Charles Loughin, Tyler BrooksWed, 06 May 2026 00:00:00 -0400https://www.sei.cmu.edu/blog/the-elm-library-an-llm-evaluation-toolset/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesData Poisoning in AI Models: The Case for Chain of Custody Controlshttps://www.sei.cmu.edu/blog/data-poisoning-in-ai-models-the-case-for-chain-of-custody-controls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post explores data poisoning, which occurs when training data is modified to influence the performance of a model, and proposes cryptographic chain of custody as a mitigation.Renae Metcalf, Matt ChurillaMon, 27 Apr 2026 00:00:00 -0400https://www.sei.cmu.edu/blog/data-poisoning-in-ai-models-the-case-for-chain-of-custody-controls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMachine LearningAISIRTUsing Data and Data Analytics to Improve Cyber Resiliencehttps://www.sei.cmu.edu/blog/using-data-and-data-analytics-to-improve-cyber-resilience/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOur post highlights the use of data analytics as a force multiplier for cyber resilience as well as best practices to help organizations gain situational awareness on their current security posture.Patsy BuliscoMon, 20 Apr 2026 00:00:00 -0400https://www.sei.cmu.edu/blog/using-data-and-data-analytics-to-improve-cyber-resilience/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesFrom Reality to Virtual Reality: The Impact of 3DGS on Training, Education, and Beyondhttps://www.sei.cmu.edu/blog/from-reality-to-virtual-reality-the-impact-of-3dgs-on-training-education-and-beyond/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post describes cutting-edge method for creating digital models of the physical world called 3D Gaussian Splatting.Roxxanne White, Matt Walsh, Dominic Ross, Richard LaughlinWed, 25 Mar 2026 00:00:00 -0400https://www.sei.cmu.edu/blog/from-reality-to-virtual-reality-the-impact-of-3dgs-on-training-education-and-beyond/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAssessing the Feasibility and Advisability of a Civilian Cybersecurity Reservehttps://www.sei.cmu.edu/blog/assessing-the-feasibility-and-advisability-of-a-civilian-cybersecurity-reserve/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post highlights recent work by SEI researchers on behalf of the Department of War to assess the feasibility and advisability of a civilian cybersecurity reserve.Marie BakerTue, 10 Mar 2026 00:00:00 -0400https://www.sei.cmu.edu/blog/assessing-the-feasibility-and-advisability-of-a-civilian-cybersecurity-reserve/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Five Pillars of Software Assurance in System Acquisitionhttps://www.sei.cmu.edu/blog/the-five-pillars-of-software-assurance-in-system-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post presents five foundational capabilities to support the acquisition of a system with effective software assurance.Dr. Carol Woody, Christopher Alberts, Michael Bandor, Timothy A. ChickWed, 04 Mar 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/the-five-pillars-of-software-assurance-in-system-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAn Approach to Accelerate Verification and Software Standards Testing with LLMshttps://www.sei.cmu.edu/blog/an-approach-to-accelerate-verification-and-software-standards-testing-with-llms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post highlights the work of SEI researchers who sought to prove that LLMs can be used in unclassified environments to rapidly develop tools that could then be used to accelerate software analysis in classified environments.Ryan Karl, Yash Hindka, Shen Zhang, John RobertMon, 09 Feb 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/an-approach-to-accelerate-verification-and-software-standards-testing-with-llms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesFrom Concept to Practice: How SSVC Has Evolved to Make Adoption Possiblehttps://www.sei.cmu.edu/blog/from-concept-to-practice-how-ssvc-has-evolved-to-make-adoption-possible/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post traces the milestones of the Stakeholder Specific Vulnerability Categorization and invites the community to participate, contribute, and benefit from the continued maturation of SSVC.Renae Metcalf, Allen Householder, Vijay SarvepalliWed, 28 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/from-concept-to-practice-how-ssvc-has-evolved-to-make-adoption-possible/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAn Open Source Tool to Unravel UEFI and its Vulnerabilitieshttps://www.sei.cmu.edu/blog/an-open-source-tool-to-unravel-uefi-and-its-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post introduces CERT UEFI Parser, a new, open source tool that uses program analysis to reveal the architecture of UEFI software, and explore this veiled source of vulnerabilities.Vijay Sarvepalli, Renae Metcalf, Cory CohenThu, 22 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/an-open-source-tool-to-unravel-uefi-and-its-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesUpskilling the Federal Cybersecurity Workforcehttps://www.sei.cmu.edu/blog/upskilling-the-federal-cybersecurity-workforce/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post details how the SEI Cyber Mission Readiness Team, in partnership with CISA, developed a series of Skilling Continuation Labs to provide unique, hands-on, immersive training to upskill the federal cybersecurity workforce.Christopher HerrTue, 20 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/upskilling-the-federal-cybersecurity-workforce/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Top 10 Blog Posts of 2025https://www.sei.cmu.edu/blog/the-top-10-blog-posts-of-2025/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEvery