search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Situational Awareness for Cyber Security: Three Key Principles of Effective Policies and Controls

Situational Awareness for Cyber Security: Three Key Principles of Effective Policies and Controls

• SEI Blog
Angela Horneman

Security measures are most effective when it is clear how assets are supposed to be used and by whom. When this information is documented in clearly written organizational policies, these policies can then be implemented in the form of enforceable security controls. In this third post in our series of blog posts on cyber situational awareness for the enterprise, I discuss how policies and controls contribute to asset protection and to the know what should...

Read More
Six Best Practices for Developer Testing

Six Best Practices for Developer Testing

• SEI Blog
Robert V. Binder

Code coverage represents the percent of certain elements of a software item that have been exercised during its testing. As I explained in my first post in this series on developer testing, there are many ideas about which code elements are important to test and therefore many kinds of code coverage. In this post, the second post in the series, I explain how you can use coverage analysis to routinely achieve consistently effective testing....

Read More
Could Blockchain Improve the Cybersecurity of Supply Chains?

Could Blockchain Improve the Cybersecurity of Supply Chains?

• SEI Blog
Eliezer Kanal

A September 2018 report to the President, Assessing and Strengthening the Manufacturing and Defense Industrial Base and Supply Chain Resiliency of the United States, raised concerns about cybersecurity in light of the reliance on complex supply chains in defense applications. Gaps in the cybersecurity sector lead to pervasive and persistent vulnerabilities to the industrial base, [...] unauthorized access to any facet of manufacturing information could create rippling effects and cause innumerable negative economic and national...

Read More
Network Traffic Analysis with SiLK: Profiling and Investigating Cyber Threats

Network Traffic Analysis with SiLK: Profiling and Investigating Cyber Threats

• SEI Blog
Paul Krystosek

Tim Shimeall and Nancy Ott co-authored this post. Cyber threats are on the rise, making it vitally important to understand what's happening on our computer networks. But the massive amount of network traffic makes this job hard. How can we find evidence of unusual, potentially hostile activity in this deluge of network data? One way is to use SiLK (System for Internet Level Knowledge), a highly-scalable tool suite for capturing and analyzing network flow data....

Read More
How to Build a Trustworthy Free/Libre Linux Capable 64-bit RISC-V Computer

How to Build a Trustworthy Free/Libre Linux Capable 64-bit RISC-V Computer

• SEI Blog
Gabriel Somlo

The attack surface for commercial hardware now spans all stages of the development lifecycle. Even in the presence of secure, bug-free software, the growing threat of hardware Trojans and backdoors enables adversaries to compromise a system in its entirety or execute a privilege escalation attack. This reality became painfully evident in the wake of Spectre/Meltdown attacks. These two vulnerabilities, which came to light in 2018, affected a wide swath of microprocessors that allowed attackers to...

Read More
Situational Awareness for Cybersecurity: Assets and Risk

Situational Awareness for Cybersecurity: Assets and Risk

• SEI Blog
Angela Horneman

This post was co-written by Lauren Cooper. When key business assets are not adequately protected from cybersecurity breaches, organizations can experience dire consequences. Lumin PDF, a PDF editing tool, recently had confidential data for its base of 24.3 million users published in an online forum. The personal data of almost every citizen of Ecuador was also recently leaked online. Data breaches exposed 4.1 billion records in the first six months of 2019, and data breaches...

Read More
Don't Play Developer Testing Roulette: How to Use Test Coverage

Don't Play Developer Testing Roulette: How to Use Test Coverage

• SEI Blog
Robert V. Binder

Suppose someone asked you to play Russian Roulette. Although your odds of surviving are 5 to 1 (83 percent), it is hard to imagine how anyone would take that risk. But taking comparable risk owing to incomplete software testing is a common practice. Releasing systems whose tests achieve only partial code coverage—the percentage of certain elements of a software item that have been exercised during its testing—is like spinning the barrel and hoping for the...

Read More
Artificial Intelligence in Practice: Securing Your Code Using Natural Language Processing

Artificial Intelligence in Practice: Securing Your Code Using Natural Language Processing

• SEI Blog
Eliezer Kanal

Many techniques are available to help developers find bugs in their code, but none are perfect: an adversary needs only one to cause problems. In this post, I'll discuss how a branch of artificial intelligence called natural language processing, or NLP, is being applied to computer code and cybersecurity. NLP is how machines extract information from naturally occurring language, such as written prose or transcribed speech. Using NLP, we can gain insight into the code...

Read More