Each webinar features an SEI researcher discussing their research on software and cybersecurity problems of considerable complexity. The webinar series is a way for the SEI to accomplish its core purpose of improving the state-of-the-art in software engineering and cybersecurity and transitioning this work to the community. The SEI is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI Webinar Seri ...
…
continue reading
1
Generative AI and Software Engineering Education
1:02:05
1:02:05
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:05
Within a very short amount of time, the productivity and creativity improvements envisioned by generative artificial intelligence (AI), such as using tools based on large language models (LLMs), have taken the software engineering community by storm. The industry is in a race to develop your next best software development tool. Organizations are pe…
…
continue reading
1
Secure Systems Don’t Happen by Accident
59:08
59:08
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
59:08
Traditionally, cybersecurity has focused on finding and removing vulnerabilities. This is like driving backward down the highway using your rearview mirror. Most breaches are due to defects in design or code; thus, the only way to truly address the issue is to design and build more secure solutions. In this webcast, Tim Chick discusses how security…
…
continue reading
1
Can You Rely on Your AI? Applying the AIR Tool to Improve Classifier Performance
38:50
38:50
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
38:50
Modern analytic methods, including artificial intelligence (AI) and machine learning (ML) classifiers, depend on correlations; however, such approaches fail to account for confounding in the data, which prevents accurate modeling of cause and effect and often leads to prediction bias. The Software Engineering Institute (SEI) has developed a new AI …
…
continue reading
1
Using a Scenario to Reason About Implementing a Zero Trust Strategy
1:02:22
1:02:22
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:22
There is a lot of documentation about a zero trust architecture, as well as directives that it be used for U.S. federal agencies and the Department of Defense (DoD), but little information on how to go about implementing it to improve an organization’s enterprise or DoD weapon system security. Use cases typically describe requirements for these sys…
…
continue reading
1
Ask Us Anything: Supply Chain Risk Management
41:11
41:11
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
41:11
According to the Verizon Data Breach Report, Log4j-related exploits have occurred less frequently over the past year. However, this Common Vulnerabilities and Exposures (CVE) flaw was originally documented in 2021. The threat still exists despite increased awareness. Over the past few years, the Software Engineering Institute (SEI) has developed gu…
…
continue reading
1
The Future of Software Engineering and Acquisition with Generative AI
1:32:10
1:32:10
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:32:10
We stand at a pivotal moment in software engineering, with artificial intelligence (AI) playing a crucial role in driving approaches poised to enhance software acquisition, analysis, verification, and automation. While generative AI tools initially sparked excitement for their potential to reduce errors, scale changes effortlessly, and drive innova…
…
continue reading
1
Cyber Supply Chain Risk Management: No Silver Bullet
38:40
38:40
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
38:40
Compliance standards, privileged access management, software bills of materials (SBOMs), maturity models, cloud services, vulnerability management, etc. The list of potential solutions to supply chain risk management (SCRM) challenges seems unending as much as it is daunting to address. In this webcast, Brett Tucker explores some of these solutions…
…
continue reading
1
Ask Us Anything: Generative AI Edition
1:30:37
1:30:37
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:30:37
Generative AI (GenAI) has been around for decades, but the latest leap in progress, fueled by high-capability large language models (LLMs), image and video generators, and AI pair programmers, has captivated audiences across a variety of disciplines. What can GenAI do well? What are the risks and opportunities of using GenAI? SEI experts Doug Schmi…
…
continue reading
1
Evaluating Trustworthiness of AI Systems
1:02:08
1:02:08
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:08
AI system trustworthiness is dependent on end users’ confidence in the system’s ability to augment their needs. This confidence is gained through evidence of the system’s capabilities. Trustworthy systems are designed with an understanding of the context of use and careful attention to end-user needs. In this webcast, SEI researchers discuss how to…
…
continue reading
1
Leveraging Software Bill of Materials Practices for Risk Reduction
1:02:03
1:02:03
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:03
A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of …
…
continue reading
1
Institutionalizing the Fundamentals of Insider Risk Management
56:33
56:33
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
56:33
Insider threats pose an enduring, ever-evolving risk to an organization’s critical assets that require enterprise-wide participation to manage effectively. Many organizations struggle to make critical tasks in insider risk management “stick,” relying on several crutches to drive temporary organizational change, only to see those changes come undone…
…
continue reading
1
What’s Wrong with ROI for Model-Based Analysis of Cyber-Physical Systems?