January on the SEI Blog, we present the 10 most-visited posts from the previous year.Thomas LongstaffMon, 12 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/the-top-10-blog-posts-of-2025/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAnalyzing Partially Encrypted Network Flows with Mid-Encryptionhttps://www.sei.cmu.edu/blog/analyzing-partially-encrypted-network-flows-with-mid-encryption/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEncrypted traffic has come to dominate network flows, which makes it difficult for traditional flow monitoring tools to maintain visibility. In this blog post we take a closer look at a new feature added to CERT’s Yet Another Flowmeter tool (YAF) to capture the attributes of encryption when it occurs after the start of the session. We call this mid-encryption.Steven Ibarra, Mark ThomasMon, 15 Dec 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/analyzing-partially-encrypted-network-flows-with-mid-encryption/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesTailoring 9 Zero Trust and Security Principles to Weapon Systemshttps://www.sei.cmu.edu/blog/tailoring-9-zero-trust-and-security-principles-to-weapon-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOur latest post outlines how 9 zero trust and security principles might apply to weapon systems.Christopher Alberts, Timothy Morrow, Rhonda Brown, Charles WallenTue, 09 Dec 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/tailoring-9-zero-trust-and-security-principles-to-weapon-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAI-Powered Memory Safety with the Pointer Ownership Modelhttps://www.sei.cmu.edu/blog/ai-powered-memory-safety-with-the-pointer-ownership-model/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post highlights work to automate C Code Security with AI-Powered memory safety.David Svoboda, Lori FlynnWed, 03 Dec 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/ai-powered-memory-safety-with-the-pointer-ownership-model/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesHow to Align Security Requirements and Controls to Express System Threatshttps://www.sei.cmu.edu/blog/how-to-align-security-requirements-and-controls-to-express-system-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post presents a method that combines information about security requirements, controls, and capabilities with analysis regarding cyber threats to enable more effective risk-guided system planning.Elias Miller, Matthew SiskFri, 21 Nov 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/how-to-align-security-requirements-and-controls-to-express-system-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesFrom Hype to Adoption: Guiding Organizations in Their AI Journeyhttps://www.sei.cmu.edu/blog/from-hype-to-adoption-guiding-organizations-in-their-ai-journey/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAfter a flurry of initial investments in artificial intelligence, including generative and agentic AI, many organizations are facing mixed results. The SEI is examining how organizations adopt AI and what methods they can use to measure and improve their adoption for long-term success.Ipek Ozkaya, Anita Carleton, Erin Harper, Natalie Schieber, Robert EdmanMon, 10 Nov 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/from-hype-to-adoption-guiding-organizations-in-their-ai-journey/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesA Model-Based Approach for Software Acquisitionhttps://www.sei.cmu.edu/blog/a-model-based-approach-for-software-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Department of War (DoW) is undergoing a significant transformation in how it acquires and develops software systems. Central to this evolution is the shift from traditional document-based processes to model-centric methodologies.Colin Dempsey, Jerome HuguesMon, 03 Nov 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/a-model-based-approach-for-software-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesModeling Services with Model-Based Systems Engineering (MBSE)https://www.sei.cmu.edu/blog/modeling-services-with-model-based-systems-engineering-mbse/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post explores an approach to designing services using model-based systems engineering (MBSE) with OMG’s Unified Architecture Framework (UAF).Nataliya Shevchenko, Grigoriy ShevchenkoTue, 28 Oct 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/modeling-services-with-model-based-systems-engineering-mbse/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRadio-Frequency Attacks: Securing the OSI Stackhttps://www.sei.cmu.edu/blog/radio-frequency-attacks-securing-the-osi-stack/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post reviews common radio frequency attacks and investigates how software and cybersecurity play key roles in these exploitations.Joseph McIlvennyMon, 20 Oct 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/radio-frequency-attacks-securing-the-osi-stack/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWhat’s New in SSVC: Build, Explore, and Evolve Your Decision Modelshttps://www.sei.cmu.edu/blog/whats-new-in-ssvc-build-explore-and-evolve-your-decision-models/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRecent updates to the Stakeholder-Specific Vulnerability Categorization (SSVC) framework help different stakeholders to prioritize vulnerabilities according to their distinct risk appetites.Bon Jin Koo, Renae Metcalf, Vijay Sarvepalli, Allen HouseholderMon, 13 Oct 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/whats-new-in-ssvc-build-explore-and-evolve-your-decision-models/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates