search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

The Top 10 Blog Posts of 2015: Technical Debt, DevOps, Graph Analytics, Secure Coding, and Testing

The Top 10 Blog Posts of 2015: Technical Debt, DevOps, Graph Analytics, Secure Coding, and Testing

• SEI Blog
Douglas C. Schmidt

In 2015, the SEI blog launched a redesigned platform to make browsing easier, and our content areas more accessible and easier to navigate. The SEI Blog audience also continued to grow with an ever-increasing number of visitors learning more about our research in technical debt, shift-left testing, graph analytics, DevOps, secure coding, and malware analysis. In 2015 (from January 1 through December 15), the SEI blog logged 159,604 visits and sessions (we also switched analytics...

Read More
Development of a Master of Software Assurance Reference Curriculum

Development of a Master of Software Assurance Reference Curriculum

• SEI Blog
Nancy Mead

The federal government is facing a shortage of cybersecurity professionals that puts our national security at risk, according to recent research. "As cyber attacks have increased and there is increased awareness of vulnerabilities, there is more demand for the professionals who can stop such attacks. But educating, recruiting, training and hiring these cybersecurity professionals takes time," the research states. Recognizing these realities, the U. S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD)...

Read More
Adding Red to Blue: 10 Tactics Defenders Can Learn from Penetration Testers

Adding Red to Blue: 10 Tactics Defenders Can Learn from Penetration Testers

• SEI Blog
Brent Kennedy

Malicious attackers and penetration testers can use some of the same tools. Attackers use them to cause harm while penetration testers use them to bring value to organizations. In this blog post, I've partnered with colleagues Jason Frank and Will Schroeder from The Veris Group's Adaptive Threat Division to describe some of the common penetration testing tools and techniques that can greatly benefit network defenders. While this blog post cannot cover all the techniques and...

Read More
Flow Analytics for Cyber Situational Awareness

Flow Analytics for Cyber Situational Awareness

• SEI Blog
Sid Faber

It's the holiday season, a traditionally busy time for many data centers as online shopping surges and many of the staff take vacations. When you see abnormal traffic patterns and overall volume starts to rise, what is the best way to determine the cause? People could be drawn to your business, and you will soon need to add surge capacity, or maybe you are in the beginnings of a denial-of-service attack and need to contact...

Read More
A Discussion on Open-Systems Architecture

A Discussion on Open-Systems Architecture

• SEI Blog
Carol Sledge

At an open architecture summit in November 2014, Katrina G. McFarland, assistant secretary of defense for acquisition said that 75 percent of all Defense Department acquisition strategies implement open systems architecture across all services and agencies. "This department is seriously engaged in trying to understand how to help our program managers and our department and our industry look at open architecture and its benefits," McFarland said, "and understand truly what our objectives are related to...

Read More
OSA: 4 Best Practices for Open Software Ecosystems

OSA: 4 Best Practices for Open Software Ecosystems

• SEI Blog
Bryce Meyer

Many systems and platforms, from unmanned aerial vehicles to minivans and smartphones, are realizing the promise of Open Systems Architecture (OSA). A core tenet of OSA is the broad availability of standards and designs, the sharing of information between developers, and in some cases downloadable tool kits. In return for openness, a broader community of potential developers and applications emerges, which in turn increases adoption and use. Consequently, there is a trade-off. Openness is a...

Read More
Agile Project Management for Information Security Continuous Monitoring Response

Agile Project Management for Information Security Continuous Monitoring Response

• SEI Blog
Doug Gray

According to the National Institute of Standards and Technology (NIST), Information Security Continuous Monitoring (ISCM) is a process for continuously analyzing, reporting, and responding to risks to operational resilience (in an automated manner, whenever possible). Compared to the traditional method of collecting and assessing risks at longer intervals--for instance, monthly or annually--ISCM promises to provide near-real-time situational awareness of an organization's risk profile. ISCM creates challenges as well as benefits, however, because the velocity of...

Read More
Toward Efficient and Effective Software Sustainment

Toward Efficient and Effective Software Sustainment

• SEI Blog
Mike Phillips

In my preceding blog posts, I promised to provide more examples highlighting the importance of software sustainment in the U.S. Department of Defense (DoD). My focus is on sustaining legacy weapons systems that are no longer in production, but are expected to remain a key component of our defense capability for decades to come. Despite the fact that these legacy systems are no longer in the acquisition phase, software upgrade cycles are needed to refresh...

Read More