http://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Software and Information Assuranceen-usWed, 20 Apr 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/six-dimensions-of-trust-in-autonomous-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.Paul NielsenWed, 20 Apr 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/six-dimensions-of-trust-in-autonomous-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSoftware AssuranceVulnerability DiscoveryDevopsArtificial Intelligence EngineeringMachine LearningCybersecurityAutonomy and Counter-AutonomySoftware and Information AssuranceHuman-Machine InteractionsArtificial IntelligenceDigital EngineeringCyber-Physical Systemshttps://www.sei.cmu.edu/blog/comments-on-nist-ir-8269-a-taxonomy-and-terminology-of-adversarial-machine-learning/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML)....Jonathan SpringThu, 13 Feb 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/comments-on-nist-ir-8269-a-taxonomy-and-terminology-of-adversarial-machine-learning/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesCERT/CCAutonomy and Counter-AutonomySoftware and Information AssuranceSystem Verification and ValidationMission Assurancehttps://www.sei.cmu.edu/blog/data-driven-management-of-technical-debt/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn about the SEI's work on technical debt analysis techniques and practices to help software engineers manage its impact on projects in this SEI Blog post.Ipek Ozkaya, Robert NordMon, 16 Dec 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/data-driven-management-of-technical-debt/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware AssuranceSoftware SustainmentMachine LearningSoftware and Information AssuranceStatic Analysis Classification and PrioritizationArtificial IntelligenceSoftware ArchitectureTechnical DebtSoftware Qualityhttps://www.sei.cmu.edu/blog/prioritizing-vulnerability-response-with-a-stakeholder-specific-vulnerability-categorization/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWe've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....Allen HouseholderThu, 05 Dec 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/prioritizing-vulnerability-response-with-a-stakeholder-specific-vulnerability-categorization/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability MitigationCERT/CCSoftware and Information Assurancehttps://www.sei.cmu.edu/blog/machine-learning-cybersecurity-2019/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOur technical report provides an overview of the relevant parts of an ML lifecycle--selecting the right problem, the right data, and the right math and summarizing the model output for consumption--as well as questions that relate to those areas of focus.Jonathan SpringMon, 02 Dec 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/machine-learning-cybersecurity-2019/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceMachine LearningCyber Missionshttps://www.sei.cmu.edu/blog/cybersecurity-governance-part-1-5-fundamental-challenges/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMost organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems....Seth Swinton, Stephanie HedgesThu, 25 Jul 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/cybersecurity-governance-part-1-5-fundamental-challenges/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceMission AssuranceInsider Threathttps://www.sei.cmu.edu/blog/selecting-measurement-data-for-software-assurance-practices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMeasuring the software assurance of a product as it is developed and delivered to function in a specific system context involves assembling carefully chosen metrics....Dr. Carol WoodyMon, 08 Jul 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/selecting-measurement-data-for-software-assurance-practices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceMeasurement and Analysishttps://www.sei.cmu.edu/blog/comments-on-voluntary-voting-system-guidelines-20-principles-and-guidelines/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....Allen Householder, Deana Shick, Jonathan Spring, Art ManionFri, 14 Jun 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/comments-on-voluntary-voting-system-guidelines-20-principles-and-guidelines/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesCERT/CCSoftware and Information AssuranceBest Practiceshttps://www.sei.cmu.edu/blog/operation-cloud-hopper-case-study/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn December, a grand jury indicted members of the APT10 group for a tactical campaign known as Operation Cloud Hopper, a global series of sustained attacks against managed service providers and, subsequently, their clients....Nathaniel RichmondMon, 04 Mar 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/operation-cloud-hopper-case-study/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCloud ComputingSoftware and Information Assurancehttps://www.sei.cmu.edu/blog/deep-learning-agile-devops-and-cloud-security-the-top-10-blog-posts-of-2018/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEvery January on the SEI Blog, we present the 10 most-visited posts of the previous year. This year's top 10, which features posts published between January 1, 2018, and December 31, 2018....Douglas SchmidtMon, 07 Jan 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/deep-learning-agile-devops-and-cloud-security-the-top-10-blog-posts-of-2018/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAutonomy and Counter-AutonomyCloud ComputingData Modeling and AnalyticsMission AssuranceSoftware and Information Assurancehttps://www.sei.cmu.edu/blog/deploying-the-cert-microcosm-devsecops-pipeline-using-docker-compose-and-kubernetes/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAccording