The Latest Work from the SEI: Privacy, Ransomware, Digital Engineering, and the Solar Winds Hack
These publications highlight the latest work of SEI technologists in software architecture, digital engineering, and ransomware.
• By Douglas C. Schmidt
The Current State of DevSecOps Metrics
DevSecOps practices yield useful, valuable information about software performance that is likely to lead to innovations in software engineering metrics.
• By Bill Nichols
In DevSecOps
A Game to Assess Human Decision Making with AI Support
In decision-support systems based on AI, humans often make poor choices causing the systems to be abandoned. Rotem Guttman introduces a game that collects data on actual human decision making …
• By Rotem Guttman
In Artificial Intelligence Engineering
Comparing DevSecOps and Systems Engineering Principles
Software developers and sustainers are seeing significant improvement by adopting Lean, Agile and DevSecOps iteration-based approaches. Now similar approaches are being proposed for more complex projects, including embedded software systems …
• By Richard Turner
In DevSecOps
Zero Trust Adoption: Managing Risk with Cybersecurity Engineering and Adaptive Risk Assessment
In this and a series of future posts, we provide an overview of zero trust and management of its risk with SEI's cybersecurity engineering assessment framework. This adaptive framework incorporates …
• By Geoff Sanders
In Cybersecurity Engineering
How to Use the CMMC Assessment Guides
This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC …
• By Douglas Gardner
In Enterprise Risk and Resilience Management
Benefits and Challenges of SOAR Platforms
Cyber threats are on the rise, but so are "false positives"--and overwhelmed analysts may be ignoring security alerts. Security orchestration, automation, and response (SOAR) platforms and tools can offer a …
• By Angela Horneman, Justin Ray
Requirements in Model-Based Systems Engineering (MBSE)
Although MBSE does not dictate any specific process, any MBSE process should cover four systems-engineering domains: requirements/capabilities, behavior, architecture/structure, and verification and validation. In this blog post, I describe how …
• By Nataliya Shevchenko
In Software Architecture
A Framework for DevSecOps Evolution and Achieving Continuous-Integration/Continuous-Delivery (CI/CD) Capabilities
Implementing a development environment with continuous-integration and continuous-delivery (CI/CD) pipeline capabilities and DevSecOps practices can be challenging. Here's how to avoid incomplete adoption or ineffective implementation.
• By Lyndsi Hughes, Vanessa Jackson
In DevSecOps
Top 10 Considerations for Effective Incident Management Communications
Communications planning is often overlooked, but it is essential to the overall sustainability and success of cybersecurity centers and incident management teams. Here is a quick look at our top …
• By Brittany Manley
In CSIRT Development
Explore Topics
- Agile
- Artificial Intelligence Engineering
- CERT/CC Vulnerabilities
- Cloud Computing
- CSIRT Development
- Cyber Workforce Development
- Cybersecurity Engineering
- DevSecOps
- Enterprise Risk and Resilience Management
- Insider Threat
- Quantum Computing
- Reverse Engineering For Malware Analysis
- Secure Development
- Situational Awareness
- Software Architecture
- Technical Debt
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.
Get updates on our latest work.
Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.