http://sei.cmu.edu/feeds/topic/cybersecurity-engineering/atom/?utm_source=blog&utm_medium=rss2025-11-21T00:00:00-05:00Updates on changes and additions to the SEI Blog for posts matching Cybersecurity Engineering2025-11-21T00:00:00-05:002025-11-21T00:00:00-05:00Elias Miller, Matthew Siskhttps://www.sei.cmu.edu/blog/how-to-align-security-requirements-and-controls-to-express-system-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post presents a method that combines information about security requirements, controls, and capabilities with analysis regarding cyber threats to enable more effective risk-guided system planning.

2025-10-06T00:00:00-04:002025-10-06T00:00:00-04:00Timothy Shimeallhttps://www.sei.cmu.edu/blog/enhancing-security-with-cloud-flow-logs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

The SEI has a history of support for flow log analysis, including its 2025 releases (for Azure or AWS) of open-source scripts to facilitate cloud flow log analysis. This blog explores challenges with correlating events across multiple CSPs.

2025-05-15T00:00:00-04:002025-05-15T00:00:00-04:00Alex Veseyhttps://www.sei.cmu.edu/blog/stop-imagining-threats-start-mitigating-them-a-practical-guide-to-threat-modeling/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

When building a software-intensive system, a key part in creating a secure and robust solution is to develop a cyber threat model.

2025-02-10T00:00:00-05:002025-02-10T00:00:00-05:00Jeffrey Mellon, Clarence Worrellhttps://www.sei.cmu.edu/blog/cyber-informed-machine-learning/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post proposes cyber-informed machine learning as a conceptual framework for emphasizing three types of explainability when ML is used for cybersecurity.

2025-01-21T00:00:00-05:002025-01-21T00:00:00-05:00Gregory Touhillhttps://www.sei.cmu.edu/blog/13-cybersecurity-predictions-for-2025/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

It’s that time of year when we reflect on the past year and eagerly look forward. This post presents 13 cyber predictions for 2025.

2024-11-11T00:00:00-05:002024-11-11T00:00:00-05:00Maxwell Trdina, Sasank Vishnubhatlahttps://www.sei.cmu.edu/blog/an-introduction-to-hardening-docker-images/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Through our work, we have seen stakeholders encountering difficulty with hardening open source container images for vulnerability mitigation.

2024-10-28T00:00:00-04:002024-10-28T00:00:00-04:00Matt Walshhttps://www.sei.cmu.edu/blog/a-framework-for-detection-in-an-era-of-rising-deepfakes/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post details the evolving deepfake landscape and introduces a framework for detection.

2024-10-07T00:00:00-04:002024-10-07T00:00:00-04:00William Klieber, Lori Flynnhttps://www.sei.cmu.edu/blog/evaluating-static-analysis-alerts-with-llms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

LLMs show promising initial results in adjudicating static analysis alerts, offering possibilities for better vulnerability detection. This post discusses initial experiments using GPT-4 to evaluate static analysis alerts.

2024-07-15T00:00:00-04:002024-07-15T00:00:00-04:00McKinley Sconiers-Hasanhttps://www.sei.cmu.edu/blog/3-api-security-risks-and-recommendations-for-mitigation/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post presents three top API security risks along with recommendations for mitigating them.

2024-06-10T00:00:00-04:002024-06-10T00:00:00-04:00David Svobodahttps://www.sei.cmu.edu/blog/redemption-a-prototype-for-automated-repair-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post introduces Redemption, an open source tool that uses automated code repair technology to repair static analysis alerts in C/C++ source code.

2024-05-29T00:00:00-04:002024-05-29T00:00:00-04:00Alex Veseyhttps://www.sei.cmu.edu/blog/versioning-with-git-tags-and-conventional-commits/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post explores extending the conventional commit paradigm to enable automatic semantic versioning with git tags to streamline the development and deployment of software.

2024-03-18T00:00:00-04:002024-03-18T00:00:00-04:00Alex Veseyhttps://www.sei.cmu.edu/blog/api-security-through-contract-driven-programming/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post explores contract programming and specifically how that applies to the building, maintenance, and security of APIs.

2023-11-20T00:00:00-05:002023-11-20T00:00:00-05:00Jeffrey Mellon, Clarence Worrellhttps://www.sei.cmu.edu/blog/explainability-in-cybersecurity-data-science/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post provides an overview of explainability in machine learning and includes illustrations of model-to-human and human-to-model explainability.

2023-10-09T00:00:00-04:002023-10-09T00:00:00-04:00Gregory Touhillhttps://www.sei.cmu.edu/blog/secure-by-design-at-cert/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

The national cybersecurity strategy calls on tech providers to ensure that all their products are secure by design and secure by default. This post highlights the SEI CERT Division's continued and longstanding efforts to ensure security by design in fielded software.

2023-09-05T00:00:00-04:002023-09-05T00:00:00-04:00Dr. Carol Woody, Robert Schielahttps://www.sei.cmu.edu/blog/3-activities-for-making-software-secure-by-design/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Understanding key principles, roadblocks, and accelerators can shift the secure software development paradigm.

2023-07-24T00:00:00-04:002023-07-24T00:00:00-04:00Phil Grocehttps://www.sei.cmu.edu/blog/Using-Game-Theory-to-Advance-Cyber-Threat-Hunting/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This SEI Blog post describes an effort to apply game theory to the development of algorithms suitable for informing a fully autonomous threat hunting capability and introduces the concept of chain games, a set of games in which threat hunting strategies can be evaluated and refined.

2023-04-24T00:00:00-04:002023-04-24T00:00:00-04:00Matthew Nicolai, Trista Polaski, Timothy Morrowhttps://www.sei.cmu.edu/blog/8-areas-of-future-research-in-zero-trust/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

The National Cybersecurity Strategy was released on March 1st, 2023 to improve federal cybersecurity through the implementation of a zero trust architecture.

2023-04-03T00:00:00-04:002023-04-03T00:00:00-04:00Timothy Shimeallhttps://www.sei.cmu.edu/blog/security-analytics-using-silk-and-mothra-to-identify-data-exfiltration-via-the-domain-name-service/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post explores how the DNS protocol can be abused to exfiltrate data by adding bytes of data onto DNS queries.

2023-03-13T00:00:00-04:002023-03-13T00:00:00-04:00Rhonda Brown, Alexander Petrillihttps://www.sei.cmu.edu/blog/the-benefits-of-cyber-assessment-training/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post discusses how cybersecurity assessments can help critical infrastructure organizations improve their cybersecurity with help from free assessment tools developed by the SEI and offered by the U.S. government.

2023-03-06T00:00:00-05:002023-03-06T00:00:00-05:00Matthew Nicolai, Nathaniel Richmond, Timothy Morrowhttps://www.sei.cmu.edu/blog/5-best-practices-from-industry-for-implementing-a-zero-trust-architecture/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post presents 5 best practices from industry on implementing a zero trust architecture and discusses why they are significant.