search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

How to Build a Trustworthy Free/Libre Linux Capable 64-bit RISC-V Computer

How to Build a Trustworthy Free/Libre Linux Capable 64-bit RISC-V Computer

• SEI Blog
Gabriel Somlo

The attack surface for commercial hardware now spans all stages of the development lifecycle. Even in the presence of secure, bug-free software, the growing threat of hardware Trojans and backdoors enables adversaries to compromise a system in its entirety or execute a privilege escalation attack. This reality became painfully evident in the wake of Spectre/Meltdown attacks. These two vulnerabilities, which came to light in 2018, affected a wide swath of microprocessors that allowed attackers to...

Read More
Situational Awareness for Cybersecurity: Assets and Risk

Situational Awareness for Cybersecurity: Assets and Risk

• SEI Blog
Angela Horneman

This post was co-written by Lauren Cooper. When key business assets are not adequately protected from cybersecurity breaches, organizations can experience dire consequences. Lumin PDF, a PDF editing tool, recently had confidential data for its base of 24.3 million users published in an online forum. The personal data of almost every citizen of Ecuador was also recently leaked online. Data breaches exposed 4.1 billion records in the first six months of 2019, and data breaches...

Read More
Don't Play Developer Testing Roulette: How to Use Test Coverage

Don't Play Developer Testing Roulette: How to Use Test Coverage

• SEI Blog
Robert V. Binder

Suppose someone asked you to play Russian Roulette. Although your odds of surviving are 5 to 1 (83 percent), it is hard to imagine how anyone would take that risk. But taking comparable risk owing to incomplete software testing is a common practice. Releasing systems whose tests achieve only partial code coverage--the percentage of certain elements of a software item that have been exercised during its testing--is like spinning the barrel and hoping for the...

Read More
Artificial Intelligence in Practice: Securing Your Code Using Natural Language Processing

Artificial Intelligence in Practice: Securing Your Code Using Natural Language Processing

• SEI Blog
Eliezer Kanal

Many techniques are available to help developers find bugs in their code, but none are perfect: an adversary needs only one to cause problems. In this post, I'll discuss how a branch of artificial intelligence called natural language processing, or NLP, is being applied to computer code and cybersecurity. NLP is how machines extract information from naturally occurring language, such as written prose or transcribed speech. Using NLP, we can gain insight into the code...

Read More
Bolstering Security with Cyber Intelligence

Bolstering Security with Cyber Intelligence

• SEI Blog
Jared Ettinger

Stephen Beck co-wrote this blog post. A maxim for intelligence operators and military and special operations communities is "get off the X." The expression, once reserved for combat situations in reference to getting out of "the kill zone, point of attack, minefield, sniper crosshairs or other danger zone" has been adopted by the intelligence communities to convey the danger of a static approach to organizational security. As Michele Rigby Assad, a former intelligence officer in...

Read More
Helping the Federal Government Achieve the Cyber Advantage

Helping the Federal Government Achieve the Cyber Advantage

• SEI Blog
Bobbie Stempfley

The world we live in is increasingly digital, synthetic, and fueled by data. The software it is built on is developed with such speed and automation that we must think about security in a new way. And in today's age of artificial intelligence (AI), cyber adversaries operate with speed and dexterity in a world of ever-changing attack surfaces. In light of this constantly evolving cyber landscape, our researchers work to secure our infrastructure and resources...

Read More
Impacts and Recommendations for Achieving Modular Open Systems Architectures --Fifth Post in a Series

Impacts and Recommendations for Achieving Modular Open Systems Architectures --Fifth Post in a Series

• SEI Blog
Nickolas Guertin

This post was co-written by Douglas Schmidt and William Scherlis. In this series of blog posts, adapted from a recently published paper, we sought to demonstrate how layered business and technical architectures can leverage modular component design practices to establish new approaches for capability acquisition that are more effective for the Department of Defense (DoD) than existing system of systems (SoS) strategies. The aim of these posts is to help the DoD establish an acquisition...

Read More
What Engineers Need to Know About Artificial Intelligence

What Engineers Need to Know About Artificial Intelligence

• SEI Blog
Thomas Longstaff

Artificial intelligence (AI) systems by their nature are software-intensive. To create viable and trusted AI systems, engineers need technologies and standards, similar to those in software engineering. At the Software Engineering Institute (SEI)--a federally funded research and development center tasked with advancing the field of software engineering and cybersecurity--we are leading a movement to establish a professional AI Engineering discipline. As we begin a national conversation on AI Engineering, we have identified several key aspects...

Read More