Archive: 2022
Creating Transformative and Trustworthy AI Systems Requires a Community Effort
This post explores how professionalizing the practice of AI engineering and developing the AI engineering discipline can increase the dependability and availability of AI systems.
Read More•By Carrie Gardner
In Artificial Intelligence Engineering
SecOps Field Notes: Challenges of Assessing International SOC Teams During a Global Pandemic
SecOps team members travel frequently to work with international organizations to build cyber capacity. In 2020, they had to adapt in response to the COVID-19 global pandemic.
Read More•By Christopher Rodman
In Cybersecurity Center Development
Tactics and Patterns for Software Robustness
Robustness, along with other quality attributes, such as security and safety, is a key contributor to our trust that a system will perform in a reliable manner.
Read More•By Rick Kazman
In Software Architecture
Probably Don’t Rely on EPSS Yet
This post evaluates the pros and cons of the Exploit Prediction Scoring System (EPSS), a data-driven model designed to estimate the probability that software vulnerabilities will be exploited in practice.
Read More•By Jonathan Spring
In CERT/CC Vulnerabilities
Modeling DevSecOps to Protect the Pipeline
This blog post presents a DevSecOps Platform-Independent Model that uses model based system engineering constructs to formalize the practices of DevSecOps pipelines and organize guidance.
Read More•By Timothy A. Chick, Joe Yankel
In DevSecOps
Security Analytics: Tracking Software Updates
This blog post presents an analytic for tracking software updates from official vendor locations.
Read More•By Timothy J. Shimeall
In Cybersecurity Engineering
The Zero Trust Journey: 4 Phases of Implementation
This post outlines four phases that organizations should address as they develop and assess their roadmap and associated artifacts against a zero trust maturity model.
Read More•By Timothy Morrow, Matthew Nicolai
In Cybersecurity Engineering
The Latest Work from the SEI: The SEI Year in Review, Explainable AI, and Digital Engineering Effectiveness
This blog post presents the 2021 Year in Review as well as recent publications in the fields of explainable artificial intelligence, cyber risk and resilience management, and digital engineering.
Read More•By Douglas Schmidt (Vanderbilt University)
In Software Engineering Research and Development
Combining Security and Velocity in a Continuous-Integration Pipeline for Large Teams
This post explores how one team managed—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.
Read More•By Alejandro Gomez
In DevSecOps
IT, OT, and ZT: Implementing Zero Trust in Industrial Control Systems
This blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.
Read More•By Brian Benestelli, Daniel J. Kambic
In Enterprise Risk and Resilience Management
SEI Blog Archive
Recent
Year