SEI Insights

Recent Posts

By Will Klieber CERT Secure Coding Team This blog post is co-authored by Will Snavely. Finding violations of secure coding guidelines in source code is daunting, but fixing them is an even greater challenge. We are creating automated tools for source code transformation. Experience in examining software bugs reveals that many security-relevant bugs follow common patterns (which can be automatically detected) and that there are corresponding patterns for repair (which can be performed by automatic...

Many system and software developers and testers, especially those who have primarily worked in business information systems, assume that systems--even buggy systems--behave in a deterministic manner. In other words, they assume that a system or software application will always behave in exactly the same way when given identical inputs under identical conditions. This assumption, however, is not always true. While this assumption is most often false when dealing with cyber-physical systems, new and even older...

Awareness and adoption of DevOps continues to grow. A 2016 DevOps trends report found that DevOps adoption increased from 66 percent in 2015 to 74 percent in 2016 In 2016, visitors to the SEI DevOps Blog were drawn to posts highlighting successful DevOps implementations at Amazon and Netflix, as well as tutorials on Fabric, Ansible, and Docker. This post presents in descending order (with number one at the bottom being the most popular) the five...

As we have done each year since the blog's inception in 2011, this blog post presents the10 most-visited posts in 2016 in descending order ending with the most popular post. While the majority of our most popular posts were published in the last 12 months, a few, such as Don Firesmith's 2013 posts about software testing, continue to be popular with readers. 10. Verifying Software with Timers and Clocks 9. 10 At-Risk Emerging Technologies 8....

When IT and security professionals discuss phishing, the need for improved user education is often the main focus. While user education is vital and can lead to faster discovery of attacks through increased reporting of phishing attempts, it's important to understand the limits of user education when trying to reduce phishing risks....

In this blog post, I describe sentiment analysis and discuss its use in the area of insider threat. Sentiment analysis, often referred to as opinion mining, refers to the application of natural language processing (NLP), computational linguistics, and text analytics to identify and extract subjective information in source materials (Wikipedia)....

Blogs

CERT/CC

Timely insights about vulnerabilities, network situational awareness, and research in the security field offered by CERT Division researchers.

DevOps

Technical Guidelines and practical advice for DevOps. Posts cover issues relating to understanding and achieving successful DevOps including cultural shifts, barriers to collaboration, continuous integration, continuous deployment, and automation.

Subscribe

Insider Threat

Advice and best practices for organizations wanting to help better deter, detect, and respond to evolving insider threats.

SATURN

The SEI Architecture Technology User Network’s blog covers topics relating to software architecture and connects the professional network of software, systems, and enterprise architects from around the world, representing industry, academia, and government.

SEI Blog

Ongoing and exploratory research on topics that include secure coding, malware analysis, testing, organizational planning, agile software development, big data, quality assurance, cloud computing, and software sustainment across the lifecycle.

Subscribe