to DevSecOps: Early, Everywhere, at Scale, a survey published by Sonatype, "Mature DevOps organizations are able to perform automated security analysis on each phase more often than non-DevOps organizations." ....Shane FicorilliTue, 11 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/deploying-the-cert-microcosm-devsecops-pipeline-using-docker-compose-and-kubernetes/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDevopsSoftware and Information AssuranceContinuous Deployment of Capabilityhttps://www.sei.cmu.edu/blog/rapid-software-composition-by-assessing-untrusted-components/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesToday, organizations build applications on top of existing platforms, frameworks, components, and tools; no one constructs software from scratch....Rick KazmanMon, 26 Nov 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/rapid-software-composition-by-assessing-untrusted-components/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceSoftware ArchitectureSystem Verification and Validationhttps://www.sei.cmu.edu/blog/an-analyst-focused-approach-to-network-traffic-analysis/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEarlier this year, a team of researchers from the SEI CERT Division's Network Situational Awareness Team (CERT NetSA) released an update (3.17.0) to the System for....Geoff SandersMon, 12 Nov 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/an-analyst-focused-approach-to-network-traffic-analysis/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceNetwork Traffic Analysis https://www.sei.cmu.edu/blog/improving-cybersecurity-governance-via-csf-activity-clusters/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post presents SEI's work making Cybersecurity Framework (CSF) more accessible and provides example scenarios for effective cybersecurity decision-making.Daniel KambicThu, 23 Aug 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/improving-cybersecurity-governance-via-csf-activity-clusters/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceMission AssuranceInsider Threathttps://www.sei.cmu.edu/blog/decision-making-factors-for-selecting-application-security-testing-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn the first post in this series, I presented 10 types of application security testing (AST) tools and discussed when and how to use them....Tom ScanlonMon, 20 Aug 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/decision-making-factors-for-selecting-application-security-testing-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber MissionsCybersecuritySecure CodingSecurity-Related RequirementsSoftware and Information AssuranceTestingVulnerability AnalysisSecure Developmenthttps://www.sei.cmu.edu/blog/10-types-of-application-security-testing-tools-when-and-how-to-use-them/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post categorizes different types of application security testing tools and provides guidance on how and when to use each class of tool.Tom ScanlonMon, 09 Jul 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/10-types-of-application-security-testing-tools-when-and-how-to-use-them/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesTestingCybersecurityCERT/CCSoftware and Information AssuranceCyber Missionshttps://www.sei.cmu.edu/blog/deep-learning-cyber-intelligence-managing-privacy-and-security-and-network-traffic-analysis-the-latest-work-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAs part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in deep learning, cyber intelligence, interruption costs....Douglas SchmidtMon, 02 Jul 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/deep-learning-cyber-intelligence-managing-privacy-and-security-and-network-traffic-analysis-the-latest-work-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceMission Assurancehttps://www.sei.cmu.edu/blog/infrastructure-as-code-moving-beyond-devops-and-agile/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCiting the need to provide a technical advantage to the warfighter, the Department of Defense (DoD) has recently made the adoption of cloud computing technologies a priority....John KleinMon, 11 Jun 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/infrastructure-as-code-moving-beyond-devops-and-agile/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDevopsCloud ComputingSoftware and Information AssuranceSystem Verification and ValidationAgilehttps://www.sei.cmu.edu/blog/building-resilient-systems-with-cybersecurity-controls-management/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe CERT Division of the SEI has evaluated the cyber resilience of hundreds of organizations. We've seen that many organizations may not have formally established a controls management program....Matthew TrevorsThu, 24 May 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/building-resilient-systems-with-cybersecurity-controls-management/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceInsider ThreatCybersecurity Controlshttps://www.sei.cmu.edu/blog/analysis-system-architecture-virtual-integration-nets-significant-savings/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe size of aerospace software, as measured in source lines of code (SLOC), has grown rapidly. Airbus and Boeing data show that SLOC have doubled every four years....Peter FeilerMon, 07 May 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/analysis-system-architecture-virtual-integration-nets-significant-savings/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesArchitecture Analysis and Design Language (AADL)Software and Information AssuranceSoftware Architecture