Archive: 2024
Versioning with Git Tags and Conventional Commits
This blog post explores extending the conventional commit paradigm to enable automatic semantic versioning with git tags to streamline the development and deployment of software.
Read More•By Alex Vesey
In Cybersecurity Engineering
The Threat of Deprecated BGP Attributes
This post examines how a small issue with Border Gateway Protocol routing, a deprecated path attribute, can cause a major interruption to Internet traffic.
Read More•By Leigh B. Metcalf, Timur D. Snoke
In CERT/CC Vulnerabilities
Redemption: A Prototype for Automated Repair of Static Analysis Alerts
This post introduces Redemption, an open source tool that uses automated code repair technology to repair static analysis alerts in C/C++ source code.
Read More•By David Svoboda
In Cybersecurity Engineering
Software Cost Estimation Explained
Anandi Hira explains software cost estimation, presents estimation tools, and examines inherent biases that exist in software cost estimation models.
Read More•By Anandi Hira
Incorporating Agile Principles into Independent Verification and Validation
This post discusses how Agile principles can work with independent verification and validation processes.
Read More•By Justin Smith
In Agile
The Latest Work from the SEI: APIs, SBOMs, and Static Analysis
This post presents the latest work from the SEI in the areas of application programming interfaces, secure development, and static analysis.
Read More•By Bill Scherlis
In Software Engineering Research and Development
Cultivating Kubernetes on the Edge
Members of the SEI DevSecOps Innovation team were asked to explore an alternative to VMware’s vSphere Hypervisor in an edge compute environment. This post explores their prototype.
Read More•By Patrick Earl, Jeffrey Hamed, Doug Reynolds, Jose A. Morales
In DevSecOps
3 API Security Risks and Recommendations for Mitigation
This blog post presents three top API security risks along with recommendations for mitigating them.
Read More•By McKinley Sconiers-Hasan
In Cybersecurity Engineering
Auditing Bias in Large Language Models
This post discusses recent research that uses a role-playing scenario to audit ChatGPT, an approach that opens new possibilities for revealing unwanted biases.
Read More•By Katherine-Marie Robinson, Violet Turri
In Artificial Intelligence Engineering
Weaknesses and Vulnerabilities in Modern AI: Why Security and Safety Are so Challenging
This post explores concepts of security and safety for neural-network-based AI, including ML and generative AI, as well as AI-specific challenges in developing safe and secure systems.
Read More•By Bill Scherlis
In Artificial Intelligence Engineering
SEI Blog Archive
Recent
Year