Archive: 2024
API Security through Contract-Driven Programming
This blog post explores contract programming and specifically how that applies to the building, maintenance, and security of APIs.
Read More•By Alex Vesey
In Cybersecurity Engineering
5 Recommendations to Help Your Organization Manage Technical Debt
This SEI Blog post summarizes recommendations arising from an SEI study that apply to the Department of Defense and other development organizations seeking to analyze, manage, and reduce technical debt.
Read More•By Ipek Ozkaya, Brigid O'Hearn
In Technical Debt
Applying Large Language Models to DoD Software Acquisition: An Initial Experiment
This SEI Blog post illustrates examples of using LLMs for software acquisition in the context of a document summarization experiment and codifies the lessons learned from this experiment and related …
Read More•By Douglas Schmidt (Vanderbilt University), John E. Robert
In Artificial Intelligence Engineering
Comparing the Performance of Hashing Techniques for Similar Function Detection
This blog post explores the challenges of code comparison and presents a solution to the problem.
Read More•By Edward J. Schwartz
In Reverse Engineering for Malware Analysis
The Latest Work from the SEI: an OpenAI Collaboration, Generative AI, and Zero Trust
This post highlights the latest work from the SEI in the areas of generative AI, zero trust, large language models, and quantum computing.
Read More•By Douglas Schmidt (Vanderbilt University)
In Software Engineering Research and Development
The Great Fuzzy Hashing Debate
This post details a debate among two researchers over whether there is utility in applying fuzzy hashes to instruction bytes.
Read More•By Edward J. Schwartz
In Reverse Engineering for Malware Analysis
What Recent Vulnerabilities Mean to Rust
In recent weeks several vulnerabilities have rocked the Rust community causing many to question its safety. This post examines two such vulnerabilities.
Read More•By David Svoboda
In Secure Development
Polar: Improving DevSecOps Observability
This post introduces Polar, a DevSecOps framework developed as a solution to the limitations of traditional batch data processing.
Read More•By Morgan Farrah, Vaughn Coates, Patrick Earl
In DevSecOps
Cost-Effective AI Infrastructure: 5 Lessons Learned
This post details challenges and state of the art of cost-effective AI infrastructure and five lessons learned for standing up an LLM.
Read More•By William Nichols, Bryan Brown
In Artificial Intelligence Engineering
Measurement Challenges in Software Assurance and Supply Chain Risk Management
This SEI Blog post examines the current state of measurement in software assurance and supply chain management, with a particular focus on open source software, and highlights promising measurement approaches.
Read More•By Nancy R. Mead, Carol Woody, Scott Hissam
In Secure Development
SEI Blog Archive
Recent
Year