56:06
56:06
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
56:06
In this webcast, Fred Schenker, Jerome Hugues, and Linda Parker Gates discuss the benefits of using a model-based approach to improve the design of a CPS’ embedded computing resources. This is accomplished by (1) building virtual architectural models of the CPS’ embedded computing resources early in the system development lifecycle and (2) using th…
…
continue reading
1
Will Rust Solve Software Security?
53:38
53:38
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
53:38
The Rust programming language makes some strong claims about the security of Rust code. In this webcast, David Svoboda and Joe Sible will evaluate the Rust programming language from a cybersecurity perspective. They will examine Rust's security model, both in what it promises and its limitations. They will also examine how secure Rust code has been…
…
continue reading
1
Top 5 Challenges to Overcome on Your DevSecOps Journey
1:00:36
1:00:36
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:00:36
Historically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align with business objectives. In the ideal outcome of such a shift, software teams would act in alignme…
…
continue reading
1
Improving Analytics Using Enriched Network Flow Data
1:02:25
1:02:25
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:25
Classic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. Howe…
…
continue reading
1
How Can Data Science Solve Cybersecurity Challenges?
1:00:01
1:00:01
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:00:01
In this webcast, Tom Scanlon, Matthew Walsh and Jeffrey Mellon discuss approaches to using data science and machine learning to address cybersecurity challenges. They provide an overview of data science, including a discussion of what constitutes a good problem to solve with data science. They also discuss applying data science to cybersecurity cha…
…
continue reading
1
AI Next Generation Architecture
1:01:44
1:01:44
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:01:44
As Artificial Intelligence permeates mission-critical capabilities, it is paramount to design modular solutions to ensure rapid evolution and interoperability. During this webcast, we’ll discuss some of the primary quality attributes guiding such design, and how a Next Generation Architecture can facilitate an integrated future state. What attendee…
…
continue reading
1
Addressing Supply Chain Risk and Resilience for Software-Reliant Systems
1:01:31
1:01:31
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:01:31
All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically scattered across many parts of the acquiring organization, and they are performed in isolated stovepipes.…
…
continue reading
1
Does your DevSecOps Pipeline only Function as Intended?
52:40
52:40
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
52:40
Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned…
…
continue reading
1
Finding Your Way with Software Engineering Buzzwords
1:01:38
1:01:38
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:01:38
As a Software Engineering community, we started to hear new words with new definitions to achieve some challenges with deciding the shelf life of said terms. Some examples include: DevOps is dead, long live NoOps, SecOps, NoCode, SRE, GitOps, and recently Platform Engineering. We often confuse these terms in order to achieve certain software engine…
…
continue reading
1
Infrastructure as Code Through Ansible
54:27
54:27
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
54:27
Infrastructure as code (IaC) is a concept that enables organizations to automate the provisioning and configuration of their IT infrastructure. This concept also aids organizations in applying the DevOps process (plan, code, build, test, release, deploy, operate, monitor, repeat) to their infrastructure. Ansible is a popular choice within the IaC t…
…
continue reading
1
Applying the Principles of Agile to Strengthen the Federal Cyber Workforce
58:42
58:42
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
58:42
The lack of qualified cybersecurity professionals in the United States is a threat to our national security. We cannot adequately protect the systems that our government, economy, and critical infrastructure sectors rely on without an appropriately sized cyber workforce. By some estimates, there are over 700,000 cybersecurity job openings across th…
…
continue reading
1
Ransomware: Defense and Resilience Strategies
58:55
58:55
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
58:55
Ransomware poses an imminent threat to most organizations. Whereas most traditional cyber attacks require extended threat actor engagement to seeking out critical information, exporting data, and demanding ransom from victims, ransomware shortens the process and puts immediate pressure on the victim to respond with payment. Unfortunately, the rise …
…
continue reading
1
Using Open Source to Shrink the Cyber Workforce Gap
50:19
50:19
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
50:19
By all recent measures, the cybersecurity workforce is woefully understaffed. According to (ISC)², the cyber workforce gap in the United States was 377,000 open positions in 2021. The Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) has been working with the U.S. government to development novel approaches designed to shrink …
…
continue reading
1
Exploring an AI Engineering Body of Knowledge
1:02:21
1:02:21
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:21
In this webcast, Carol Smith, Carrie Gardner, and Michael Mattarock discuss maturing artificial intelligence (AI) practices based on our current body of knowledge. Much as it did for software engineering in the 1980s, the SEI has begun formalizing the field of AI engineering, beginning with identifying three fundamental pillars to guide AI engineer…
…
continue reading
1
What are Deepfakes, and How Can We Detect Them?
