search menu icon-carat-right cmu-wordmark

Posts by Jose Morales

Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

• Blog
Jose Morales

This third installment in our blog series on implementing DevOps in highly regulated environments (HREs), which is based upon a recently published paper, discusses the second step in a DevOps assessment: establishing the pre-assessment DevOps posture of an HRE. (Read the first and second post in the series.) The posture is the current DevOps implementation, if any, in an HRE's software development lifecycle (SDLC). Recall that the ultimate goal of the DevOps assessment is to...

Read More
Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

• Blog
Jose Morales

This second installment in the blog post series on implementing DevOps in highly regulated environments (HREs), which is excerpted from a recently published paper, discusses the first step in a DevOps assessment: setting expectations with the organization. This step is a critical task in an assessment because it sets the boundaries of what will be performed and delivered....

Read More
Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

• Blog
Jose Morales

In academia, government, and industry, DevOps has become a standard, straightforward option for streamlining efforts and increasing comprehensive participation by all stakeholders in the software development lifecycle (SDLC). In highly regulated environments (HREs) within these three sectors, however, applying DevOps can prove challenging. HREs are mandated by policies for various reasons, the most often being general security and protection of intellectual property thus making the sharing and open access principles of DevOps that much harder...

Read More
A New Approach to Prioritizing Malware Analysis

A New Approach to Prioritizing Malware Analysis

• Blog
Jose Morales

Every day, analysts at major anti-virus companies and research organizations are inundated with new malware samples. From Flame to lesser-known strains, figures indicate that the number of malware samples released each day continues to rise. In 2011, malware authors unleashed approximately 70,000 new strains per day, according to figures reported by Eugene Kaspersky. The following year, McAfee reported that 100,000 new strains of malware were unleashed each day. An article published in the October 2013...

Read More
Prioritizing Malware Analysis

Prioritizing Malware Analysis

• Blog
Jose Morales

Hi, this is Jose Morales, researcher in the CERT:CES team. In early 2012, a backdoor Trojan malware named Flame was discovered in the wild. When fully deployed, Flame proved very hard for malware researchers to analyze. In December of that year, Wired magazine reported that before Flame had been unleashed, samples of the malware had been lurking, undiscovered, in repositories for at least two years. As Wired also reported, this was not an isolated event....

Read More
Prioritizing Malware Analysis

Prioritizing Malware Analysis

• Blog
Jose Morales

In early 2012, a backdoor Trojan malware named Flame was discovered in the wild. When fully deployed, Flame proved very hard for malware researchers to analyze. In December of that year, Wired magazine reported that before Flame had been unleashed, samples of the malware had been lurking, undiscovered, in repositories for at least two years. As Wired also reported, this was not an isolated event. Every day, major anti-virus companies and research organizations are inundated...

Read More

Contact the Author

Jose Morales

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Jose Morales

View publications