search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

The Latest Work from the SEI: AI, Deepfakes, Automated Alert Handling, and Cyber Intelligence

The Latest Work from the SEI: AI, Deepfakes, Automated Alert Handling, and Cyber Intelligence

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in artificial intelligence, STEM careers, deepfakes, automated alert handling (here and here), systems and software engineering, and cyber intelligence. These publications highlight the latest work of SEI technologists in these areas. The SEI also made available an online version of the 2018 Year in Review, which...

Read More
Cybersecurity Engineering for Legacy Systems: 6 Recommendations

Cybersecurity Engineering for Legacy Systems: 6 Recommendations

• SEI Blog
Susan Crozier Cox

Harry Levinson co-authored this blog post. Legacy systems continue to play a key role across many organizations. Engineering cybersecurity into these legacy systems presents some unique challenges. In many cases, the original design team is no longer available, leaving the current team with the challenge of changing poorly- and/or un-documented designs and software. Over the years, these systems can become so outdated that they are unable to keep up with new software patterns and development...

Read More
Mission Thread Analysis Using End-to-End Data Flows - Part 2

Mission Thread Analysis Using End-to-End Data Flows - Part 2

• SEI Blog
Donald Firesmith

The first blog post in this series provided an overview of the E2E Mission Thread Data Flow Analysis (EMDA) method, an approach that analyzes the flow of data as they traverse end-to-end mission threads through the architecture components of a system of systems. That post addressed relevant challenges that EMDA helps system and software architects face and outlined the work products produced by the method. This second blog post discusses the process used to create...

Read More
Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities

Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities

• SEI Blog
Sarah Sheard

Suzanne Miller, Bill Nichols, Don Firesmith, and Mike Phillips contributed to this post. Today's major defense systems rely heavily on software-enabled capabilities. However, many defense programs acquiring new systems first determine the physical items to develop, assuming the contractors for those items will provide all needed software for the capability. But software by its nature spans physical items: it provides the inter-system communications that have a direct influence on most capabilities, and thus must be...

Read More
Mission Thread Analysis Using End-to-End Data Flows  - Part 1

Mission Thread Analysis Using End-to-End Data Flows - Part 1

• SEI Blog
Donald Firesmith

Although the vast majority of military missions require the successful collaboration of multiple cyber-physical systems within an overall system of systems (SoS), almost all system and software architects work on programs developing or sustaining individual systems and subsystems. Often, they do not sufficiently understand the ramifications of how their system interoperates with these other systems to accomplish the overall mission. The lack of an end-to-end (E2E) mission thread analysis leads to numerous difficulties, such as...

Read More
The Promise of Deep Learning on Graphs

The Promise of Deep Learning on Graphs

• SEI Blog
Oren Wright

A growing number of Department of Defense (DoD) data problems are graph problems: the data from sources such as sensor feeds, web traffic, and supply chains are full of irregular relationships that require graphs to represent explicitly and mathematically. For example, modern test and evaluation produces massive, heterogeneous datasets, and analysts can use graphs to reveal otherwise hidden patterns in these data, affording the DoD a far more complete understanding of a system's effectiveness, survivability,...

Read More
An Application Programming Interface for Classifying and Prioritizing Static Analysis Alerts

An Application Programming Interface for Classifying and Prioritizing Static Analysis Alerts

• SEI Blog
Lori Flynn

This post was co-written by Ebonie McNeil and Aubrie Woods. In this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts. It is designed so that a wide variety of static analysis tools can integrate with the SCAIFE system using the API. The API is pertinent to organizations that develop or research static analysis alert auditing tools, aggregators,...

Read More
Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra

Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra

• SEI Blog
Jeffrey Gennari

Object-oriented programs continue to pose many challenges for reverse engineers and malware analysts. C++ classes tend to result in complex arrangements of assembly instructions and sophisticated data structures that are hard to analyze at the machine code level. We've long sought to simplify the process of reverse engineering object-oriented code by creating tools, such as OOAnalyzer, which automatically recovers C++-style classes from executables. OOAnalyzer includes utilities to import OOAnalyzer results into other reverse engineering frameworks,...

Read More