Evaluation of Methods for Managing Secrets for Kubernetes on Microsoft Azure
This report provides guidance to help organizations' evaluation solutions to manage secrets when using Kubernetes on Microsoft Azure.
News
Digital Library
The SEI publishes extensively to connect with and deliver our most recent advancements in software engineering, cyber, artificial intelligence, and acquisition transformation to the software community. We publish our research in elite journals, and we also produce technical reports, white papers, webcasts, and much more—all of which we make available in our digital library. We’ve collected thousands of publications over decades of research that you can download today.
Search the digital library
Technical Papers
Managing Architectural Risk During Agile Development
This report presents Agile Architecture Risk Management and Continuous Risk Management to identify S/W development risks before production and project failure.
Instantiating the Error Model Version 2 (EMV2) Annex
The Error Model Annex, Version 2 (EMV2), notation for architecture fault modeling supports safety, reliability, and security analyses as part of the OSATE toolset.
Applying Causal Learning to Evaluate Large Language Models (LLMs)
This report describes how the SEI applied causal discovery to LLM summarization, exemplifying a way to address bias when evaluating complex new technology.
Independent Assessment of Civilian Cybersecurity Reserve for Department of Defense
This study assesses the feasibility of creating a civilian cybersecurity reserve to provide qualified staffing to address workforce shortages in the DoD.
A Preliminary Report on a Model for Maturing AI Adoption: From Hype to Achieving Repeatable, Predictable Outcomes
Introduces concepts of a model for AI adoption, guiding organizational leaders on overcoming the challenges that arise as they try to realize the promise of AI.
Blog Posts
This post explores data poisoning, which occurs when training data is modified to influence the performance of a model, and proposes cryptographic chain of custody …
Our post highlights the use of data analytics as a force multiplier for cyber resilience as well as best practices to help organizations gain situational …
This blog post describes cutting-edge method for creating digital models of the physical world called 3D Gaussian Splatting.
This post highlights recent work by SEI researchers on behalf of the Department of War to assess the feasibility and advisability of a civilian cybersecurity …
Podcasts
This podcast explores CERT UEFI Parser, a new, open source tool that uses program analysis to reveal the architecture of UEFI software, and explore this …
Paul Nielsen, the SEI's director and chief executive officer, discusses his legacy, the impact of mentors, and the importance of encouraging scientists and engineers to …
Marie Baker, Chris May, and Mike Winter discuss findings from a Pentagon-commissioned study assessing the feasibility of a civilian cybersecurity reserve.
Our latest podcast highlights an AI Adoption Maturity Model that organizations can use to create a roadmap for predictable AI adoption and realization of AI …
Webcasts
Upcoming
Upcoming Webcast
・
Software Acquisition Go Bag: Pack Light, Measure Right
Latest webcasts
In this webcast, SEI researchers explain how System Theoretic Process Analysis helps organizations build stronger assurances about the safety and security of complex systems, including …
In this webcast, Justin Novak and Christopher Ian Rodman discuss how AI can be leveraged to build out and enable your security operations center (SOC) …
In this webcast, Brigid O’Hearn, Christina Rhylander, and Julie Cohen provide you with the practical insight you need to develop a Capability Needs Statement (CNS) …
In this webcast, Dr. Carol Woody and Michael Bandor discuss key software assurance activities that must be embedded within the acquisition lifecycle to be effective.
Vulnerability Notes
The SEI builds relationships with software vendors and other organizations to coordinate prompt responses to possible risks or threats that arise from software vulnerabilities. Over the years, we have built an extensive vendor network, and we work as a trusted broker to identify, disclose, and mitigate vulnerabilities. As part of this effort, we publish vulnerability notes to keep the community informed and to enable effective and swift mitigation.