search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

What Ant Colonies Can Teach Us About Securing the Internet

What Ant Colonies Can Teach Us About Securing the Internet

• SEI Blog
William Casey

In cyber systems, the identities of devices can easily be spoofed and are frequent targets of cyber-attacks. Once an identity is fabricated, stolen or spoofed it may be used as a nexus to systems, thus forming a Sybil Attack. To address these and other problems associated with identity deception researchers at the Carnegie Mellon University Software Engineering Institute, New York University's Tandon School of Engineering and Courant Institute of Mathematical Sciences, and the University of...

Read More
7 Recommended Practices for Managing Intellectual Property in the Acquisition of Software-Intensive Systems

7 Recommended Practices for Managing Intellectual Property in the Acquisition of Software-Intensive Systems

• SEI Blog
SPRUCE Project

This is the third installment in a series of three blog posts highlighting seven recommended practices for acquiring intellectual property. This content was originally published on the Cyber Security & Information Analysis Center's website online environment known as SPRUCE (Systems and Software Producibility Collaboration Environment. The first post in the series explored the challenges to acquiring intellectual property. The second post in the series presented the first four of seven practices for acquiring intellectual property....

Read More
Three Roles and Three Failure Patterns of Software Architects

Three Roles and Three Failure Patterns of Software Architects

• SEI Blog
John Klein

Listen to an audio recording of this blog post. When I was a chief architect working in industry, I was repeatedly asked the same questions: What makes an architect successful? What skills does a developer need to become a successful architect? There are no easy answers to these questions. For example, in my experience, architects are most successful when their skills and capabilities match a project's specific needs. Too often, in answering the question of...

Read More
7 Recommended Practices for Managing Intellectual Property in the Acquisition of Software-Intensive Systems

7 Recommended Practices for Managing Intellectual Property in the Acquisition of Software-Intensive Systems

• SEI Blog
SPRUCE Project

This is the second installment in a series of three blog posts highlighting seven recommended practices for acquiring intellectual property. This content was originally published on the Cyber Security & Information Analysis Center's website online environment known as SPRUCE (Systems and Software Producibility Collaboration Environment. The first post in the series explored the challenges to acquiring intellectual property. This post, which can be read in its entirety on the SPRUCE website, will present the first...

Read More
The SPRUCE Series: The Challenges to Acquiring Intellectual Property

The SPRUCE Series: The Challenges to Acquiring Intellectual Property

• SEI Blog
SPRUCE Project

Software and acquisition professionals often have questions about recommended practices related to modern software development methods, techniques, and tools, such as how to apply Agile methods in government acquisition frameworks, systematic verification and validation of safety-critical systems, and operational risk management. In the Department of Defense (DoD), these techniques are just a few of the options available to face the myriad challenges in producing large, secure software-reliant systems on schedule and within budget....

Read More
A Tool to Address Cybersecurity Vulnerabilities Through Design

A Tool to Address Cybersecurity Vulnerabilities Through Design

• SEI Blog
Rick Kazman

This post was also co-authored by Carol Woody. Increasingly, software development organizations are finding that a large number of their vulnerabilities stem from design weaknesses and not coding vulnerabilities. Recent statistics indicate that research should focus on identifying design weaknesses to alleviate software bug volume. In 2011, for example when MITRE released its list of the 25 most dangerous software errors, approximately 75 percent of those errors represented design weaknesses. Viewed through another lens, more...

Read More
Structuring the Chief Information Security Officer (CISO) Organization

Structuring the Chief Information Security Officer (CISO) Organization

• SEI Blog
Nader Mehravari

This post was also co-authored by Julia Allen. Most organizations, no matter the size or operational environment (government or industry), employ a senior leader responsible for information security and cybersecurity. In many organizations, this role is known as chief information security officer (CISO) or director of information security. CISOs and others in this position increasingly find that traditional information security strategies and functions are no longer adequate when dealing with today's expanding and dynamic cyber-risk...

Read More
Cyber Intelligence and Critical Thinking

Cyber Intelligence and Critical Thinking

• SEI Blog
Jay McAllister

In June, representatives of organizations in the government, military, and industry sectors--including American Express and PNC--traveled to Pittsburgh to participate in a crisis simulation the SEI conducted. The crisis simulation--a collaborative effort involving experts from the SEI's Emerging Technology Center (ETC) and CERT Division--involved a scenario that asked members to sift through and identify Internet Protocol (IP) locations of different servers, as well as netflow data. Participants also sorted through social media accounts from simulated...

Read More