search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Pursuing an Imagined End-State in Software-based Capability

Pursuing an Imagined End-State in Software-based Capability

• SEI Blog
Jeff Boleng

Could software save lives after a natural disaster? Meteorologists use sophisticated software-reliant systems to predict a number of pathways for severe and extreme weather events, such as hurricanes, tornados, and cyclones. Their forecasts can trigger evacuations that remove people from danger. In this blog post, I explore key technology enablers that might pave the path toward achieving an envisioned end-state capability for software that would improve decision-making and response for disaster managers and warfighters in...

Read More
Improving Data Extraction from Cybersecurity Incident Reports

Improving Data Extraction from Cybersecurity Incident Reports

• SEI Blog
Samuel J. Perl

This post is also authored by Matt Sisk, the lead author of each of the tools detailed in this post (bulk query, autogeneration, and all regex). The number of cyber incidents affecting federal agencies has continued to grow, increasing about 1,300 percent from fiscal year 2006 to fiscal year 2015, according to a September 2016 GAO report. For example, in 2015, agencies reported more than 77,000 incidents to US-CERT, up from 67,000 in 2014 and...

Read More
Virtualization via Containers

Virtualization via Containers

• SEI Blog
Donald Firesmith

The first blog entry in this series introduced the basic concepts of multicore processing and virtualization, highlighted their benefits, and outlined the challenges these technologies present. The second post addressed multicore processing, whereas the third post concentrated on virtualization via virtual machines. In this fourth post in the series, I define virtualization via containers, list its current trends, and examine its pros and cons, including its safety and security ramifications....

Read More
Virtualization via Virtual Machines

Virtualization via Virtual Machines

• SEI Blog
Donald Firesmith

This posting is the third in a series that focuses on multicore processing and virtualization, which are becoming ubiquitous in software development. The first blog entry in this series introduced the basic concepts of multicore processing and virtualization, highlighted their benefits, and outlined the challenges these technologies present. The second post addressed multicore processing. This third post concentrates on virtualization via virtual machines (VMs). Below I define the relevant concepts underlying virtualization via VMs, list...

Read More
Simultaneous Analysis of Safety and Security of a Critical System

Simultaneous Analysis of Safety and Security of a Critical System

• SEI Blog
Sam Procter

As computers become more powerful and ubiquitous, software and software-based systems are increasingly relied on for business, governmental, and even personal tasks. While many of these devices and apps simply increase the convenience of our lives, some--known as critical systems--perform business- or life-preserving functionality. As they become more prevalent, securing critical systems from accidental and malicious threats has become both more important and more difficult. In addition to classic safety problems, such as ensuring hardware...

Read More
Coordinated Vulnerability Disclosure, Ransomware, Scaling Agile, and Android App Analysis: The Latest Work from the SEI

Coordinated Vulnerability Disclosure, Ransomware, Scaling Agile, and Android App Analysis: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts and webinars highlighting our work in coordinated vulnerability disclosure, scaling Agile methods, automated testing in Agile environments, ransomware, and Android app analysis. These publications highlight the latest work of SEI technologists in these areas. One SEI Special Report presents data related to DoD software projects and translated it into information that...

Read More
Pharos Binary Static Analysis Tools Released on GitHub

Pharos Binary Static Analysis Tools Released on GitHub

• SEI Blog
Jeffrey Gennari

In a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse engineering of binaries with a focus on malicious code analysis. Recall that Pharos is a CERT-created framework that builds upon the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more. Pharos uses these features to automate common reverse engineering tasks. I'm pleased to announce that we've updated our framework on...

Read More
Multicore Processing

Multicore Processing

• SEI Blog
Donald Firesmith

The first blog entry in this series introduced the basic concepts of multicore processing and virtualization, highlighted their benefits, and outlined the challenges these technologies present. This second post will concentrate on multicore processing, where I will define its various types, list its current trends, examine its pros and cons, and briefly address its safety and security ramifications....

Read More