http://sei.cmu.edu/feeds/latest/Updates on changes and additions to the SEI Blog.en-usWed, 04 Mar 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/the-five-pillars-of-software-assurance-in-system-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post presents five foundational capabilities to support the acquisition of a system with effective software assurance.Dr. Carol Woody, Christopher Alberts, Michael Bandor, Timothy A. ChickWed, 04 Mar 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/the-five-pillars-of-software-assurance-in-system-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/an-approach-to-accelerate-verification-and-software-standards-testing-with-llms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post highlights the work of SEI researchers who sought to prove that LLMs can be used in unclassified environments to rapidly develop tools that could then be used to accelerate software analysis in classified environments.Ryan Karl, Yash Hindka, Shen Zhang, John RobertMon, 09 Feb 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/an-approach-to-accelerate-verification-and-software-standards-testing-with-llms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/from-concept-to-practice-how-ssvc-has-evolved-to-make-adoption-possible/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post traces the milestones of the Stakeholder Specific Vulnerability Categorization and invites the community to participate, contribute, and benefit from the continued maturation of SSVC.Renae Metcalf, Allen Householder, Vijay SarvepalliWed, 28 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/from-concept-to-practice-how-ssvc-has-evolved-to-make-adoption-possible/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/an-open-source-tool-to-unravel-uefi-and-its-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post introduces CERT UEFI Parser, a new, open source tool that uses program analysis to reveal the architecture of UEFI software, and explore this veiled source of vulnerabilities.Vijay Sarvepalli, Renae Metcalf, Cory CohenThu, 22 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/an-open-source-tool-to-unravel-uefi-and-its-vulnerabilities/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/upskilling-the-federal-cybersecurity-workforce/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post details how the SEI Cyber Mission Readiness Team, in partnership with CISA, developed a series of Skilling Continuation Labs to provide unique, hands-on, immersive training to upskill the federal cybersecurity workforce.Christopher HerrTue, 20 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/upskilling-the-federal-cybersecurity-workforce/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/the-top-10-blog-posts-of-2025/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEvery January on the SEI Blog, we present the 10 most-visited posts from the previous year.Thomas LongstaffMon, 12 Jan 2026 00:00:00 -0500https://www.sei.cmu.edu/blog/the-top-10-blog-posts-of-2025/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/analyzing-partially-encrypted-network-flows-with-mid-encryption/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEncrypted traffic has come to dominate network flows, which makes it difficult for traditional flow monitoring tools to maintain visibility. In this blog post we take a closer look at a new feature added to CERT’s Yet Another Flowmeter tool (YAF) to capture the attributes of encryption when it occurs after the start of the session. We call this mid-encryption.Steven Ibarra, Mark ThomasMon, 15 Dec 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/analyzing-partially-encrypted-network-flows-with-mid-encryption/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/tailoring-9-zero-trust-and-security-principles-to-weapon-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOur latest post outlines how 9 zero trust and security principles might apply to weapon systems.Christopher Alberts, Timothy Morrow, Rhonda Brown, Charles WallenTue, 09 Dec 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/tailoring-9-zero-trust-and-security-principles-to-weapon-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/ai-powered-memory-safety-with-the-pointer-ownership-model/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post highlights work to automate C Code Security with AI-Powered memory safety.David Svoboda, Lori FlynnWed, 03 Dec 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/ai-powered-memory-safety-with-the-pointer-ownership-model/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/how-to-align-security-requirements-and-controls-to-express-system-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post presents a method that combines information about security requirements, controls, and capabilities with analysis regarding cyber threats to enable more effective risk-guided system planning.Elias Miller, Matthew SiskFri, 21 Nov 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/how-to-align-security-requirements-and-controls-to-express-system-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/from-hype-to-adoption-guiding-organizations-in-their-ai-journey/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAfter a flurry of initial investments in artificial intelligence, including generative and agentic AI, many organizations are facing mixed results. The SEI is examining how organizations adopt AI and what methods they can use to measure and improve their adoption for long-term success.Ipek Ozkaya, Anita Carleton, Erin Harper, Natalie Schieber, Robert EdmanMon, 10 Nov 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/from-hype-to-adoption-guiding-organizations-in-their-ai-journey/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/a-model-based-approach-for-software-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Department of War (DoW) is undergoing a significant transformation in how it acquires and develops software systems. Central to this evolution is the shift from traditional document-based processes to model-centric methodologies.Colin Dempsey, Jerome HuguesMon, 03 Nov 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/a-model-based-approach-for-software-acquisition/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/modeling-services-with-model-based-systems-engineering-mbse/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post explores an approach to designing services using model-based systems engineering (MBSE) with OMG’s Unified Architecture Framework (UAF).Nataliya Shevchenko, Grigoriy ShevchenkoTue, 28 Oct 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/modeling-services-with-model-based-systems-engineering-mbse/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/radio-frequency-attacks-securing-the-osi-stack/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post reviews common radio frequency attacks and investigates how software and cybersecurity play key roles in these exploitations.Joseph McIlvennyMon, 20 Oct 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/radio-frequency-attacks-securing-the-osi-stack/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/whats-new-in-ssvc-build-explore-and-evolve-your-decision-models/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRecent updates to the Stakeholder-Specific Vulnerability Categorization (SSVC) framework help different stakeholders to prioritize vulnerabilities according to their distinct risk appetites.Bon Jin Koo, Renae Metcalf, Vijay Sarvepalli, Allen HouseholderMon, 13 Oct 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/whats-new-in-ssvc-build-explore-and-evolve-your-decision-models/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/enhancing-security-with-cloud-flow-logs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe SEI has a history of support for flow log analysis, including its 2025 releases (for Azure or AWS) of open-source scripts to facilitate cloud flow log analysis. This blog explores challenges with correlating events across multiple CSPs.Timothy ShimeallMon, 06 Oct 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/enhancing-security-with-cloud-flow-logs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/five-essential-questions-for-implementing-the-software-acquisition-pathway/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post outlines 5 essential questions to ask before implementing the Software Acquisition Pathway (SWP) and an SEI toolset to assist in the effort.Eileen Wrubel, Rita Creel, Brigid O'HearnTue, 23 Sep 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/five-essential-questions-for-implementing-the-software-acquisition-pathway/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware Engineering Research and Developmenthttps://www.sei.cmu.edu/blog/a-call-to-action-building-a-foundation-for-model-based-systems-engineering-in-digital-engineering/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe SEI brought together stakeholders who have been engaging and actively innovating in the dynamic environment of digital engineering. This blog post highlights calls to action for future work in MBSE and digital engineering from practitioners in the field.Peter Capell, William Hayes, Jerome Hugues, Nataliya ShevchenkoMon, 15 Sep 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/a-call-to-action-building-a-foundation-for-model-based-systems-engineering-in-digital-engineering/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/my-ai-system-worksbut-is-it-safe-to-use/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post introduce System Theoretic Process Analysis (STPA), a hazard analysis technique uniquely suitable for dealing with the complexity of AI systems.David Schulker, Matt Walsh, Emil MathewTue, 09 Sep 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/my-ai-system-worksbut-is-it-safe-to-use/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/7-recommendations-to-improve-sbom-quality/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThere is growing interest in using SBOMs to support software supply chain risk management. This post recommends seven ways to improve SBOM accuracy.David Tobar, Jessie Jamieson, Mark Priest, Jason FrickeMon, 25 Aug 2025 00:00:00 -0400https://www.sei.cmu.edu/blog/7-recommendations-to-improve-sbom-quality/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates