search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Preventing DDoS Attacks, Scaling Agile, Insider Threat, and Software Architecture: The Latest Work from the SEI

Preventing DDoS Attacks, Scaling Agile, Insider Threat, and Software Architecture: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published books, SEI technical reports, podcasts and webinars on insider threat, using malware analysis to identify overlooked security requirements, software architecture, scaling Agile methods, best practices for preventing and responding to DDoS attacks, and a special report documenting the technical history of the SEI. These publications highlight the latest work of SEI technologists in these...

Read More
Prioritizing Security Alerts: A DoD Case Study

Prioritizing Security Alerts: A DoD Case Study

• SEI Blog
Lori Flynn

Federal agencies and other organizations face an overwhelming security landscape. The arsenal available to these organizations for securing software includes static analysis tools, which search code for flaws, including those that could lead to software vulnerabilities. The sheer effort required by auditors and coders to triage the large number of potential code flaws typically identified by static analysis can hijack a software project's budget and schedule. Auditors need a tool to classify alerts and to...

Read More
Automated Code Repair in the C Programming Language

Automated Code Repair in the C Programming Language

• SEI Blog
Will Klieber

By Will Klieber CERT Secure Coding Team This blog post is co-authored by Will Snavely. Finding violations of secure coding guidelines in source code is daunting, but fixing them is an even greater challenge. We are creating automated tools for source code transformation. Experience in examining software bugs reveals that many security-relevant bugs follow common patterns (which can be automatically detected) and that there are corresponding patterns for repair (which can be performed by automatic...

Read More
The Challenges of Testing in a Non-Deterministic World

The Challenges of Testing in a Non-Deterministic World

• SEI Blog
Donald Firesmith

Many system and software developers and testers, especially those who have primarily worked in business information systems, assume that systems--even buggy systems--behave in a deterministic manner. In other words, they assume that a system or software application will always behave in exactly the same way when given identical inputs under identical conditions. This assumption, however, is not always true. While this assumption is most often false when dealing with cyber-physical systems, new and even older...

Read More
Autonomy, Robotics, Verification, DDoS Attacks, and Software Testing: The Top 10 Posts of 2016

Autonomy, Robotics, Verification, DDoS Attacks, and Software Testing: The Top 10 Posts of 2016

• SEI Blog
Douglas C. Schmidt

As we have done each year since the blog's inception in 2011, this blog post presents the10 most-visited posts in 2016 in descending order ending with the most popular post. While the majority of our most popular posts were published in the last 12 months, a few, such as Don Firesmith's 2013 posts about software testing, continue to be popular with readers. 10. Verifying Software with Timers and Clocks 9. 10 At-Risk Emerging Technologies 8....

Read More
Verifying Software with Timers and Clocks (STACs)

Verifying Software with Timers and Clocks (STACs)

• SEI Blog
Sagar Chaki

This blog post is coauthored by Dionisio de Niz. Software with timers and clocks (STACs) exchange clock values to set timers and perform computation. STACs are key elements of safety-critical systems that make up the infrastructure of our daily lives. They are particularly used to control systems that interact (and must be synchronized) with the physical world. Examples include avionics systems, medical devices, cars, cell phones, and other devices that rely on software not only...

Read More
Why Did the Robot Do That?

Why Did the Robot Do That?

• SEI Blog
Stephanie Rosenthal

The growth and change in the field of robotics in the last 15 years is tremendous, due in large part to improvements in sensors and computational power. These sensors give robots an awareness of their environment, including various conditions such as light, touch, navigation, location, distance, proximity, sound, temperature, and humidity. The increasing ability of robots to sense their environments makes them an invaluable resource in a growing number of situations, from underwater explorations to...

Read More
Cybersecurity Engineering, Performance, Risk, and Secure Coding: The Latest Work from the SEI

Cybersecurity Engineering, Performance, Risk, and Secure Coding: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published books, SEI technical reports, and webinars in cybersecurity engineering, performance and dependability, cyber risk and resilience management, cyber intelligence, secure coding, and the latest requirements for chief information security offficers (CISOs). These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication, author(s), and links...

Read More