1:00:00
1:00:00
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:00:00
In this webcast, Shannon Gallagher and Dominic Ross discuss what deepfakes are, and how they are building AI/ML tech to distinguish real from fake. They will start with some well-known examples of deepfakes and discuss what makes them distinguishable as fake for people and computers.Shannon Gallagher and Dominic Ross tarafından oluşturuldu
…
continue reading
1
Adapting Agile and DevSecOps to Improve Non-Software Development Teams
1:03:07
1:03:07
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:03:07
Agile and DevSecOps have revolutionized software engineering practices. The strategies put forward in Agile and DevSecOps have eased many software engineering challenges and paved the way for continuous deployment pipelines. But what do you do when you're facing a problem that doesn't fit the model of a pure software engineering project? In this we…
…
continue reading
1
Predictable Use of Multicore in the Army and Beyond
58:18
58:18
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
58:18
Complex, cyber-physical DoD systems, such as aircraft, depend on correct timing to properly and reliably execute crucial sensing, computing, and actuation functions. In this webcast, SEI staff members Bjorn Andersson, PhD, Dionisio de Niz, PhD, and William Vance of the U.S. Army Combat Capabilities Development Command Aviation & Missile Center disc…
…
continue reading
1
Ask Us Anything: Zero Trust Edition
1:02:27
1:02:27
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:27
The Forrester report, "The Definition of Modern Zero Trust," defines Zero Trust as an information security model that denies access to applications and data by default. Zero Trust adoption can be difficult for organizations to undertake. It is not a specific technology to adopt; instead, it’s an initiative that an enterprise must understand, interp…
…
continue reading
1
Acquisition Disasters? Ideas For Reducing Acquisition Risk
47:28
47:28
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
47:28
The status quo for how we acquire cyber-physical weapon systems (CPS) needs to be changed. It is almost certain (for any acquisition of a CPS) that there will be cost overruns, schedule delays, and/or the loss of promised warfighter capability. Improved product development technologies could be applied, but they have not been adopted widely. We wil…
…
continue reading
1
Engineering Tactical and AI-Enabled Systems
22:08
22:08
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
22:08
In this episode, Grace Lewis and Shane McGraw discuss how the SEI is applying research, through its highly successful Tactical and AI-Enabled Systems (TAS) initiative, to develop foundational principles, innovative solutions, and best practices for architecting, developing, and deploying tactical and AI-enabled systems. These systems will provide s…
…
continue reading
1
A Cybersecurity Engineering Strategy for DevSecOps
59:23
59:23
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
59:23
In this webcast, Carol Woody presents the scope of a cybersecurity engineering strategy for DevSecOps along with the criticality of sharing information with direct and indirect stakeholders.Carol Woody tarafından oluşturuldu
…
continue reading
1
CRO Success Factors in the Age of COVID
55:59
55:59
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
55:59
In this webcast, Brett Tucker, Ryan Zanin, and Abid Adam discuss the critical factors for risk executives to be successful to not only protect critical assets but also to take advantage of new opportunities created via the pandemic.Brett Tucker, Ryan Zanin, and Abid Adam tarafından oluşturuldu
…
continue reading
Zero Trust Architecture adoption is a challenge for many organizations. It isn't a specific technology to adopt; instead, it’s a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve the enterprise’s cybersecurity posture requires the alignment o…
…
continue reading
1
The Future of AI: Scaling AI Through AI Engineering
1:01:59
1:01:59
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:01:59
In its 2021 report, the National Security Commission on AI (NSCAI) wrote, "The impact of artificial intelligence (AI) on the world will extend far beyond narrow national security applications." How do we move beyond those narrow AI applications to gain strategic advantage? Join Dr. Matt Gaston, Director of the SEI AI Division, Dr. Steve Chien, NSCA…
…
continue reading
1
AI Engineering: Ask Us Anything About Building AI Better
1:04:47
1:04:47
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:04:47
Self-driving cars are being tested in our cities, bespoke movie and product recommendations populate our apps, and we can count on our phones to route us around highway traffic... Why, then, do most AI deployments fail? What is needed to create, deploy, and maintain AI systems we can trust to meet our mission needs, particularly for defense and nat…
…
continue reading
1
Balanced Approaches to Insider Risk Management
1:00:53
1:00:53
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:00:53
Misuse of authorized access to an organization’s critical assets is a significant concern for organizations of all sizes, missions, and industries. We at the CERT National Insider Threat Center have been collecting and analyzing data on incidents involving malicious and unintentional insider since 2001, and have worked with numerous organizations a…
…
continue reading
1
Software Development Open Forum: Ask Hasan Anything!
