SEI Insights

Recent Posts

A recent IDC forecast predicts that the big data technology and services market will realize "a 26.4 percent compound annual growth rate to $41.5 billion through 2018, or about six times the growth rate of the overall information technology market." In previous posts highlighting the SEI's research in big data, we explored some of the challenges related to the rapidly growing field, which include the need to make technology selections early in the architecture design...

Traditionally, DevOps practitioners think of business value as simply measuring the difference between money earned and money spent. In that line of thinking, security is often relegated to a secondary goal because it fails to directly drive revenue. The misguided goal is to deliver functionality at all costs, even if it compromises the integrity of the system or data. As Rob Joyce, head of the National Security Agency's Tailored Access Operations group, mentions in his...

As our world becomes increasingly software-reliant, reports of security issues in the interconnected devices that we use throughout our day (i.e., the Internet of Things) are also increasing. This blog post discusses how to capture security requirements in architecture models, use them to build secure systems, and reduce potential security defects. This post also provides an overview of our ongoing research agenda on using architecture models for the design, analysis, and implementation of secure cyber-physical...

The CERT Coordination Center (CERT/CC) has been receiving an increasing number of vulnerability reports regarding Internet of Things devices and other embedded systems. We've also been focusing more of our own vulnerability discovery work in that space. We've discovered that while many of the vulnerabilities are technically the same as in traditional IT software, the coordination process has some substantial differences that will need to be addressed as the Internet of Things grows....

This is the third installment in a series of three blog posts highlighting seven recommended practices for monitoring software-intensive system acquisition (SISA) programs. This content was originally published on the Cyber Security & Information Analysis Center's website online environment known as SPRUCE (Systems and Software Producibility Collaboration Environment). The first two posts in the series explored the challenges to monitoring SISA programs and presented the first five recommended best practices: Address in contracts Set up...

DevOps practitioners often omit security testing when building their DevOps pipelines because security is often linked with slow-moving business units and outdated policies. These characteristics conflict with the overall goal of DevOps, which is to improve the software delivery process. However, security plays an important role in the software development lifecycle and must be addressed in all applications. Incorporating security into different stages of the DevOps pipeline will not only start to automate security, but...

Blogs

CERT/CC

Timely insights about vulnerabilities, network situational awareness, and research in the security field offered by CERT Division researchers.

DevOps

Technical Guidelines and practical advice for DevOps. Posts cover issues relating to understanding and achieving successful DevOps including cultural shifts, barriers to collaboration, continuous integration, continuous deployment, and automation.

Subscribe

Insider Threat

Advice and best practices for organizations wanting to help better deter, detect, and respond to evolving insider threats.

SATURN

The SEI Architecture Technology User Network’s blog covers topics relating to software architecture and connects the professional network of software, systems, and enterprise architects from around the world, representing industry, academia, and government.

SEI Blog

Ongoing and exploratory research on topics that include secure coding, malware analysis, testing, organizational planning, agile software development, big data, quality assurance, cloud computing, and software sustainment across the lifecycle.

Subscribe