Software and Information Assurance
Blog Posts
Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
• By Paul D. Nielsen
In Software Engineering Research and Development
Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning
The U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML)....
• By Jonathan Spring
In CERT/CC Vulnerabilities
Data-Driven Management of Technical Debt
Learn about the SEI's work on technical debt analysis techniques and practices to help software engineers manage its impact on projects in this SEI Blog post.
• By Ipek Ozkaya, Robert Nord
In Technical Debt
Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization
We've just released a follow-up paper in our research agenda about prioritizing actions during vulnerability management, Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization....
• By Allen Householder
In CERT/CC Vulnerabilities
Machine Learning in Cybersecurity
Our technical report provides an overview of the relevant parts of an ML lifecycle--selecting the right problem, the right data, and the right math and summarizing the model output for …
• By Jonathan Spring
In CERT/CC Vulnerabilities
Cybersecurity Governance, Part 1: 5 Fundamental Challenges
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems....
• By Seth Swinton, Stephanie Hedges
In Insider Threat
Selecting Measurement Data for Software Assurance Practices
Measuring the software assurance of a product as it is developed and delivered to function in a specific system context involves assembling carefully chosen metrics....
• By Carol Woody
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines
The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....
• By Allen Householder, Deana Shick, Jonathan Spring, Art Manion
In CERT/CC Vulnerabilities
Operation Cloud Hopper Case Study
In December, a grand jury indicted members of the APT10 group for a tactical campaign known as Operation Cloud Hopper, a global series of sustained attacks against managed service providers …
• By Nathaniel Richmond
In Cloud Computing
Deep Learning, Agile-DevOps, and Cloud Security: The Top 10 Blog Posts of 2018
Every January on the SEI Blog, we present the 10 most-visited posts of the previous year. This year's top 10, which features posts published between January 1, 2018, and December …
• By Douglas C. Schmidt
In Cloud Computing
