search menu icon-carat-right cmu-wordmark

Archive: July 2019

The Promise of Deep Learning on Graphs

The Promise of Deep Learning on Graphs

• SEI Blog
Oren Wright

A growing number of Department of Defense (DoD) data problems are graph problems: the data from sources such as sensor feeds, web traffic, and supply chains are full of irregular relationships that require graphs to represent explicitly and mathematically. For example, modern test and evaluation produces massive, heterogeneous datasets, and analysts can use graphs to reveal otherwise hidden patterns in these data, affording the DoD a far more complete understanding of a system's effectiveness, survivability,...

Read More
An Application Programming Interface for Classifying and Prioritizing Static Analysis Alerts

An Application Programming Interface for Classifying and Prioritizing Static Analysis Alerts

• SEI Blog
Lori Flynn

This post was co-written by Ebonie McNeil and Aubrie Woods. In this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts. It is designed so that a wide variety of static analysis tools can integrate with the SCAIFE system using the API. The API is pertinent to organizations that develop or research static analysis alert auditing tools, aggregators,...

Read More
Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra

Using OOAnalyzer to Reverse Engineer Object Oriented Code with Ghidra

• SEI Blog
Jeffrey Gennari

Object-oriented programs continue to pose many challenges for reverse engineers and malware analysts. C++ classes tend to result in complex arrangements of assembly instructions and sophisticated data structures that are hard to analyze at the machine code level. We've long sought to simplify the process of reverse engineering object-oriented code by creating tools, such as OOAnalyzer, which automatically recovers C++-style classes from executables. OOAnalyzer includes utilities to import OOAnalyzer results into other reverse engineering frameworks,...

Read More
Selecting Measurement Data for Software Assurance Practices

Selecting Measurement Data for Software Assurance Practices

• SEI Blog
Carol Woody

Measuring the software assurance of a product as it is developed and delivered to function in a specific system context involves assembling carefully chosen metrics. These metrics should demonstrate a range of behaviors to confirm confidence that the product functions as intended and is free of vulnerabilities. The Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain to promote the desired assurance behaviors....

Read More
Three Architecture Recommendations for Sustainment Organizations

Three Architecture Recommendations for Sustainment Organizations

• SEI Blog
Susan Crozier Cox

In a March 2019 report, the Defense Innovation Board (DIB)--a group of advisors focused on bringing the technical advantages employed by Silicon Valley to the Department of Defense (DoD)--noted that the United States faces threats that are evolving at an ever-increasing pace. The DIB also noted that the DoD's ability to adapt and respond to these threats is now determined by its ability to develop and deploy software to the field rapidly. As the DIB...

Read More