Measuring the software assurance of a product as it is developed and delivered to function in a specific system context involves assembling carefully chosen metrics....

July 7, 2019•By Carol Woody

This post explores how to use the new OOAnalyzer Ghidra Plugin to import C++ class information into the NSA's Ghidra tool and interpret results in the Ghidra SRE framework.

July 14, 2019•By Jeff Gennari

In Reverse Engineering for Malware Analysis

In this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts.

July 21, 2019•By Lori Flynn, Ebonie McNeil

In Secure Development

Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems....

July 24, 2019•By Seth Swinton, Stephanie Hedges

In Insider Threat

A growing number of Department of Defense (DoD) data problems are graph problems: the data from sources such as sensor feeds, web traffic, and supply chains are full of irregular …

July 28, 2019•By Oren Wright

In Artificial Intelligence Engineering

Recently, CERT researchers published a vulnerability note (VU#576688 - Microsoft Windows RDP can bypass the Windows lock screen). In this blog post, we provide a little more insight into how …

July 28, 2019•By Will Dormann, Joseph Tammariello

In CERT/CC Vulnerabilities

Although the vast majority of military missions require the successful collaboration of multiple cyber-physical systems within an overall system of systems (SoS), almost all system and software architects work on …

August 4, 2019•By Donald Firesmith

In Cybersecurity Engineering

Today's major defense systems rely heavily on software-enabled capabilities. However, many defense programs acquiring new systems first determine the physical items to develop....

August 11, 2019•By Sarah Sheard, Suzanne Miller, Bill Nichols, Donald Firesmith, Mike Phillips

In Software Architecture

When I attend trainings, conferences, or briefings, I usually end up listening to someone reading slides about a problem. Rarely am I provided with any solutions or actions to remediate …

March 19, 2019•By Mike Petock

In Insider Threat

Explore system resilience in data centers, cloud computing, cyber-physical systems, and more in this SEI Blog post.

November 24, 2019•By Donald Firesmith