search menu icon-carat-right cmu-wordmark

Archive: March 2019

Securely Connecting Africa

Securely Connecting Africa

• SEI Blog
Vijay Sarvepalli

While the Internet has enabled modernization in parts of the developing world, it has also introduced new cybersecurity challenges. Many developing countries are unprepared for large-scale cyber attacks and ongoing threats posed by hackers. A July 2017 New York Times article notes that developing countries have become an ideal testing ground for hackers. These attacks caught the attention of the Cote d'Ivoire (Ivory Coast) computer security incident response (CSIRT) team, who reached out to the...

Read More
Enabling Shift-Left Testing from Small Teams to Large Systems

Enabling Shift-Left Testing from Small Teams to Large Systems

• SEI Blog
Nanette Brown

Shift left is a familiar exhortation to teams and organizations engaged in Agile and Lean software development. It most commonly refers to incorporating test practices and an overall test sensibility early in the software development process (although it may also be applied in a DevOps context to the need to pull forward operations practices). Shift left sounds reasonably straightforward: just take the tasks that are on the right-hand side of your timeline and pull them...

Read More
Towards a New Model of Acquisition: Product-Line Architectures for the DoD - Second in a Series

Towards a New Model of Acquisition: Product-Line Architectures for the DoD - Second in a Series

• SEI Blog
Nickolas Guertin

This post was co-authored by Douglas Schmidt and William Scherlis. It is widely recognized that the Department of Defense (DoD) needs to have a nimble response to nimble adversaries. However, the inflexibility of many DoD development and acquisition practices begets inflexible architectures that often slow progress and increase risk to operational forces. This rejection of modern development methods actually increases program risk and extends development timelines, effectively reducing the value of the DoD's acquisition portfolio....

Read More
Operation Cloud Hopper Case Study

Operation Cloud Hopper Case Study

• SEI Blog
Nathaniel Richmond

In December, a grand jury indicted members of the APT10 group for a tactical campaign known as Operation Cloud Hopper, a global series of sustained attacks against managed service providers and, subsequently, their clients. These attacks aimed to gain access to sensitive intellectual and customer data. US-CERT noted that a defining characteristic of Operation Cloud Hopper was that upon gaining access to a cloud service provider (CSP) the attackers used the cloud infrastructure to hop...

Read More