Blog Posts
Stop Imagining Threats, Start Mitigating Them: A Practical Guide to Threat Modeling
When building a software-intensive system, a key part in creating a secure and robust solution is to develop a cyber threat model.
Read More•By Alex Vesey
In Cybersecurity Engineering
Cyber-Informed Machine Learning
This blog post proposes cyber-informed machine learning as a conceptual framework for emphasizing three types of explainability when ML is used for cybersecurity.
Read More•By Jeffrey Mellon, Clarence Worrell
In Cybersecurity Engineering
13 Cybersecurity Predictions for 2025
It’s that time of year when we reflect on the past year and eagerly look forward. This post presents 13 cyber predictions for 2025.
Read More•By Greg Touhill
In Cybersecurity Engineering
An Introduction to Hardening Docker Images
Through our work, we have seen stakeholders encountering difficulty with hardening open source container images for vulnerability mitigation.
Read More•By Maxwell Trdina, Sasank Vishnubhatla
In Cybersecurity Engineering
A Framework for Detection in an Era of Rising Deepfakes
This blog post details the evolving deepfake landscape and introduces a framework for detection.
Read More•By Matthew Walsh
In Cybersecurity Engineering
Evaluating Static Analysis Alerts with LLMs
LLMs show promising initial results in adjudicating static analysis alerts, offering possibilities for better vulnerability detection. This post discusses initial experiments using GPT-4 to evaluate static analysis alerts.
Read More•By William Klieber, Lori Flynn
In Cybersecurity Engineering
3 API Security Risks and Recommendations for Mitigation
This blog post presents three top API security risks along with recommendations for mitigating them.
Read More•By McKinley Sconiers-Hasan
In Cybersecurity Engineering
Redemption: A Prototype for Automated Repair of Static Analysis Alerts
This post introduces Redemption, an open source tool that uses automated code repair technology to repair static analysis alerts in C/C++ source code.
Read More•By David Svoboda
In Cybersecurity Engineering
Versioning with Git Tags and Conventional Commits
This blog post explores extending the conventional commit paradigm to enable automatic semantic versioning with git tags to streamline the development and deployment of software.
Read More•By Alex Vesey
In Cybersecurity Engineering
API Security through Contract-Driven Programming
This blog post explores contract programming and specifically how that applies to the building, maintenance, and security of APIs.
Read More•By Alex Vesey
In Cybersecurity Engineering