search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Pandemic Home Security for Your Enterprise

Pandemic Home Security for Your Enterprise

• SEI Blog
Phil Groce

This post was co-written by Harry Caskey. The COVID-19 pandemic has greatly increased remote work among enterprise employees. Home-network environments are not professionally managed, so they are an appealing target for attackers. These attackers are aware that systems on home networks are not patched regularly and a number of them are out of date with respect to vulnerability mitigation. Threat detection is typically nearly absent on home systems, and remediation is often incidental at best....

Read More
Remote Work: Vulnerabilities and Threats to the Enterprise

Remote Work: Vulnerabilities and Threats to the Enterprise

• SEI Blog
Phil Groce

For many organizations, COVID-19 dramatically changed the risk calculation for remote work. In January 2020, many enterprises viewed remote work with skepticism; by March, the choice for many was to become a remote-first enterprise or to shut down. As one might expect, embracing long-resisted technologies and practices has been chaotic for many, with actions dictated primarily by urgency. By now, most enterprises--to the surprise of some--have successfully adapted to the new environment. A few, such...

Read More
Top 10 Blog Posts of 2020

Top 10 Blog Posts of 2020

• SEI Blog
Douglas C. Schmidt

Every January on the SEI Blog, we present the 10 most-visited posts of the previous year. This year's list of top 10 is presented in reverse order--culminating in the most-visited post--and features posts published between January 1, 2020 and December 31, 2020. 10. Vulnonym - Stop the Naming Madness 9. Security Automation Begins at the Source Code 8. 8 Steps for Migrating Existing Applications to Microservices 7. Comments on NIST IR 8269: A Taxonomy and...

Read More
An Introduction to Model-Based Systems Engineering (MBSE)

An Introduction to Model-Based Systems Engineering (MBSE)

• SEI Blog
Nataliya Shevchenko

Model-based systems engineering (MBSE) is a formalized methodology that is used to support the requirements, design, analysis, verification, and validation associated with the development of complex systems. In contrast to document-centric engineering, MBSE puts models at the center of system design. The increased adoption of digital-modeling environments during the past few years has led to increased adoption of MBSE. In January 2020, NASA noted this trend by reporting that MBSE, "has been increasingly embraced by...

Read More
Release of SCAIFE System Version 1.0.0 Provides Full GUI-Based Static-Analysis Adjudication System with Meta-Alert Classification

Release of SCAIFE System Version 1.0.0 Provides Full GUI-Based Static-Analysis Adjudication System with Meta-Alert Classification

• SEI Blog
Lori Flynn

The SEI Source Code Analysis Integrated Framework Environment (SCAIFE) is a modular architecture designed to enable a wide variety of tools, systems, and users to use artificial intelligence (AI) classifiers for static-analysis meta-alerts at relatively low cost and effort. SCAIFE uses automation to reduce the significant manual effort required to adjudicate meta-alerts that are produced by static-analysis tools. The architecture also enables low-effort integration for tools to incorporate mathematical formulas for meta-alert prioritization, data aggregation...

Read More
10 Steps for Managing Risk: OCTAVE FORTE

10 Steps for Managing Risk: OCTAVE FORTE

• SEI Blog
Brett Tucker

To ensure that risk management is effective, organizations need adaptable, agile frameworks that provide executives with a real-time view of cyber risks, and the related tools and processes they can use to address appropriate risks. Organizations should use enterprise risk management (ERM) principles, tools, and processes to understand and prioritize complex risks that compete for organizational resources. The SEI developed OCTAVE FORTE, a process model that helps organizations evaluate their security risks and use ERM...

Read More
Shifting from Software Sustainment to Software Engineering in the DoD

Shifting from Software Sustainment to Software Engineering in the DoD

• SEI Blog
Thomas Evans

Mike Gagliardi, Joe Kostial, Nicholas Reimer, and Douglas C. Schmidt coauthored this blog post. In our work with government acquisition programs, we have observed a trend: organic software sustainment organizations are expanding beyond their traditional purview of software maintenance into software engineering and development. As a result, these organizations now also focus on designing and implementing new software architectures and code, rather than just repairing and maintaining legacy software. Software sustainment and maintenance organizations have...

Read More
Show Me Agility: Agile Strategy Execution

Show Me Agility: Agile Strategy Execution

• SEI Blog
Linda Parker Gates

The rapid pace of change in software development, in business, and in the world has many organizations struggling to execute daily operations, wrangle big projects, and feel confident that there is a long-term strategy at play. Wrestling with daily trials and being unable to see beyond immediate tasks can feel like working in the weeds. An agile strategy and execution environment, however, can enable us to win tactical battles while maintaining a focus on broader...

Read More