Software Engineering Institute | Carnegie Mellon University

SEI Insights

Recent Posts

In its effort to increase the capability of the warfighter, the Department of Defense (DoD) has made incremental changes in its acquisition practices for building and deploying military capacity. This capacity can be viewed as "platforms" (tanks, ships, aircraft, etc.) and the mission system "payloads" (sensors, command and control, weapons, etc.) that are populated onto those platforms to deliver the desired capability. This blog post, the first in a series excerpted from a recently published...

Hello, I am Randy Trzeciak, Director of the CERT National Insider Threat Center (NITC). I would like to welcome you to the NITC blog series on insider threat incidents within various sectors. In this first post, I (1) describe the purpose of the series and highlight what you can expect to see during the series, and (2) review the NITC insider threat corpus, which is the foundation for our empirical research and analysis. Join us...

This post is also authored by Tim Shimeall and Timur Snoke. In July of this year, a major overseas shipping company had its U.S. operations disrupted by a ransomware attack, one of the latest attacks to disrupt the daily operation of a major, multi-national organization. Computer networks are complex, often tightly coupled systems; operators of such systems need to maintain awareness of the system status or disruptions will occur. In today's operational climate, threats and...

The costs of the steady stream of data breaches and attacks on sensitive and confidential data continue to rise. Organizations are responding by making data protection a critical component of their leadership and governance strategies. The European Union's recent General Data Protection Regulation (GDPR) adds layers of complexity to protecting the data of individuals in the EU and European Economic Area. Organizations are struggling to understand GDPR's requirements, much less become compliant. In this series...

A software product line is a collection of related products with shared software artifacts and engineering services that has been developed by a single organization intended to serve different missions and different customers. In industry, product lines provide both customer benefits (such as functionality, quality, and cost) and development organization benefits (such as time to market and price-margin). Moreover, these benefits last through multiple generations of products. This blog is the first in a series...

This post is co-authored with Sam Perl. The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University recently released the Cyobstract Python library as an open source tool. You can use it to quickly and efficiently extract artifacts from free text in a single report, from a collection of incident reports, from threat assessment summaries, or any other textual source....

Blogs

CERT/CC

Timely insights about vulnerabilities, network situational awareness, and research in the security field offered by CERT Division researchers.

DevOps

Technical Guidelines and practical advice for DevOps. Posts cover issues relating to understanding and achieving successful DevOps including cultural shifts, barriers to collaboration, continuous integration, continuous deployment, and automation.

Subscribe

Insider Threat

Advice and best practices for organizations wanting to help better deter, detect, and respond to evolving insider threats.

SATURN

The SEI Architecture Technology User Network’s blog covers topics relating to software architecture and connects the professional network of software, systems, and enterprise architects from around the world, representing industry, academia, and government.

SEI Blog

Ongoing and exploratory research on topics that include secure coding, malware analysis, testing, organizational planning, agile software development, big data, quality assurance, cloud computing, and software sustainment across the lifecycle.

Subscribe