search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Autonomy, Robotics, Verification, DDoS Attacks, and Software Testing: The Top 10 Posts of 2016

Autonomy, Robotics, Verification, DDoS Attacks, and Software Testing: The Top 10 Posts of 2016

• SEI Blog
Douglas C. Schmidt

As we have done each year since the blog's inception in 2011, this blog post presents the10 most-visited posts in 2016 in descending order ending with the most popular post. While the majority of our most popular posts were published in the last 12 months, a few, such as Don Firesmith's 2013 posts about software testing, continue to be popular with readers. 10. Verifying Software with Timers and Clocks 9. 10 At-Risk Emerging Technologies 8....

Read More
Verifying Software with Timers and Clocks (STACs)

Verifying Software with Timers and Clocks (STACs)

• SEI Blog
Sagar Chaki

This blog post is coauthored by Dionisio de Niz. Software with timers and clocks (STACs) exchange clock values to set timers and perform computation. STACs are key elements of safety-critical systems that make up the infrastructure of our daily lives. They are particularly used to control systems that interact (and must be synchronized) with the physical world. Examples include avionics systems, medical devices, cars, cell phones, and other devices that rely on software not only...

Read More
Why Did the Robot Do That?

Why Did the Robot Do That?

• SEI Blog
Stephanie Rosenthal

The growth and change in the field of robotics in the last 15 years is tremendous, due in large part to improvements in sensors and computational power. These sensors give robots an awareness of their environment, including various conditions such as light, touch, navigation, location, distance, proximity, sound, temperature, and humidity. The increasing ability of robots to sense their environments makes them an invaluable resource in a growing number of situations, from underwater explorations to...

Read More
Cybersecurity Engineering, Performance, Risk, and Secure Coding: The Latest Work from the SEI

Cybersecurity Engineering, Performance, Risk, and Secure Coding: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published books, SEI technical reports, and webinars in cybersecurity engineering, performance and dependability, cyber risk and resilience management, cyber intelligence, secure coding, and the latest requirements for chief information security offficers (CISOs). These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication, author(s), and links...

Read More
Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response

Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response

• SEI Blog
Rachel Kartch

Late last month, Internet users across the eastern seaboard of the United States had trouble accessing popular websites, such as Reddit, Netflix, and the New York Times. As reported in Wired Magazine, the disruption was the result of multiple distributed denial of service (DDoS) attacks against a single organization: Dyn, a New Hampshire-based Internet infrastructure company. DDoS attacks can be extremely disruptive, and they are on the rise. The Verisign Distributed Denial of Service Trends...

Read More
Cyber Threat Modeling: An Evaluation of Three Methods

Cyber Threat Modeling: An Evaluation of Three Methods

• SEI Blog
Forrest Shull

This post was co-authored by Nancy Mead. Cyber threat modeling, the creation of an abstraction of a system to identify possible threats, is a required activity for DoD acquisition. Identifying potential threats to a system, cyber or otherwise, is increasingly important in today's environment. The number of information security incidents reported by federal agencies to the U.S. Computer Emergency Readiness Team (US-CERT) has increased by 1,121 percent from 5,503 in fiscal year 2006 to 67,168...

Read More
Security Modeling Tools

Security Modeling Tools

• SEI Blog
Julien Delange

Over the past six months, we have developed new security-focused modeling tools that capture vulnerabilities and their propagation paths in an architecture. Recent reports (such as the remote attack surface analysis of automotive systems) show that security is no longer only a matter of code and is tightly related to the software architecture. These new tools are our contribution toward improving system and software analysis. We hope they will move forward other work on security...

Read More
Seven Principles for Software Assurance

Seven Principles for Software Assurance

• SEI Blog
Nancy Mead

The exponential increase in cybercrime is a perfect example of how rapidly change is happening in cyberspace and why operational security is a critical need. In the 1990s, computer crime was usually nothing more than simple trespass. Twenty-five years later, computer crime has become a vast criminal enterprise with profits estimated at $1 trillion annually. One of the primary contributors to this astonishing success is the vulnerability of software to exploitation through defects. How pervasive...

Read More