search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Situational Awareness for Cybersecurity: Assets and Risk

Situational Awareness for Cybersecurity: Assets and Risk

• SEI Blog
Angela Horneman

This post was co-written by Lauren Cooper. When key business assets are not adequately protected from cybersecurity breaches, organizations can experience dire consequences. Lumin PDF, a PDF editing tool, recently had confidential data for its base of 24.3 million users published in an online forum. The personal data of almost every citizen of Ecuador was also recently leaked online. Data breaches exposed 4.1 billion records in the first six months of 2019, and data breaches...

Read More
Don't Play Developer Testing Roulette: How to Use Test Coverage

Don't Play Developer Testing Roulette: How to Use Test Coverage

• SEI Blog
Robert V. Binder

Suppose someone asked you to play Russian Roulette. Although your odds of surviving are 5 to 1 (83 percent), it is hard to imagine how anyone would take that risk. But taking comparable risk owing to incomplete software testing is a common practice. Releasing systems whose tests achieve only partial code coverage--the percentage of certain elements of a software item that have been exercised during its testing--is like spinning the barrel and hoping for the...

Read More
Artificial Intelligence in Practice: Securing Your Code Using Natural Language Processing

Artificial Intelligence in Practice: Securing Your Code Using Natural Language Processing

• SEI Blog
Eliezer Kanal

Many techniques are available to help developers find bugs in their code, but none are perfect: an adversary needs only one to cause problems. In this post, I'll discuss how a branch of artificial intelligence called natural language processing, or NLP, is being applied to computer code and cybersecurity. NLP is how machines extract information from naturally occurring language, such as written prose or transcribed speech. Using NLP, we can gain insight into the code...

Read More
Bolstering Security with Cyber Intelligence

Bolstering Security with Cyber Intelligence

• SEI Blog
Jared Ettinger

Stephen Beck co-wrote this blog post. A maxim for intelligence operators and military and special operations communities is "get off the X." The expression, once reserved for combat situations in reference to getting out of "the kill zone, point of attack, minefield, sniper crosshairs or other danger zone" has been adopted by the intelligence communities to convey the danger of a static approach to organizational security. As Michele Rigby Assad, a former intelligence officer in...

Read More
Helping the Federal Government Achieve the Cyber Advantage

Helping the Federal Government Achieve the Cyber Advantage

• SEI Blog
Bobbie Stempfley

The world we live in is increasingly digital, synthetic, and fueled by data. The software it is built on is developed with such speed and automation that we must think about security in a new way. And in today's age of artificial intelligence (AI), cyber adversaries operate with speed and dexterity in a world of ever-changing attack surfaces. In light of this constantly evolving cyber landscape, our researchers work to secure our infrastructure and resources...

Read More
Impacts and Recommendations for Achieving Modular Open Systems Architectures --Fifth Post in a Series

Impacts and Recommendations for Achieving Modular Open Systems Architectures --Fifth Post in a Series

• SEI Blog
Nickolas Guertin

This post was co-written by Douglas Schmidt and William Scherlis. In this series of blog posts, adapted from a recently published paper, we sought to demonstrate how layered business and technical architectures can leverage modular component design practices to establish new approaches for capability acquisition that are more effective for the Department of Defense (DoD) than existing system of systems (SoS) strategies. The aim of these posts is to help the DoD establish an acquisition...

Read More
What Engineers Need to Know About Artificial Intelligence

What Engineers Need to Know About Artificial Intelligence

• SEI Blog
Thomas Longstaff

Artificial intelligence (AI) systems by their nature are software-intensive. To create viable and trusted AI systems, engineers need technologies and standards, similar to those in software engineering. At the Software Engineering Institute (SEI)--a federally funded research and development center tasked with advancing the field of software engineering and cybersecurity--we are leading a movement to establish a professional AI Engineering discipline. As we begin a national conversation on AI Engineering, we have identified several key aspects...

Read More
Situational Awareness for Cybersecurity: An Introduction

Situational Awareness for Cybersecurity: An Introduction

• SEI Blog
Angela Horneman

Situational awareness (SA) helps decision makers throughout an organization have the information and understanding available to make good decisions in the course of their work. It can be focused specifically on helping people and organizations protect their assets in the cyber realm or it can be more far reaching. SA makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help people make better decisions....

Read More