Cybersecurity Engineering
Blog Posts
Redemption: A Prototype for Automated Repair of Static Analysis Alerts
This post introduces Redemption, an open source tool that uses automated code repair technology to repair static analysis alerts in C/C++ source code.
• By David Svoboda
In Cybersecurity Engineering
Versioning with Git Tags and Conventional Commits
This blog post explores extending the conventional commit paradigm to enable automatic semantic versioning with git tags to streamline the development and deployment of software.
• By Alex Vesey
In Cybersecurity Engineering
API Security through Contract-Driven Programming
This blog post explores contract programming and specifically how that applies to the building, maintenance, and security of APIs.
• By Alex Vesey
In Cybersecurity Engineering
Explainability in Cybersecurity Data Science
This post provides an overview of explainability in machine learning and includes illustrations of model-to-human and human-to-model explainability.
• By Jeffrey Mellon, Clarence Worrell
In Cybersecurity Engineering
Secure by Design at CERT
The national cybersecurity strategy calls on tech providers to ensure that all their products are secure by design and secure by default. This post highlights the SEI CERT Division's continued …
• By Greg Touhill
In Cybersecurity Engineering
3 Activities for Making Software Secure by Design
Understanding key principles, roadblocks, and accelerators can shift the secure software development paradigm.
• By Carol Woody, Robert Schiela
In Cybersecurity Engineering
Using Game Theory to Advance the Quest for Autonomous Cyber Threat Hunting
This SEI Blog post describes an effort to apply game theory to the development of algorithms suitable for informing a fully autonomous threat hunting capability and introduces the concept of …
• By Phil Groce
In Cybersecurity Engineering
8 Areas of Future Research in Zero Trust
The National Cybersecurity Strategy was released on March 1st, 2023 to improve federal cybersecurity through the implementation of a zero trust architecture.
• By Matthew Nicolai, Trista Polaski, Timothy Morrow
In Cybersecurity Engineering
Security Analytics: Using SiLK and Mothra to Identify Data Exfiltration via the Domain Name Service
This post explores how the DNS protocol can be abused to exfiltrate data by adding bytes of data onto DNS queries.
• By Timothy J. Shimeall
In Cybersecurity Engineering
The Benefits of Cyber Assessment Training
This post discusses how cybersecurity assessments can help critical infrastructure organizations improve their cybersecurity with help from free assessment tools developed by the SEI and offered by the U.S. government.