- Agile
- Artificial Intelligence Engineering
- CERT/CC Vulnerabilities
- Cloud Computing
- CSIRT Development
- Cyber Workforce Development
- Cyber-Physical Systems
- Cybersecurity Engineering
- DevSecOps
- Edge Computing
- Enterprise Risk and Resilience Management
- Insider Threat
- Quantum Computing
- Reverse Engineering for Malware Analysis
- Secure Development
- Situational Awareness
- Software Architecture
- Software Engineering Research and Development
- Technical Debt
Security Analytics: Tracking Software Updates
This blog post presents an analytic for tracking software updates from official vendor locations.
• By Tim Shimeall
In Cybersecurity Engineering
Modeling DevSecOps to Protect the Pipeline
This blog post presents a DevSecOps Platform-Independent Model that uses model based system engineering constructs to formalize the practices of DevSecOps pipelines and organize guidance.
• By Timothy Chick, Joe Yankel
In DevSecOps
Probably Don’t Rely on EPSS Yet
This post evaluates the pros and cons of the Exploit Prediction Scoring System (EPSS), a data-driven model designed to estimate the probability that software vulnerabilities will be exploited in practice.
• By Jonathan Spring
In CERT/CC Vulnerabilities
SecOps Field Notes: Challenges of Assessing International SOC Teams During a Global Pandemic
SecOps team members travel frequently to work with international organizations to build cyber capacity. In 2020, they had to adapt in response to the COVID-19 global pandemic.
• By Christopher Rodman
In CSIRT Development
Cybersecurity Capacity Building with Human Capital in Sub-Saharan Africa
This post explores the creation of skilled cybersecurity human capital to solve real-life threats unique to the African continent.
• By Angel Luis Hueca
In CSIRT Development
Creating Transformative and Trustworthy AI Systems Requires a Community Effort
This post explores how professionalizing the practice of AI engineering and developing the AI engineering discipline can increase the dependability and availability of AI systems.
• By Carrie Gardner
In Artificial Intelligence Engineering
A Method for Assessing Cloud Adoption Risks
The move to a cloud environment provides significant benefits. Realizing these benefits, however, requires organizations to manage associated organizational and technical risks effectively.
• By Christopher Alberts
In Cloud Computing
Improving Automated Retraining of Machine-Learning Models
This post describes how to improve representative MLOps pipelines by automating exploratory data-analysis tasks.
• By Rachel Brower-Sinning
In Artificial Intelligence Engineering
Security Analytics: Tracking Proxy Bypass
This post describes how to track the amount of network traffic that is evading security proxies for services that such proxies are expected to cover.
• By Tim Shimeall
In Cybersecurity Engineering
Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
• By Paul D. Nielsen
In Software Engineering Research and Development
Explore Topics
- Agile
- Artificial Intelligence Engineering
- CERT/CC Vulnerabilities
- Cloud Computing
- CSIRT Development
- Cyber Workforce Development
- Cyber-Physical Systems
- Cybersecurity Engineering
- DevSecOps
- Edge Computing
- Enterprise Risk and Resilience Management
- Insider Threat
- Quantum Computing
- Reverse Engineering for Malware Analysis
- Secure Development
- Situational Awareness
- Software Architecture
- Software Engineering Research and Development
- Technical Debt
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.
Get updates on our latest work.
Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.