search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Three Practice Areas for Using Positive Incentives to Reduce Insider Threat

Three Practice Areas for Using Positive Incentives to Reduce Insider Threat

• SEI Blog
Andrew Moore

In the 2016 Cyber Security Intelligence Index, IBM found that 60 percent of all cyber attacks were carried out by insiders. One reason that insider threat remains so problematic is that organizations typically respond to these threats with negative technical incentives, such as practices that monitor employee behavior, detect and punish misbehavior, and otherwise try to force employees to act in the best interest of the organization. In contrast, this blog post highlights results from...

Read More
Combined Arms Cyber-Kinetic Operator Training

Combined Arms Cyber-Kinetic Operator Training

• SEI Blog
Rotem Guttman

As cyber-physical systems continue to proliferate, the ability of cyber operators to support armed engagements (kinetic missions) will be critical for the Department of Defense (DoD) to maintain a technological advantage over adversaries. However, current training for cyber operators focuses entirely on the cyber aspect of operations and ignores the realities and constraints of supporting a larger mission. Similarly, kinetic operators largely think of cyber capabilities as a strategic, rather than a tactical resource, and...

Read More
Experiences Using IBM Watson in Software Assurance

Experiences Using IBM Watson in Software Assurance

• SEI Blog
Mark Sherman

Since its debut on Jeopardy in 2011, IBM's Watson has generated a lot of interest in potential applications across many industries. I recently led a research team investigating whether the Department of Defense (DoD) could use Watson to improve software assurance and help acquisition professionals assemble and review relevant evidence from documents. As this blog post describes, our work examined whether typical developers could build an IBM Watson application to support an assurance review....

Read More
Powered by Mirai

Powered by Mirai

• SEI Blog
Vijay Sarvepalli

Distributed denial-of-service (DDoS) attacks have been dominating the IT security headlines. A flurry of reporting followed the September 2016 attack on the computer security reporter Brian Krebs's web site KrebsonSecurity when he reported attack traffic that was at the unprecedented scale of gigabytes per second. In November, my colleague Rachel Kartch wrote "DDOS Attacks: Four Best Practices for Prevention and Response," outlining what we can do to defend against these attacks. In this blog post,...

Read More
Establishing Trust in Disconnected Environments

Establishing Trust in Disconnected Environments

• SEI Blog
Grace Lewis

First responders, search-and-rescue teams, and military personnel often work in "tactical edge" environments defined by limited computing resources, rapidly changing mission requirements, high levels of stress, and limited connectivity. In these tactical edge environments, software applications that enable tasks such as face recognition, language translation, decision support, and mission planning and execution are critical due to computing and battery limitations on mobile devices. Our work on tactical cloudlets addresses some of these challenges by providing...

Read More
Five Perspectives on Scaling Agile

Five Perspectives on Scaling Agile

• SEI Blog
Will Hayes

The prevalence of Agile methods in the software industry today is obvious. All major defense contractors in the market can tell you about their approaches to implementing the values and principles found in the Agile Manifesto. Published frameworks and methodologies are rapidly maturing, and a wave of associated terminology is part of the modern lexicon. We are seeing consultants feuding on Internet forums as well, with each one claiming to have the "true" answer for...

Read More
Are We Creating Organizational Debt?

Are We Creating Organizational Debt?

• SEI Blog
Linda Parker Gates

Interest in Agile and lightweight development methods in the software development community has become widespread. Our experiences with the application of Agile principles have therefore become richer. In my blog post, Toward Agile Strategic Planning, I wrote about how we can apply Agile principles to strategic planning. In this blog post, I apply another Agile concept, technical debt, to another organizational excellence issue. Specifically I explore whether organizational debt is accrued when we implement quick...

Read More
Six Best Practices for Securing a Robust Domain Name System (DNS) Infrastructure

Six Best Practices for Securing a Robust Domain Name System (DNS) Infrastructure

• SEI Blog
Mark Langston

The Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong. As evidenced by the recent distributed denial of service (DDoS) attack against Internet performance management company Dyn, which temporarily wiped out access to websites including Amazon, Paypal, Reddit, and the New York Times for millions of users down the Eastern Seaboard and Europe, DNS serves...

Read More