search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Traffic Analysis for Network Security: Two Approaches for Going Beyond Network Flow Data

Traffic Analysis for Network Security: Two Approaches for Going Beyond Network Flow Data

• SEI Blog
Tim Shimeall

By the close of 2016, "Annual global IP traffic will pass the zettabyte ([ZB]; 1000 exabytes [EB]) threshold and will reach 2.3 ZBs per year by 2020" according to Cisco's Visual Networking Index. The report further states that in the same time frame smartphone traffic will exceed PC traffic. While capturing and evaluating network traffic enables defenders of large-scale organizational networks to generate security alerts and identify intrusions, operators of networks with even comparatively modest...

Read More
Modeling and Simulation in Insider Threat

Modeling and Simulation in Insider Threat

• SEI Blog
Andrew Moore

A 2016 study on cybersecurity and digital trust found that 69 percent of organizations surveyed experienced an attempted or successful theft or corruption of data by insiders in the last 12 months. Despite the impact of insider threat--and continued mandates that government agencies and their contractors put insider threat programs in place--a number of organizations still have not implemented them. Moreover, the programs that have been implemented often have serious deficiencies. One impediment to organizations...

Read More
Data Science, Blacklists, and Mixed-Critical Software: The Latest Research from the SEI

Data Science, Blacklists, and Mixed-Critical Software: The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog posting summarizes some recently published SEI technical reports, white papers, and webinars in early lifecycle cost estimation, data science, host protection strategies, blacklists, the Architectural Analysis and Design Language (AADL), architecture fault modeling and analysis, and programming and verifying distributed mixed-synchrony and mixed-critical software. These publications highlight the latest work of SEI technologists in these areas. This post includes...

Read More
The Future of Managing Technical Debt

The Future of Managing Technical Debt

• SEI Blog
Robert Nord

Software engineers increasingly recognize technical debt as a problem they care about, but they lack methods and tools to help them strategically plan, track, and pay down debt. The concept provides a vocabulary to engage researchers from a practice point of view, but they often lack an empirical basis and data science on which to validate their work on technical debt. Our recent Dagstuhl Seminar on Managing Technical Debt in Software Engineering provided a venue...

Read More
Addressing the Shortfall of Secure Software Developers through Community College Education

Addressing the Shortfall of Secure Software Developers through Community College Education

• SEI Blog
Nancy Mead

The (ISC)2 Global Information Security Workforce Study (GISWS) forecasts a shortfall of 1.5 million cybersecurity professionals by 2020. Government sources also project critical shortages of cybersecurity professionals. This predicted shortfall is troubling because the growing number and sophistication of cyber attacks threatens our infrastructure, which is increasingly software dependent. This blog post--derived from the paper Meeting Industry Needs for Secure Software Development, which I coauthored with Girish Seshagiri and Julie Howar--describes a collaboration involving industry,...

Read More
Early Software Vulnerability Detection with Technical Debt

Early Software Vulnerability Detection with Technical Debt

• SEI Blog
Robert Nord

Edward J. Schwartz, a research scientist on the vulnerability analysis team, co-authored this post. Software engineers face a universal problem when developing software: weighing the benefit of an approach that is expedient in the short-term, but which can lead to complexity and cost over the long term. In software-intensive systems, these tradeoffs can create technical debt, which is a design or implementation construct that is expedient in the short term, but which sets up a...

Read More
SEI Researchers Provide Congressional Testimony on Social Security

SEI Researchers Provide Congressional Testimony on Social Security

• SEI Blog
Suzanne Miller

This post is co-authored by Will Hayes and Eileen Wrubel. On July 14, 2016, the House Ways and Means Subcommittee on Social Security convened a hearing on the Social Security Administration's (SSA) information technology modernization plan. The hearing focused on the current state of the Social Security Administration's (SSA) Information Technology (IT) modernization plan and best practices for IT modernization, including oversight of agile software development. Agile development approaches, relatively new in government settings, create...

Read More
Prototyping for Developing Big Data Systems

Prototyping for Developing Big Data Systems

• SEI Blog
Rick Kazman

There are several risks specific to big data system development. Software architects developing any system--big data or otherwise--must address risks associated with cost, schedule, and quality. All of these risks are amplified in the context of big data. Architecting big data systems is challenging because the technology landscape is new and rapidly changing, and the quality attribute challenges, particularly for performance, are substantial. Some software architects manage these risks with architecture analysis, while others use...

Read More