Archive: 2019
Selecting Measurement Data for Software Assurance Practices
Measuring the software assurance of a product as it is developed and delivered to function in a specific system context involves assembling carefully chosen metrics....
• By Carol Woody
Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra
This post explores how to use the new OOAnalyzer Ghidra Plugin to import C++ class information into the NSA's Ghidra tool and interpret results in the Ghidra SRE framework.
• By Jeff Gennari
In Reverse Engineering for Malware Analysis
An Application Programming Interface for Classifying and Prioritizing Static Analysis Alerts
In this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts.
• By Lori Flynn, Ebonie McNeil
In Secure Development
Cybersecurity Governance, Part 1: 5 Fundamental Challenges
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems....
• By Seth Swinton, Stephanie Hedges
In Insider Threat
The Promise of Deep Learning on Graphs
A growing number of Department of Defense (DoD) data problems are graph problems: the data from sources such as sensor feeds, web traffic, and supply chains are full of irregular …
• By Oren Wright
In Artificial Intelligence Engineering
Expectations of Windows RDP Session Locking Behavior
Recently, CERT researchers published a vulnerability note (VU#576688 - Microsoft Windows RDP can bypass the Windows lock screen). In this blog post, we provide a little more insight into how …
• By Will Dormann, Joseph Tammariello
In CERT/CC Vulnerabilities
Mission Thread Analysis Using End-to-End Data Flows - Part 1
Although the vast majority of military missions require the successful collaboration of multiple cyber-physical systems within an overall system of systems (SoS), almost all system and software architects work on …
• By Donald Firesmith
In Cybersecurity Engineering
Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities
Today's major defense systems rely heavily on software-enabled capabilities. However, many defense programs acquiring new systems first determine the physical items to develop....
• By Sarah Sheard, Suzanne Miller, Bill Nichols, Donald Firesmith, Mike Phillips
In Software Architecture
Are You Providing Cybersecurity Awareness, Training, or Education?
When I attend trainings, conferences, or briefings, I usually end up listening to someone reading slides about a problem. Rarely am I provided with any solutions or actions to remediate …
• By Mike Petock
In Insider Threat
What is System Resilience?
Explore system resilience in data centers, cloud computing, cyber-physical systems, and more in this SEI Blog post.
• By Donald Firesmith
SEI Blog Archive
Recent
Year