search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering and Cybersecurity

Latest Posts

Big-Data Malware: Collection and Storage

Big-Data Malware: Collection and Storage

• SEI Blog
Brent Frye

The growth of big data has affected many fields, including malware analysis. Increased computational power and storage capacities have made it possible for big-data processing systems to handle the increased volume of data being collected. In addition to collecting the malware, new ways of analyzing and visualizing malware have been developed. In this blog post--the first in a series on using a big-data framework for malware collection and analysis--I will review various options and tradeoffs...

Read More
Virtual Integration, Blockchain Programming, and Agile/DevOps: The Latest Work from the SEI

Virtual Integration, Blockchain Programming, and Agile/DevOps: The Latest Work from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in virtual integration, blockchain programming, Agile DevOps, software innovations, cybersecurity engineering and software assurance, threat modeling, and blacklist ecosystem analysis. These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication, author(s), and links where they can...

Read More
Best Practices for Cyber Intelligence: A Look at the ODNI Cyber Intelligence Study and Some Early Findings

Best Practices for Cyber Intelligence: A Look at the ODNI Cyber Intelligence Study and Some Early Findings

• SEI Blog
Jared Ettinger

Well-known asymmetries pit cyber criminals with access to cheap, easy-to-use tools against government and industry organizations that must spend more and more to keep information and assets safe. To help reverse this imbalance, the SEI is conducting a study sponsored by the U.S. Office of the Director of National Intelligence to understand cyber intelligence best practices, common challenges, and future technologies that we will publish at the conclusion of the project. Through interviews with U.S.-based...

Read More
Automated Code Generation for Future Compatible High-Performance Graph Libraries

Automated Code Generation for Future Compatible High-Performance Graph Libraries

• SEI Blog
Scott McMillan

For many DoD missions, our ability to collect information has outpaced our ability to analyze that information. Graph algorithms and large-scale machine learning algorithms are a key to analyzing the information agencies collect. They are also an increasingly important component of intelligence analysis, autonomous systems, cyber intelligence and security, logistics optimization, and more. In this blog post, we describe research to develop automated code generation for future-compatible graph libraries: building blocks of high-performance code that...

Read More
Analysis: System Architecture Virtual Integration Nets Significant Savings

Analysis: System Architecture Virtual Integration Nets Significant Savings

• SEI Blog
Peter Feiler

The size of aerospace software, as measured in source lines of code (SLOC), has grown rapidly. Airbus and Boeing data show that SLOC have doubled every four years. The current generation of aircraft software exceeds 25 million SLOC (MSLOC). These systems must satisfy safety-critical, embedded, real-time, and security requirements. Consequently, they cost significantly more than general-purpose systems. Their design is more complex, due to quality attribute requirements, high connectivity among subsystems, and sensor dependencies--each of...

Read More
Test Suites as a Source of Training Data for Static Analysis Alert Classifiers

Test Suites as a Source of Training Data for Static Analysis Alert Classifiers

• SEI Blog
Lori Flynn

Numerous tools exists to help detect flaws in code. Some of these are called flaw-finding static analysis (FFSA) tools because they identify flaws by analyzing code without running it. Typical output of an FFSA tool includes a list of alerts for specific lines of code with suspected flaws. This blog post presents our initial work on applying static analysis test suites in a novel way by automatically generating a large amount of labeled data for...

Read More
The Hybrid Threat Modeling Method

The Hybrid Threat Modeling Method

• SEI Blog
Nancy Mead

This blog post is also authored by Forrest Shull. Modern software systems are constantly exposed to attacks from adversaries that, if successful, could prevent a system from functioning as intended or could result in exposure of confidential information. Accounts of credit card theft and other types of security breaches concerning a broad range of cyber-physical systems, transportation systems, self-driving cars, and so on, appear almost daily in the news. Building any public-facing system clearly demands...

Read More
Why Does Software Cost So Much?

Why Does Software Cost So Much?

• SEI Blog
Robert Stoddard

Cost estimation was cited by the Government Accountability Office (GAO) as one of the top two reasons why DoD programs continue to have cost overruns. How can we better estimate and manage the cost of systems that are increasingly software intensive? To contain costs, it is essential to understand the factors that drive costs and which ones can be controlled. Although we understand the relationships between certain factors, we do not yet separate the causal...

Read More