search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Big Data Technology Selection: A Case Study

Big Data Technology Selection: A Case Study

• SEI Blog
John Klein

A recent IDC forecast predicts that the big data technology and services market will realize "a 26.4 percent compound annual growth rate to $41.5 billion through 2018, or about six times the growth rate of the overall information technology market." In previous posts highlighting the SEI's research in big data, we explored some of the challenges related to the rapidly growing field, which include the need to make technology selections early in the architecture design...

Read More
Improving System and Software Security with AADL

Improving System and Software Security with AADL

• SEI Blog
Julien Delange

As our world becomes increasingly software-reliant, reports of security issues in the interconnected devices that we use throughout our day (i.e., the Internet of Things) are also increasing. This blog post discusses how to capture security requirements in architecture models, use them to build secure systems, and reduce potential security defects. This post also provides an overview of our ongoing research agenda on using architecture models for the design, analysis, and implementation of secure cyber-physical...

Read More
Final Installment: 7 Recommended Practices for Monitoring Software-Intensive System Acquisition (SISA) Programs

Final Installment: 7 Recommended Practices for Monitoring Software-Intensive System Acquisition (SISA) Programs

• SEI Blog
SPRUCE Project

This is the third installment in a series of three blog posts highlighting seven recommended practices for monitoring software-intensive system acquisition (SISA) programs. This content was originally published on the Cyber Security & Information Analysis Center's website online environment known as SPRUCE (Systems and Software Producibility Collaboration Environment). The first two posts in the series explored the challenges to monitoring SISA programs and presented the first five recommended best practices: Address in contracts Set up...

Read More
Second Installment: 7 Recommended Practices for Monitoring Software-Intensive System Acquisition (SISA) Programs

Second Installment: 7 Recommended Practices for Monitoring Software-Intensive System Acquisition (SISA) Programs

• SEI Blog
SPRUCE Project

This is the second installment in a series of three blog posts highlighting seven recommended practices for monitoring software-intensive system acquisition (SISA) programs. This content was originally published on the Cyber Security & Information Analysis Center's website online environment known as SPRUCE (Systems and Software Producibility Collaboration Environment. The first post in the series explored the challenges to monitoring SISA programs and presented the first two recommended best practices: Address in contracts Set up a...

Read More
Empirical Evaluation of API Usability and Security

Empirical Evaluation of API Usability and Security

• SEI Blog
Sam Weber

Today's computer systems often contain millions of lines of code and are constructed by integrating components, many of which are authored by various third parties. Application Programming Interfaces (APIs) are the glue that connects these software components. While the SEI and others have placed significant emphasis on developing secure coding practices, there has not been an equal emphasis placed on APIs. This blog post describes our recent research that aims to provide specific guidance to...

Read More
The Top 10 Blog Posts of 2015: Technical Debt, DevOps, Graph Analytics, Secure Coding, and Testing

The Top 10 Blog Posts of 2015: Technical Debt, DevOps, Graph Analytics, Secure Coding, and Testing

• SEI Blog
Douglas C. Schmidt

In 2015, the SEI blog launched a redesigned platform to make browsing easier, and our content areas more accessible and easier to navigate. The SEI Blog audience also continued to grow with an ever-increasing number of visitors learning more about our research in technical debt, shift-left testing, graph analytics, DevOps, secure coding, and malware analysis. In 2015 (from January 1 through December 15), the SEI blog logged 159,604 visits and sessions (we also switched analytics...

Read More
Development of a Master of Software Assurance Reference Curriculum

Development of a Master of Software Assurance Reference Curriculum

• SEI Blog
Nancy Mead

The federal government is facing a shortage of cybersecurity professionals that puts our national security at risk, according to recent research. "As cyber attacks have increased and there is increased awareness of vulnerabilities, there is more demand for the professionals who can stop such attacks. But educating, recruiting, training and hiring these cybersecurity professionals takes time," the research states. Recognizing these realities, the U. S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD)...

Read More
Adding Red to Blue: 10 Tactics Defenders Can Learn from Penetration Testers

Adding Red to Blue: 10 Tactics Defenders Can Learn from Penetration Testers

• SEI Blog
Brent Kennedy

Malicious attackers and penetration testers can use some of the same tools. Attackers use them to cause harm while penetration testers use them to bring value to organizations. In this blog post, I've partnered with colleagues Jason Frank and Will Schroeder from The Veris Group's Adaptive Threat Division to describe some of the common penetration testing tools and techniques that can greatly benefit network defenders. While this blog post cannot cover all the techniques and...

Read More