Software and Information Assurance
Blog Posts
Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
• By Paul D. Nielsen
In Software Engineering Research and Development

Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning
The U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML)....
• By Jonathan Spring
In CERT/CC Vulnerabilities
Data-Driven Management of Technical Debt
Technical debt communicates the tradeoff between the short-term benefits of rapid delivery and the long-term value of developing a software system that is easy to evolve, modify, repair, and sustain. …
• By Ipek Ozkaya
In Artificial Intelligence Engineering

Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization
We've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....
• By Allen Householder
In CERT/CC Vulnerabilities

Machine Learning in Cybersecurity
Our technical report provides an overview of the relevant parts of an ML lifecycle--selecting the right problem, the right data, and the right math and summarizing the model output for …
• By Jonathan Spring
In CERT/CC Vulnerabilities
Cybersecurity Governance, Part 1: 5 Fundamental Challenges
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems....
• By Seth Swinton, Stephanie Hedges
In Insider Threat


Selecting Measurement Data for Software Assurance Practices
Measuring the software assurance of a product as it is developed and delivered to function in a specific system context involves assembling carefully chosen metrics....
• By Carol Woody

Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines
The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....
• By Allen Householder, Deana Shick, Jonathan Spring, Art Manion
In CERT/CC Vulnerabilities


Operation Cloud Hopper Case Study
In December, a grand jury indicted members of the APT10 group for a tactical campaign known as Operation Cloud Hopper, a global series of sustained attacks against managed service providers …
• By Nathaniel Richmond
In Cloud Computing

Deep Learning, Agile-DevOps, and Cloud Security: The Top 10 Blog Posts of 2018
Every January on the SEI Blog, we present the 10 most-visited posts of the previous year. This year's top 10, which features posts published between January 1, 2018, and December …
• By Douglas C. Schmidt
In Cloud Computing
