search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Is Your Organization Ready for Agile? - Part 7

Is Your Organization Ready for Agile? - Part 7

• SEI Blog
Suzanne Miller

This blog post is the seventh and final installment in a series on Agile adoption in regulated settings, such as the Department of Defense, Internal Revenue Service, and Food and Drug Administration. Organizations and federal agencies seeking to adopt Agile often struggle because they do not understand the adoption risks involved when contemplating the use of Agile approaches. This ongoing series on Readiness and Fit Analysis (RFA) focuses on helping federal agencies, such as the...

Read More
A Platform for Dynamic Defense Technologies

A Platform for Dynamic Defense Technologies

• SEI Blog
Andrew Mellinger

Dynamic Network Defense (or Moving Target Defense) is based on a simple premise: a moving target is harder to attack than a stationary target. In recent years the government has invested substantially into moving target and adaptive cyber defense. This rapidly growing field has seen recent developments of many new technologies--defenses that range from shuffling of client-to-server assignments to protect against distributed denial-of-service (DDOS) attacks, to packet header rewriting, to rebooting servers. As researchers develop...

Read More
Static Identification of Program Behavior using Sequences of API Calls

Static Identification of Program Behavior using Sequences of API Calls

• SEI Blog
Jeffrey Gennari

Much of the malware that we analyze includes some type of remote access capability. Malware analysts broadly refer to this type of malware as a remote access tool (RAT). RAT-like capabilities are possessed by many well-known malware families, such as DarkComet. As described in this series of posts, CERT researchers are exploring ways to automate common malware analysis activities. In a previous post, I discussed the Pharos Binary Analysis Framework and tools to support reverse...

Read More
What Ant Colonies Can Teach Us About Securing the Internet

What Ant Colonies Can Teach Us About Securing the Internet

• SEI Blog
William Casey

In cyber systems, the identities of devices can easily be spoofed and are frequent targets of cyber-attacks. Once an identity is fabricated, stolen or spoofed it may be used as a nexus to systems, thus forming a Sybil Attack. To address these and other problems associated with identity deception researchers at the Carnegie Mellon University Software Engineering Institute, New York University's Tandon School of Engineering and Courant Institute of Mathematical Sciences, and the University of...

Read More
7 Recommended Practices for Managing Intellectual Property in the Acquisition of Software-Intensive Systems

7 Recommended Practices for Managing Intellectual Property in the Acquisition of Software-Intensive Systems

• SEI Blog
SPRUCE Project

This is the third installment in a series of three blog posts highlighting seven recommended practices for acquiring intellectual property. This content was originally published on the Cyber Security & Information Analysis Center's website online environment known as SPRUCE (Systems and Software Producibility Collaboration Environment. The first post in the series explored the challenges to acquiring intellectual property. The second post in the series presented the first four of seven practices for acquiring intellectual property....

Read More
Three Roles and Three Failure Patterns of Software Architects

Three Roles and Three Failure Patterns of Software Architects

• SEI Blog
John Klein

Listen to an audio recording of this blog post. When I was a chief architect working in industry, I was repeatedly asked the same questions: What makes an architect successful? What skills does a developer need to become a successful architect? There are no easy answers to these questions. For example, in my experience, architects are most successful when their skills and capabilities match a project's specific needs. Too often, in answering the question of...

Read More
7 Recommended Practices for Managing Intellectual Property in the Acquisition of Software-Intensive Systems

7 Recommended Practices for Managing Intellectual Property in the Acquisition of Software-Intensive Systems

• SEI Blog
SPRUCE Project

This is the second installment in a series of three blog posts highlighting seven recommended practices for acquiring intellectual property. This content was originally published on the Cyber Security & Information Analysis Center's website online environment known as SPRUCE (Systems and Software Producibility Collaboration Environment. The first post in the series explored the challenges to acquiring intellectual property. This post, which can be read in its entirety on the SPRUCE website, will present the first...

Read More
The SPRUCE Series: The Challenges to Acquiring Intellectual Property

The SPRUCE Series: The Challenges to Acquiring Intellectual Property

• SEI Blog
SPRUCE Project

Software and acquisition professionals often have questions about recommended practices related to modern software development methods, techniques, and tools, such as how to apply Agile methods in government acquisition frameworks, systematic verification and validation of safety-critical systems, and operational risk management. In the Department of Defense (DoD), these techniques are just a few of the options available to face the myriad challenges in producing large, secure software-reliant systems on schedule and within budget....

Read More