search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

What Is Digital Engineering and How Is It Related to DevSecOps?

What Is Digital Engineering and How Is It Related to DevSecOps?

• SEI Blog
David Shepard

Julia Scherb coauthored this blog post. The Department of Defense's desire for faster delivery of new capabilities is transforming defense acquisitions. The emerging processes of digital thread and digital engineering aim to address the difficulties of managing complex and evolving technologies over their lifecycles. In the same way that DevSecOps has transformed the processes of software development, testing, and acquisition for the DoD, digital engineering has the potential to transform the way hardware-intensive systems are...

Read More
Mission-Based Prioritization: A New Method to Sequence Features, Capabilities, and Epics

Mission-Based Prioritization: A New Method to Sequence Features, Capabilities, and Epics

• SEI Blog
Keith Korzec

Prioritization identifies the sequence in which requirements should be addressed and allows end users and stakeholders to evaluate and provide feedback on the most valuable features of the evolving system. In Agile software development, requirements and desires are expressed as items in the product backlog. All development-related activities are drawn from the backlog. For small Agile products, there will typically be a single backlog. For large-scale Agile development efforts using the Scaled Agile Framework (SAFe),...

Read More
3 Ransomware Defense Strategies

3 Ransomware Defense Strategies

• SEI Blog
Marisa Midler

Ransomware is evolving. Not only are there more attackers due to ransomware as a service (RaaS) threats, but ransomware attack strategies are changing with data exfiltration extortions, which I will explain in more detail later in this blog post. Backing up your data is the first action to take against ransomware. After you have established data backups, the next priority is defending against the top three ransomware attack vectors: Remote Desktop Protocol (RDP), email phishing,...

Read More
A Public Repository of Data for Static-Analysis Classification Research

A Public Repository of Data for Static-Analysis Classification Research

• SEI Blog
Lori Flynn

Static analysis (SA) tools are a widely used and routine part of testing by DoD and commercial organizations. Validating and repairing defects discovered by SA tools can require more human effort from auditors and coders than organizations have available. Since 2016, researchers in the SEI CERT Division have been developing a method to automatically classify and prioritize alerts (warnings) and meta-alerts (alerts about code flaws or conditions) to help auditors and coders address large volumes...

Read More
How to Protect Your High Value Assets

How to Protect Your High Value Assets

• SEI Blog
Brian Benestelli

This post was co-authored by Emily Shawgo. Every organization has mission-critical information and technology assets that require enhanced security. Private organizations may identify these assets informally or rely on community knowledge to decide how to prioritize security resources. Federal government departments and agencies, however, have official guidelines for identifying and securing their high value assets. These guidelines can provide lessons for all organizations protecting their most critical assets. This blog post will outline the background...

Read More
Network Segmentation: Concepts and Practices

Network Segmentation: Concepts and Practices

• SEI Blog
Dan Kambic

This post was co-authored by Jason Fricke. Imagine a home with only a single large space containing all of your important things, arranged for your convenience. Now imagine someone breaking into it. How safe are your important things? Many organizations implement their networks the same way. By seeking easy and uncomplicated network management--or simply because they don't know better--many organizations can end up with hundreds or thousands of systems connected in a single, massive network....

Read More
Three Places to Start in Defending Against Ransomware

Three Places to Start in Defending Against Ransomware

• SEI Blog
Tim Shimeall

Ransomware is an active and growing threat, affecting many government agencies and private companies. Costs of a ransomware attack (including loss of capability, restoration of data, preventing further attacks, and cleaning up the damage due to the ransomware) frequently run from hundreds of thousands to millions of dollars, over and above any payment of ransom, which is not recommended and may open the organization up to sanctions. Organizations wanting to avoid this damage face a...

Read More
Ransomware as a Service (RaaS) Threats

Ransomware as a Service (RaaS) Threats

• SEI Blog
Marisa Midler

Ransomware continues to be a severe threat to organizations, and the threat is growing. Ransomware attacks are on the rise and a report from the Beazley Group shows ransomware attacks have increased by 25 percent from Q4 2019 to Q1 2020. The monetary value of the average ransom payment has also significantly increased. From Q3 2019 to Q4 2019 the average ransom payment increased from $41,198 to $84,116, a 104 percent increase according to a...

Read More