Archive: 2020
Bridging the Gap Between Research and Practice
A fundamental goal for a federally funded research and development center (FFRDC) is to bridge the gap between research and practice for government customers....
Read More•By Leigh B. Metcalf
In CERT/CC Vulnerabilities
Situational Awareness for Cybersecurity Architecture: Network Visibility
Network compromises cannot be detected without visibility into the activities within assets. Network security analysts can view these activities in one of two places....
Read More•By Timur D. Snoke
In Situational Awareness
Snake Ransomware Analysis Updates
In January 2020, Sentinel Labs published two reports on Snake (also known as Ekans) ransomware.[1][2] The Snake ransomware gained attention due to its ability to terminate specific industrial control system …
Read More•By Kyle O'Meara
In CERT/CC Vulnerabilities
An Introduction to the Cybersecurity Maturity Model Certification (CMMC)
A cyber attack within the DIB supply chain could result in devastating losses of intellectual property and controlled unclassified information.
Read More•By Katie C. Stewart, Andrew F. Hoover
In Enterprise Risk and Resilience Management
7 Quick Steps to Using Containers Securely
The use of containers in software development and deployment continues to trend upwards. There is good reason for this climb in usage as containers offer many benefits....
Read More•By Tom Scanlon, Richard Laughlin
Automatically Detecting Technical Debt Discussions with Machine Learning
Technical debt (TD) refers to choices made during software development that achieve short-term goals at the expense of long-term quality....
Read More•By Robert Nord
In Artificial Intelligence Engineering
Reviewing Formalized DevOps Assessment Findings and Crafting Recommendations: Sixth in a Series
Reviewing DevOps assessment findings and formalizing them into a final list is critical to precisely identifying obstacles to the client. Drafting the appropriate recommendation is key....
Read More•By Jose A. Morales
In DevSecOps
System Resilience Part 6: Verification and Validation
Adverse events and conditions can disrupt a system, causing it to fail to provide essential capabilities and services. As I outlined in previous posts in this series, resilience is an …
Read More•By Donald Firesmith
In Cybersecurity Engineering
System Resilience Part 7: 16 Guiding Principles for System Resilience
Adverse events and conditions can disrupt a system, causing it to fail to provide essential capabilities and services. As I outlined in previous posts in this series, resilience is an …
Read More•By Donald Firesmith
In Cybersecurity Engineering
Stop Wasting Time: Manage Time as the Limiting Resource
Lost time is never found. - Ben Franklin. Driven by a competitive marketplace, software developers and programmers are often pressured to adhere to unrealistically aggressive schedules....
Read More•By Bill Nichols
SEI Blog Archive
Recent
Year