![Secure Development topic image](/media/images/thumb_big-half_thumb_secure-dev.max-560x280.format-webp.webp)
Blog Posts
Measurement Challenges in Software Assurance and Supply Chain Risk Management
This SEI Blog post examines the current state of measurement in software assurance and supply chain management, with a particular focus on open source software, and highlights promising measurement approaches.
• By Nancy R. Mead, Carol Woody, Scott Hissam
In Secure Development
![Nancy Mead](/media/images/thumb_big_n-mead_blog_authors_5.max-180x180.format-webp.webp)
![Headshot of Carol Woody.](/media/images/thumb_big_c-woody_blog_authors_.max-180x180.format-webp.webp)
What Recent Vulnerabilities Mean to Rust
In recent weeks several vulnerabilities have rocked the Rust community causing many to question its safety. This post examines two such vulnerabilities.
• By David Svoboda
In Secure Development
![David Svoboda](/media/images/thumb_big_d-svoboda_blog_author.max-180x180.format-webp.webp)
The SEI SBOM Framework: Informing Third-Party Software Management in Your Supply Chain
This post presents a framework to promote the use of SBOMs and establish practices and processes that organizations can leverage as they build their programs.
• By Christopher J. Alberts, Michael S. Bandor, Charles M. Wallen, Carol Woody
In Secure Development
![Christopher Alberts](/media/images/thumb_big_c-alberts_blog_author.max-180x180.format-webp.webp)
![Headshot of Michael Bandor](/media/images/bandor.max-180x180.format-webp.webp)
Rust Vulnerability Analysis and Maturity Challenges
This post explores tools for understanding vulnerabilities in the Rust programming language as well as the maturity of the Rust software ecosystem as a whole and how that might impact …
• By Garret Wassermann, David Svoboda
In Secure Development
![Garret Wassermann](/media/images/thumb_big_g-wasserman_blog_auth.max-180x180.format-webp.webp)
![David Svoboda](/media/images/thumb_big_d-svoboda_blog_author.max-180x180.format-webp.webp)
Rust Software Security: A Current State Assessment
This post examines security issues with the Rust programming language.
• By Joe Sible, David Svoboda
In Secure Development
![Headshot of Joseph Sible](/media/images/thumb_big_j-sible_blog_authors_.max-180x180.format-webp.webp)
![David Svoboda](/media/images/thumb_big_d-svoboda_blog_author.max-180x180.format-webp.webp)
Taking Up the Challenge of Open Source Software Security in the DoD
This post describes a workshop hosted by the SEI to start a conversation to elevate the trustworthiness of free and open source software, particularly in DoD settings.
• By Scott Hissam
In Secure Development
![Headshot of Scott Hissam](/media/images/thumb_big_s-hissam_blog_authors.max-180x180.format-webp.webp)
11 Leading Practices When Implementing a Container Strategy
While containers are frequently lauded in the latest software development trends, switching from using virtual machines and deploying an organization-wide container strategy remains non-trivial.
• By Andrew O. Mellinger, William Nichols, Jay Palat
In Secure Development
![Andrew Mellinger](/media/images/thumb_big_a-mellinger_blog_auth.max-180x180.format-webp.webp)
![Will Nichols](/media/images/nichols_will.max-180x180.format-webp.webp)
Release of SCAIFE System Version 2.0.0 Provides Support for Continuous-Integration (CI) Systems
Key features in new release of SCAIFE System Version 2.0.0 including support for continuous-integration (CI) systems, and status of evolving SEI SCAIFE work
• By Lori Flynn
In Secure Development
![Lori Flynn](/media/images/thumb_big_l-flynn_blog_authors_.max-180x180.format-webp.webp)
A Technique for Decompiling Binary Code for Software Assurance and Localized Repair
The DoD has a significant amount of software available only in binary form. It is impractical to ensure that this software is free from vulnerabilities and malicious code.
• By William Klieber
In Secure Development
![Will Klieber](/media/images/thumb_big_w-klieber_blog_author.max-180x180.format-webp.webp)
Anti-Tamper for Software Components
This post explains how to identify software components within systems that are in danger of being exploited and that should be protected by anti-tamper practices.
• By Scott Hissam
In Secure Development
![Headshot of Scott Hissam](/media/images/thumb_big_s-hissam_blog_authors.max-180x180.format-webp.webp)