SEI Bloghttps://insights.sei.cmu.edu/feeds/latest/atom/?utm_source=blog&utm_medium=rss2024-03-25T00:00:00-04:00Updates on changes and additions to the SEI Blog.5 Recommendations to Help Your Organization Manage Technical Debt2024-03-25T00:00:00-04:002024-03-25T00:00:00-04:00Ipek Ozkaya, Brigid O'Hearnhttps://insights.sei.cmu.edu/blog/5-recommendations-to-help-your-organization-manage-technical-debt/This SEI Blog post summarizes recommendations arising from an SEI study that apply to the Department of Defense and other development organizations seeking to analyze, manage, and reduce technical debt.API Security through Contract-Driven Programming2024-03-18T00:00:00-04:002024-03-18T00:00:00-04:00Alexander Veseyhttps://insights.sei.cmu.edu/blog/api-security-through-contract-driven-programming/This blog post explores contract programming and specifically how that applies to the building, maintenance, and security of APIs.Example Case: Using DevSecOps to Redefine Minimum Viable Product2024-03-11T00:00:00-04:002024-03-11T00:00:00-04:00Joe Yankelhttps://insights.sei.cmu.edu/blog/example-case-using-devsecops-to-redefine-minimum-viable-product/This SEI blog post, authored by SEI interns, describes their work on a microservices-based software application, an accompanying DevSecOps pipeline, and an expansion of the concept of minimum viable product to minimum viable process.10 Lessons in Security Operations and Incident Management2024-03-04T00:00:00-05:002024-03-04T00:00:00-05:00Robin Rueflehttps://insights.sei.cmu.edu/blog/10-lessons-in-security-operations-and-incident-management/This post outlines 10 lessons learned from more than three decades of building incident response and security teams throughout the globe.CERT Releases 2 Tools to Assess Insider Risk2024-02-26T00:00:00-05:002024-02-26T00:00:00-05:00Roger Blackhttps://insights.sei.cmu.edu/blog/cert-releases-2-tools-to-assess-insider-risk/The average insider risk incident costs organizations more than $600,000. To help organizations assess their insider risk programs, the SEI CERT Division has released two tools available for download.OpenAI Collaboration Yields 14 Recommendations for Evaluating LLMs for Cybersecurity2024-02-21T00:00:00-05:002024-02-21T00:00:00-05:00Jeff Gennari, Shing-hon Lau, Samuel Perlhttps://insights.sei.cmu.edu/blog/openai-collaboration-yields-14-recommendations-for-evaluating-llms-for-cybersecurity/This SEI Blog post summarizes 14 recommendations to help assessors accurately evaluate LLM cybersecurity capabilities.Using ChatGPT to Analyze Your Code? Not So Fast2024-02-12T00:00:00-05:002024-02-12T00:00:00-05:00Mark Shermanhttps://insights.sei.cmu.edu/blog/using-chatgpt-to-analyze-your-code-not-so-fast/This blog post explores the efficacy of ChatGPT 3.5 in identifying errors in software code.Applying the SEI SBOM Framework2024-02-05T00:00:00-05:002024-02-05T00:00:00-05:00Carol Woodyhttps://insights.sei.cmu.edu/blog/applying-the-sei-sbom-framework/This SEI Blog post examines ways you can leverage your software bill of materials (SBOM) data, using the SEI SBOM Framework, to improve your software security and inform your supply chain risk management.The Top 10 Skills CISOs Need in 20242024-01-24T00:00:00-05:002024-01-24T00:00:00-05:00Gregory Touhillhttps://insights.sei.cmu.edu/blog/the-top-10-skills-cisos-need-in-2024/This post outlines the top 10 skills that CISOs need in 2024 and beyond.10 Benefits and 10 Challenges of Applying Large Language Models to DoD Software Acquisition2024-01-22T00:00:00-05:002024-01-22T00:00:00-05:00John Robert, Douglas Schmidthttps://insights.sei.cmu.edu/blog/10-benefits-and-10-challenges-of-applying-large-language-models-to-dod-software-acquisition/This post presents 10 benefits and 10 challenges of applying LLMs to the software acquisition process and suggests specific use cases where generative AI can provide value.The Latest Work from the SEI2024-01-15T00:00:00-05:002024-01-15T00:00:00-05:00Douglas Schmidthttps://insights.sei.cmu.edu/blog/the-latest-work-from-the-sei/This