search menu icon-carat-right cmu-wordmark

Posts by Jose Morales

Evaluating the Post Assessment DevOps Posture: Eighth in a Series

Evaluating the Post Assessment DevOps Posture: Eighth in a Series

• Blog
Jose Morales

In an ideal scenario, organizations that complete a DevOps assessment will implement all of the assessment's recommendations to improve their software development lifecycle (SDLC). Establishing the client's post-assessment DevOps posture allows the client to understand their progress since the pre-assessment posture establishment and how close they are to an ideal DevOps and SDLC environment. In this eighth installment of our blog post series on DevOps in highly regulated environments (HREs), we discuss the when, where,...

Read More
Writing and Delivering the Final DevOps Assessment Report: Seventh in a Series

Writing and Delivering the Final DevOps Assessment Report: Seventh in a Series

• Blog
Jose Morales

The time has come for the final step of the DevOps Assessment: the final report. Now is your chance to document all your findings, recommendations, and related material. The report is the key artifact documenting every aspect of the entire DevOps assessment: persons (team members, customer, and all others involved in the assessment minus the actual interviewees), places (locations of interviews and other meetings related to this assessment, they can be physical or virtual locations,...

Read More
Reviewing Formalized DevOps Assessment Findings and Crafting Recommendations: Sixth in a Series

Reviewing Formalized DevOps Assessment Findings and Crafting Recommendations: Sixth in a Series

• Blog
Jose Morales

Reviewing DevOps assessment findings and formalizing them into a final list is critical to precisely identifying obstacles to the client. Drafting the appropriate recommendation is key to improving the organization's software development capabilities. This blog post series, based on a paper by me and my colleagues Hasan Yasar and Aaron Volkmann, discusses the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle (SDLC) within highly regulated environments (HREs)....

Read More
Formalizing DevOps Assessment Findings and Crafting Recommendations: Fifth in a Series

Formalizing DevOps Assessment Findings and Crafting Recommendations: Fifth in a Series

• Blog
Jose Morales

Reviewing DevOps assessment findings and formalizing them into a final list is critical to precisely identifying obstacles to the client. Drafting the appropriate recommendation is key to improving the organization's software development. We will dicuss both topics in this blog post. This blog post series, based on a paper by me and my colleagues Hasan Yasar and Aaron Volkmann, discusses the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle...

Read More
Performing the DevOps Assessment: Fourth in a Series

Performing the DevOps Assessment: Fourth in a Series

• Blog
Jose Morales

The overall purpose of a DevOps assessment is to help improve the software development lifecycle (SDLC). Applying DevOps in highly regulated environments (HREs), be they academic, government, or industrial, can be challenging. HREs are mandated by policies for various reasons, most often general security and protection of intellectual property. The restrictions of these policies make the sharing and open access principles of DevOps that much harder to apply. This blog post series, based on a...

Read More
Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

• Blog
Jose Morales

This third installment in our blog series on implementing DevOps in highly regulated environments (HREs), which is based upon a recently published paper, discusses the second step in a DevOps assessment: establishing the pre-assessment DevOps posture of an HRE. (Read the first and second post in the series.) The posture is the current DevOps implementation, if any, in an HRE's software development lifecycle (SDLC). Recall that the ultimate goal of the DevOps assessment is to...

Read More
Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

• Blog
Jose Morales

This second installment in the blog post series on implementing DevOps in highly regulated environments (HREs), which is excerpted from a recently published paper, discusses the first step in a DevOps assessment: setting expectations with the organization. This step is a critical task in an assessment because it sets the boundaries of what will be performed and delivered....

Read More
Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

• Blog
Jose Morales

In academia, government, and industry, DevOps has become a standard, straightforward option for streamlining efforts and increasing comprehensive participation by all stakeholders in the software development lifecycle (SDLC). In highly regulated environments (HREs) within these three sectors, however, applying DevOps can prove challenging. HREs are mandated by policies for various reasons, the most often being general security and protection of intellectual property thus making the sharing and open access principles of DevOps that much harder...

Read More
A New Approach to Prioritizing Malware Analysis

A New Approach to Prioritizing Malware Analysis

• Blog
Jose Morales

Every day, analysts at major anti-virus companies and research organizations are inundated with new malware samples. From Flame to lesser-known strains, figures indicate that the number of malware samples released each day continues to rise. In 2011, malware authors unleashed approximately 70,000 new strains per day, according to figures reported by Eugene Kaspersky. The following year, McAfee reported that 100,000 new strains of malware were unleashed each day. An article published in the October 2013...

Read More
Prioritizing Malware Analysis

Prioritizing Malware Analysis

• Blog
Jose Morales

Hi, this is Jose Morales, researcher in the CERT:CES team. In early 2012, a backdoor Trojan malware named Flame was discovered in the wild. When fully deployed, Flame proved very hard for malware researchers to analyze. In December of that year, Wired magazine reported that before Flame had been unleashed, samples of the malware had been lurking, undiscovered, in repositories for at least two years. As Wired also reported, this was not an isolated event....

Read More
Prioritizing Malware Analysis

Prioritizing Malware Analysis

• Blog
Jose Morales

In early 2012, a backdoor Trojan malware named Flame was discovered in the wild. When fully deployed, Flame proved very hard for malware researchers to analyze. In December of that year, Wired magazine reported that before Flame had been unleashed, samples of the malware had been lurking, undiscovered, in repositories for at least two years. As Wired also reported, this was not an isolated event. Every day, major anti-virus companies and research organizations are inundated...

Read More

Contact the Author

Jose Morales

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Jose Morales

View publications