search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Assessing the State of the Practice of Cyber Intelligence

Assessing the State of the Practice of Cyber Intelligence

• SEI Blog
Troy Townsend

The majority of research in cyber security focuses on incident response or network defense, either trying to keep the bad guys out or facilitating the isolation and clean-up when a computer is compromised. It's hard to find a technology website that's not touting articles on fielding better firewalls, patching operating systems, updating anti-virus signatures, and a slew of other technologies to help detect or block malicious actors from getting on your network. What's missing from...

Read More
Enabling and Measuring Early Detection of Insider Threats

Enabling and Measuring Early Detection of Insider Threats

• SEI Blog
Dr. Bill Claycomb

Sabotage of IT systems by employees (the so-called "inside threat") is a serious problem facing many companies today. Not only can data or computing systems be damaged, but outward-facing systems can be compromised to such an extent that customers cannot access an organization's resources or products. Previous blog postings on the topic of insider threat have discussed mitigation patterns, controls that help identify insiders at risk of committing cyber crime, and the protection of next-generation...

Read More
Reflection on 20 Years of Software Architecture: A Presentation by Robert Schwanke

Reflection on 20 Years of Software Architecture: A Presentation by Robert Schwanke

• SEI Blog
Bill Pollak

It is widely recognized today that software architecture serves as the blueprint for both the system and the project developing it, defining the work assignments that must be performed by design and implementation teams. Architecture is the primary purveyor of system quality attributes that are hard to achieve without a unifying architecture; it's also the conceptual glue that holds every phase of projects together for their many stakeholders. Last month, we presented two posting in...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in information assurance and agile, the Team Software Process (TSP), CERT secure coding standards, resource allocation, fuzzing, cloud computing interoperability, and cloud computing at the tactical edge. This post includes a listing of each report, author(s), and...

Read More
Strategic Planning: Developing Business Drivers for Performance Improvement

Strategic Planning: Developing Business Drivers for Performance Improvement

• SEI Blog
Linda Parker Gates

Organizational improvement efforts should be driven by business needs, not by the content of improvement models. While improvement models, such as the Capability Maturity Model Integration (CMMI) or the Baldrige Criteria for Performance Excellence, provide excellent guidance and best practice standards, the way in which those models are implemented must be guided by the same drivers that influence any other business decision. Business drivers are the collection of people, information, and conditions that initiate and...

Read More
Writing Effective YARA Signatures to Identify Malware

Writing Effective YARA Signatures to Identify Malware

• SEI Blog
David French

In previous blog posts, I have written about applying similarity measures to malicious code to identify related files and reduce analysis expense. Another way to observe similarity in malicious code is to leverage analyst insights by identifying files that possess some property in common with a particular file of interest. One way to do this is by using YARA, an open-source project that helps researchers identify and classify malware. YARA has gained enormous popularity in...

Read More
Helping Developers Address Security with the CERT C Secure Coding Standard

Helping Developers Address Security with the CERT C Secure Coding Standard

• SEI Blog
David Keaton

By analyzing vulnerability reports for the C, C++, Perl, and Java programming languages, the CERT Secure Coding Team observed that a relatively small number of programming errors leads to most vulnerabilities. Our research focuses on identifying insecure coding practices and developing secure alternatives that software programmers can use to reduce or eliminate vulnerabilities before software is deployed. In a previous post, I described our work to identify vulnerabilities that informed the revision of the International...

Read More
Reflections on 20 Years of Architecture: A Presentation by Douglas C. Schmidt

Reflections on 20 Years of Architecture: A Presentation by Douglas C. Schmidt

• SEI Blog
Bill Pollak

Last week, we presented the first posting in a series from a panel at SATURN 2012 titled "Reflections on 20 Years of Software Architecture." In her remarks on the panel summarizing the evolution of software architecture work at the SEI, Linda Northrop, director of the SEI's Research, Technology, and System Solutions (RTSS) Program, referred to the steady growth in system scale and complexity over the past two decades and the increased awareness of architecture as...

Read More