System Verification and Validation
Blog Posts
Comments on NIST IR 8269: A Taxonomy and Terminology of Adversarial Machine Learning
The U.S. National Institute of Standards and Technology (NIST) recently held a public comment period on their draft report on proposed taxonomy and terminology of Adversarial Machine Learning (AML)....
• By Jonathan Spring
In CERT/CC Vulnerabilities
Improving Insider Threat Detection Methods Through Software Engineering Principles
Tuning detective controls is a key component of implementing and operating an insider threat program, and one we have seen many organizations struggle with....
• By Daniel L. Costa
In Insider Threat
![Daniel Costa](/media/images/thumb_big_d-costa_blog_authors_.max-180x180.format-webp.webp)
Enabling Shift-Left Testing from Small Teams to Large Systems
Shift left is a familiar exhortation to teams and organizations engaged in Agile and Lean software development. It most commonly refers to incorporating test practices....
• By Nanette Brown
In Agile
![Nanette Brown](/media/images/thumb_big_n-brown_blog_authors_.max-180x180.format-webp.webp)
The Modern Software Factory and Independent V&V for Machine Learning: Two Key Recommendations for Improving Software in Defense Systems
This post highlights recommendations from a Defense Science Board report on how to improve software acquisition in defense.
• By Paul Nielsen
In Artificial Intelligence Engineering
![Paul Nielsen](/media/images/thumb_big_nielsen-paul-144_lead.max-180x180.format-webp.webp)
Rapid Software Composition by Assessing Untrusted Components
Today, organizations build applications on top of existing platforms, frameworks, components, and tools; no one constructs software from scratch....
• By Rick Kazman
In Software Architecture
![Rick Kazman](/media/images/thumb_big_r-kazman_blog_authors.max-180x180.format-webp.webp)
Certifiable Distributed Runtime Assurance in Cyber-Physical Systems
Runtime assurance (RA) has become a promising technique for ensuring the safe behavior of autonomous systems (such as drones or self-driving vehicles) whose behavior cannot be fully determined at design …
• By Dionisio de Niz
![Dionisio de Niz](/media/images/thumb_big_d-deniz_blog_authors_.max-180x180.format-webp.webp)
Infrastructure as Code: Moving Beyond DevOps and Agile
Citing the need to provide a technical advantage to the warfighter, the Department of Defense (DoD) has recently made the adoption of cloud computing technologies a priority....
• By John Klein
In Agile
![John Klein](/media/images/thumb_big_j-klein_blog_authors_.max-180x180.format-webp.webp)
Why Is Measurement So Hard?
Developing security metrics within an organization is an ongoing challenge. Organizations want to know "Am I secure enough?" While this is the common question, it lacks context....
• By Katie C. Stewart
![Headshot of Katie C. Stewart.](/media/images/thumb_big_k-stewart_blog_author.max-180x180.format-webp.webp)
Bitcoin, Blockchain, Machine Learning, and Ransomware: The Top 10 Posts of 2017
Each year since the blog's inception, we present the 10 most-visited posts of the year in descending order ending with the most popular post. In this blog post, we present …
• By Douglas Schmidt (Vanderbilt University)
![Douglas C. Schmidt](/media/images/thumb_big_d-schmidt_blog_author.max-180x180.format-webp.webp)
Cyber Warfare, Technical Debt, Network Border Protection, and Insider Threat: The Latest Work from the SEI
This SEI Blog post highlights recent SEI publications in cyber warfare, emerging technologies, network protection, and more.
• By Douglas Schmidt (Vanderbilt University)
In Artificial Intelligence Engineering
![Douglas C. Schmidt](/media/images/thumb_big_d-schmidt_blog_author.max-180x180.format-webp.webp)