Blog Posts
Measurement Challenges in Software Assurance and Supply Chain Risk Management
This SEI Blog post examines the current state of measurement in software assurance and supply chain management, with a particular focus on open source software, and highlights promising measurement approaches.
Read More•By Nancy R. Mead, Carol Woody, Scott Hissam
In Secure Development
What Recent Vulnerabilities Mean to Rust
In recent weeks several vulnerabilities have rocked the Rust community causing many to question its safety. This post examines two such vulnerabilities.
Read More•By David Svoboda
In Secure Development
The SEI SBOM Framework: Informing Third-Party Software Management in Your Supply Chain
This post presents a framework to promote the use of SBOMs and establish practices and processes that organizations can leverage as they build their programs.
Read More•By Christopher J. Alberts, Michael S. Bandor, Charles M. Wallen, Carol Woody
In Secure Development
Rust Vulnerability Analysis and Maturity Challenges
This post explores tools for understanding vulnerabilities in the Rust programming language as well as the maturity of the Rust software ecosystem as a whole and how that might impact …
Read More•By Garret Wassermann, David Svoboda
In Secure Development
Rust Software Security: A Current State Assessment
This post examines security issues with the Rust programming language.
Read More•By Joe Sible, David Svoboda
In Secure Development
Taking Up the Challenge of Open Source Software Security in the DoD
This post describes a workshop hosted by the SEI to start a conversation to elevate the trustworthiness of free and open source software, particularly in DoD settings.
Read More•By Scott Hissam
In Secure Development
11 Leading Practices When Implementing a Container Strategy
While containers are frequently lauded in the latest software development trends, switching from using virtual machines and deploying an organization-wide container strategy remains non-trivial.
Read More•By Andrew O. Mellinger, William Nichols, Jay Palat
In Secure Development
Release of SCAIFE System Version 2.0.0 Provides Support for Continuous-Integration (CI) Systems
Key features in new release of SCAIFE System Version 2.0.0 including support for continuous-integration (CI) systems, and status of evolving SEI SCAIFE work
Read More•By Lori Flynn
In Secure Development
A Technique for Decompiling Binary Code for Software Assurance and Localized Repair
The DoD has a significant amount of software available only in binary form. It is impractical to ensure that this software is free from vulnerabilities and malicious code.
Read More•By William Klieber
In Secure Development
Anti-Tamper for Software Components
This post explains how to identify software components within systems that are in danger of being exploited and that should be protected by anti-tamper practices.
Read More