Security-Related Requirements
Blog Posts
How Easy Is It to Make and Detect a Deepfake?
The technology underlying the creation and detection of deepfakes and assessment of current and future threat levels
• By Catherine Bernaciak, Dominic A. Ross
In Artificial Intelligence Engineering
Integrating Safety and Security Engineering for Mission-Critical Systems
Critical systems must be safe from harm and secure, but safety and security practices have evolved in isolation. The SEI is improving coordination between safety and security engineering.
• By Sam Procter, Sholom G. Cohen
In Software Architecture
Automating System Security with AADL: 11 Rules for Ensuring a Security Model
This SEI Blog post presents an approach for modeling and validating confidentiality using AADL, and 11 analysis rules for ensuring security model consistency.
• By Aaron Greenhouse
In Software Architecture
How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications
The Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT)....
• By David Svoboda
In Secure Development
Using the SEI CERT Coding Standards to Improve Security of the Internet of Things
The Internet of Things (IoT) is insecure. The Jeep hack received a lot of publicity, and there are various ways to hack ATMs, with incidents occurring with increasing regularity....
• By David Svoboda
In Secure Development
Evaluating Threat-Modeling Methods for Cyber-Physical Systems
Addressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....
• By Nataliya Shevchenko
In Enterprise Risk and Resilience Management
Threat Modeling: 12 Available Methods
Almost all software systems today face a variety of threats, and the number of threats grows as technology changes....
• By Nataliya Shevchenko
In Enterprise Risk and Resilience Management
Decision-Making Factors for Selecting Application Security Testing Tools
In the first post in this series, I presented 10 types of application security testing (AST) tools and discussed when and how to use them....
• By Tom Scanlon
In Secure Development
IPv6 Adoption: 4 Questions and Answers
IPv6 deployment is on the rise. Google reported that as of July 14 2018, 23.94 percent of users accessed its site via IPv6, up 6.16 percent from that same date …
• By Joseph Mayes
In Secure Development
The Need to Specify Requirements for Off-Nominal Behavior
Explore off-nominal behavior in requirements engineering, addressing incomplete specifications and defining system behavior in abnormal situations in this SEI Blog.