Archive: 2020
Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning
The U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML)....
Read More•By Jonathan Spring
In CERT/CC Vulnerabilities
System Resilience Part 5: Commonly-Used System Resilience Techniques
If adverse events or conditions cause a system to fail to operate appropriately, they can cause all manner of harm to valuable assets. As I outlined in previous posts in …
Read More•By Donald Firesmith
In Cybersecurity Engineering
Formalizing DevOps Assessment Findings and Crafting Recommendations: Fifth in a Series
Reviewing DevOps assessment findings and formalizing them into a final list is critical to precisely identifying obstacles to the client. Drafting the appropriate recommendation is key....
Read More•By Jose A. Morales
In DevSecOps
Automated Code Repair to Ensure Memory Safety
Memory-safety vulnerabilities are among the most common and most severe types of software vulnerabilities. In early 2019, a memory vulnerability in the iPhone iOS....
Read More•By William Klieber
In Secure Development
Summarizing and Searching Video with Machine Learning
The U.S. relies on surveillance video to determine when activities of interest occur in a location that is under surveillance....
Read More•By Edwin J. Morris
In Artificial Intelligence Engineering
Designing Trustworthy AI for Human-Machine Teaming
Artificially intelligent (AI) systems hold great promise to empower us with knowledge and enhance human effectiveness....
Read More•By Carol J. Smith
In Artificial Intelligence Engineering
Five Reasons the Cybersecurity Field Needs Trusted Data Sets and Meaningful Metrics
Cybersecurity is a domain rich with data, but regrettably often only poor insights can be drawn from this richness. CISOs ask questions about how best to allocate resources....
Read More•By Roberta (Bobbie) Stempfley, Matthew J. Butkovic
In Cybersecurity Engineering
Security Automation Begins at the Source Code
Hi, this is Vijay Sarvepalli, Information Security Architect in the CERT Division. On what seemed like a normal day at our vulnerability coordination center, one of my colleagues asked me....
Read More•By Vijay S. Sarvepalli
In CERT/CC Vulnerabilities
Using Machine Learning to Detect Design Patterns
Software increasingly serves core DoD functions, such as ship and plane navigation, supply logistics, and real-time situational awareness....
Read More•By Robert Nord, Zachary Kurtz
In Artificial Intelligence Engineering
Functional Requirements for Insider Threat Tool Testing
Because of the scope and scale of the insider threat, the SEI recommends that organizations adopt a use-case-based approach to insider risk mitigation....
Read More•By Robert M. Ditmore, Derrick Spooner
In Insider Threat
SEI Blog Archive
Recent
Year