Blog Posts
API Security through Contract-Driven Programming
This blog post explores contract programming and specifically how that applies to the building, maintenance, and security of APIs.
• By Alex Vesey
In Cybersecurity Engineering
Explainability in Cybersecurity Data Science
This post provides an overview of explainability in machine learning and includes illustrations of model-to-human and human-to-model explainability.
• By Jeffrey Mellon, Clarence Worrell
In Cybersecurity Engineering
Secure by Design at CERT
The national cybersecurity strategy calls on tech providers to ensure that all their products are secure by design and secure by default. This post highlights the SEI CERT Division's continued …
• By Greg Touhill
In Cybersecurity Engineering
3 Activities for Making Software Secure by Design
Understanding key principles, roadblocks, and accelerators can shift the secure software development paradigm.
• By Carol Woody, Robert Schiela
In Cybersecurity Engineering
Using Game Theory to Advance the Quest for Autonomous Cyber Threat Hunting
This SEI Blog post describes an effort to apply game theory to the development of algorithms suitable for informing a fully autonomous threat hunting capability and introduces the concept of …
• By Phil Groce
In Cybersecurity Engineering
8 Areas of Future Research in Zero Trust
The National Cybersecurity Strategy was released on March 1st, 2023 to improve federal cybersecurity through the implementation of a zero trust architecture.
• By Matthew Nicolai, Trista Polaski, Timothy Morrow
In Cybersecurity Engineering
Security Analytics: Using SiLK and Mothra to Identify Data Exfiltration via the Domain Name Service
This post explores how the DNS protocol can be abused to exfiltrate data by adding bytes of data onto DNS queries.
• By Timothy J. Shimeall
In Cybersecurity Engineering
The Benefits of Cyber Assessment Training
This post discusses how cybersecurity assessments can help critical infrastructure organizations improve their cybersecurity with help from free assessment tools developed by the SEI and offered by the U.S. government.
• By Rhonda Brown, Alexander Petrilli
In Cybersecurity Engineering
5 Best Practices from Industry for Implementing a Zero Trust Architecture
This blog post presents 5 best practices from industry on implementing a zero trust architecture and discusses why they are significant.
• By Matthew Nicolai, Nathaniel Richmond, Timothy Morrow
In Cybersecurity Engineering
An Acquisition Security Framework for Supply Chain Risk Management
This post introduces the Acquisition Security Framework (ASF), which helps organizations identify the critical touchpoints needed for effective supply chain risk management.
• By Carol Woody
In Cybersecurity Engineering