SEI Blog post summarizes some recent publications from the SEI in the areas of supply chain risk management, technical debt, large language models, quantum computing, acquisition, and trustworthiness in AI systems.The Top 10 Blog Posts of 20232024-01-08T00:00:00-05:002024-01-08T00:00:00-05:00Douglas Schmidthttps://insights.sei.cmu.edu/blog/the-top-10-blog-posts-of-2023/Every January on the SEI Blog, we present the 10 most-visited posts of the previous year. This year’s top 10 highlights our work in zero trust, large language models, DevSecOps, and artificial intelligence.Acquisition Archetypes Seen in the Wild, DevSecOps Edition: Clinging to the Old Ways2023-12-18T00:00:00-05:002023-12-18T00:00:00-05:00William Novakhttps://insights.sei.cmu.edu/blog/acquisition-archetypes-seen-in-the-wild-devsecops-edition-clinging-to-the-old-ways/This SEI blog post draws on SEI experiences conducting independent technical assessments to examine problems common to disparate acquisition programs. It also provides recommendations for recovering from these problems and preventing them from recurring.Applying Generative AI to Software Engineering: Navigating Ethical and Educational Landscapes2023-12-11T00:00:00-05:002023-12-11T00:00:00-05:00John Robert, Douglas Schmidthttps://insights.sei.cmu.edu/blog/applying-generative-ai-to-software-engineering-navigating-ethical-and-educational-landscapes/The post explores the application of generative AI in software engineering with an emphasis on the ethical and educational landscapes.Creating a Large Language Model Application Using Gradio2023-12-04T00:00:00-05:002023-12-04T00:00:00-05:00Tyler Brookshttps://insights.sei.cmu.edu/blog/creating-a-large-language-model-application-using-gradio/This post explains how to build a large language model across three primary use cases: basic question-and-answer, question-and-answer over documents, and document summarization.Don’t Wait for ROI on Model-Based Analysis for Embedded Computing Resources2023-11-27T00:00:00-05:002023-11-27T00:00:00-05:00Alfred Schenker, Jerome Hugueshttps://insights.sei.cmu.edu/blog/dont-wait-for-roi-on-model-based-analysis-for-embedded-computing-resources/This SEI Blog post examines the design and implementation of embedded computing resources for CPS, the complexities of which drive the need for model building.Explainability in Cybersecurity Data Science2023-11-20T00:00:00-05:002023-11-20T00:00:00-05:00Jeffrey Mellon, Clarence Worrellhttps://insights.sei.cmu.edu/blog/explainability-in-cybersecurity-data-science/This post provides an overview of explainability in machine learning and includes illustrations of model-to-human and human-to-model explainability.Generative AI Q&A: Applications in Software Engineering2023-11-16T00:00:00-05:002023-11-16T00:00:00-05:00John Robert, Douglas Schmidthttps://insights.sei.cmu.edu/blog/generative-ai-question-and-answer-applications-in-software-engineering/This post explores the transformative impacts of generative AI on software engineering as well as its practical implications and adaptability in mission-critical environments.The OSATE Slicer: Fast Reachability Query Support for Architectural Models2023-11-13T00:00:00-05:002023-11-13T00:00:00-05:00Sam Procterhttps://insights.sei.cmu.edu/blog/the-osate-slicer-fast-reachability-query-support-for-architectural-models/Our post introduces the OSATE Slicer, a new extension to the Open Source AADL Tool Environment that adapts a concept called slicing to architectural models of embedded, critical systems.The SEI SBOM Framework: Informing Third-Party Software Management in Your Supply Chain2023-11-06T00:00:00-05:002023-11-06T00:00:00-05:00Christopher Alberts, Michael Bandor, Charles Wallen, Carol Woodyhttps://insights.sei.cmu.edu/blog/the-sei-sbom-framework-informing-third-party-software-management-in-your-supply-chain/This post presents a framework to promote the use of SBOMs and establish practices and processes that organizations can leverage as they build their programs.