Blog Posts
Detection and Repair: The Cost of Remediation
This year, we plan on making some exciting updates to the SEI CERT C Coding Standard. This blog post is about one of our ideas for improving the standard.
Read More•By David Svoboda
In Secure Development
Measurement Challenges in Software Assurance and Supply Chain Risk Management
This SEI Blog post examines the current state of measurement in software assurance and supply chain management, with a particular focus on open source software, and highlights promising measurement approaches.
Read More•By Nancy R. Mead, Carol Woody, Scott Hissam
In Secure Development
What Recent Vulnerabilities Mean to Rust
In recent weeks several vulnerabilities have rocked the Rust community causing many to question its safety. This post examines two such vulnerabilities.
Read More•By David Svoboda
In Secure Development
The SEI SBOM Framework: Informing Third-Party Software Management in Your Supply Chain
This post presents a framework to promote the use of SBOMs and establish practices and processes that organizations can leverage as they build their programs.
Read More•By Christopher J. Alberts, Michael S. Bandor, Charles M. Wallen, Carol Woody
In Secure Development
Rust Vulnerability Analysis and Maturity Challenges
This post explores tools for understanding vulnerabilities in the Rust programming language as well as the maturity of the Rust software ecosystem as a whole and how that might impact …
Read More•By Garret Wassermann, David Svoboda
In Secure Development
Rust Software Security: A Current State Assessment
This post examines security issues with the Rust programming language.
Read More•By Joe Sible, David Svoboda
In Secure Development
Taking Up the Challenge of Open Source Software Security in the DoD
This post describes a workshop hosted by the SEI to start a conversation to elevate the trustworthiness of free and open source software, particularly in DoD settings.
Read More•By Scott Hissam
In Secure Development
11 Leading Practices When Implementing a Container Strategy
While containers are frequently lauded in the latest software development trends, switching from using virtual machines and deploying an organization-wide container strategy remains non-trivial.
Read More•By Andrew O. Mellinger, William Nichols, Jay Palat
In Secure Development
Release of SCAIFE System Version 2.0.0 Provides Support for Continuous-Integration (CI) Systems
Key features in new release of SCAIFE System Version 2.0.0 including support for continuous-integration (CI) systems, and status of evolving SEI SCAIFE work
Read More•By Lori Flynn
In Secure Development
A Technique for Decompiling Binary Code for Software Assurance and Localized Repair
The DoD has a significant amount of software available only in binary form. It is impractical to ensure that this software is free from vulnerabilities and malicious code.
Read More•By William Klieber
In Secure Development
