- Agile
- Artificial Intelligence Engineering
- CERT/CC Vulnerabilities
- Cloud Computing
- CSIRT Development
- Cyber Workforce Development
- Cyber-Physical Systems
- Cybersecurity Engineering
- DevSecOps
- Edge Computing
- Enterprise Risk and Resilience Management
- Insider Threat
- Quantum Computing
- Reverse Engineering for Malware Analysis
- Secure Development
- Situational Awareness
- Software Architecture
- Software Engineering Research and Development
- Technical Debt
Taking Up the Challenge of Open Source Software Security in the DoD
This post describes a workshop hosted by the SEI to start a conversation to elevate the trustworthiness of free and open source software, particularly in DoD settings.
• By Scott Hissam
In Secure Development
Networking at the Tactical and Humanitarian Edge
This blog post details networking challenges in edge environments that stem from uncertainty and solutions to overcome them.
• By Marc Novakouski, Jacob Ratzlaff
In Edge Computing
UEFI – Terra Firma for Attackers
This blog post focuses on how the vulnerabilities in firmware popularized by the Uniform Extensible Firmware Interface create a lucrative target for high-profile attackers.
• By Vijay Sarvepalli
In CERT/CC Vulnerabilities
Tactics and Patterns for Software Robustness
Robustness, along with other quality attributes, such as security and safety, is a key contributor to our trust that a system will perform in a reliable manner.
• By Rick Kazman
In Software Architecture
IT, OT, and ZT: Implementing Zero Trust in Industrial Control Systems
This blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.
• By Brian Benestelli, Dan Kambic
In Enterprise Risk and Resilience Management
Combining Security and Velocity in a Continuous-Integration Pipeline for Large Teams
This post explores how one team managed—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.
• By Alejandro Gomez
In DevSecOps
The Latest Work from the SEI: The SEI Year in Review, Explainable AI, and Digital Engineering Effectiveness
This blog post presents the 2021 Year in Review as well as recent publications in the fields of explainable artificial intelligence, cyber risk and resilience management, and digital engineering.
• By Douglas C. Schmidt
In Software Engineering Research and Development
The Zero Trust Journey: 4 Phases of Implementation
This post outlines four phases that organizations should address as they develop and assess their roadmap and associated artifacts against a zero trust maturity model.
• By Timothy Morrow, Matthew Nicolai
Security Analytics: Tracking Software Updates
This blog post presents an analytic for tracking software updates from official vendor locations.
• By Tim Shimeall
In Cybersecurity Engineering
Modeling DevSecOps to Protect the Pipeline
This blog post presents a DevSecOps Platform-Independent Model that uses model based system engineering constructs to formalize the practices of DevSecOps pipelines and organize guidance.
• By Timothy Chick, Joe Yankel
In DevSecOps
Explore Topics
- Agile
- Artificial Intelligence Engineering
- CERT/CC Vulnerabilities
- Cloud Computing
- CSIRT Development
- Cyber Workforce Development
- Cyber-Physical Systems
- Cybersecurity Engineering
- DevSecOps
- Edge Computing
- Enterprise Risk and Resilience Management
- Insider Threat
- Quantum Computing
- Reverse Engineering for Malware Analysis
- Secure Development
- Situational Awareness
- Software Architecture
- Software Engineering Research and Development
- Technical Debt
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.
Get updates on our latest work.
Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.