1:03:02
1:03:02
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:03:02
The software development lifecycle has changed a lot and continues to evolve. Almost every company now is a software company. Meeting business needs and adapting to the speed of the market for new features requires an agility mindset and continuous-delivery techniques throughout application-development lifecycles. You have software development and …
…
continue reading
1
Software Supply Chain Concerns for DevSecOps Programs
1:03:47
1:03:47
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:03:47
In a DevSecOps world the software supply chain extends beyond libraries upon which developed software depends. In this webinar we will look at the Solarwinds incident as a worst-case exemplifying the breadth of the software supply chain issues confronting complex DevSecOps programs. We will explore the important architectural aspects of DevSecOps t…
…
continue reading
1
How Do We Teach Cybersecurity?
1:00:17
1:00:17
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:00:17
How do you teach cybersecurity to a middle school student? To a soldier? To some of the best hackers in the country? How do you evaluate all of these audiences’ skills? Cybersecurity training has been an ongoing challenge for decades. The key to making the best use of your training dollar is to craft training that matches your audience’s needs and …
…
continue reading
1
Software Supply Chain Concerns for DevSecOps Programs
1:01:06
1:01:06
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:01:06
Managing third-party relationships, such as pubic cloud service providers, requires a set of skills often unfamiliar to many technologists. These relationships are constructed on a foundation of verifiable trust. This requires managing the cybersecurity performance of third parties via contractual mechanisms rather than the traditional line-of-sigh…
…
continue reading
1
Announcing IEEE 2675 DevOps Standard to Build Reliable and Secure Systems
1:03:29
1:03:29
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:03:29
IEEE 2675 standard specifies technical principles and practices to build, package, and deploy systems and applications in a reliable and secure way. The standard focuses on establishing effective compliance and IT controls. It presents principles of DevOps including mission first, customer focus, shift-left, continuous everything, and systems think…
…
continue reading
1
AI Engineering: The National Initiative for Human-Centered, Robust and Secure, and Scalable AI
1:02:20
1:02:20
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:20
According to recent estimates, around 85% of AI projects fail to move from conceptualization to implementation. Why are these failures happening, and how can we prevent them? AI engineering is an emergent discipline focused on developing tools, systems, and processes to enable the application of artificial intelligence in real-world contexts. The S…
…
continue reading
1
Amplifying Your Privacy Program: Strategies for Success
1:01:06
1:01:06
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:01:06
Privacy protection isn't just a compliance activity. but It’s also a key area of organizational risk that requires enterprise-wide support and participation; careful planning; and forward-leaning, data-driven controls. In this webcast, we highlight best practices for privacy program planning and implementation. We present strategies for leveraging …
…
continue reading
1
DevOps Enables Digital Engineering
1:00:44
1:00:44
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:00:44
There is some confusion about how the paradigms of DevOps and Digital Engineering fit together. In the case of software-intensive systems, we believe DevOps practices are an enabler for Digital Engineering, in many forms. During this webcast, we introduced the relatively new concept of Digital Engineering and how we believe DevOps actually compleme…
…
continue reading
1
Modeling DevSecOps to Reduce the Time-to-Deploy and Increase Resiliency
59:45
59:45
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
59:45
Many organizations struggle in applying DevSecOps practices and principles in a cybersecurity-constrained environment because programs lack a consistent basis for managing software intensive development, cybersecurity, and operations in a high-speed lifecycle. We will discuss how an authoritative reference, or Platform Independent Model (PIM), is n…
…
continue reading
1
SolarWinds Hack: Fallout, Recovery, and Prevention
1:01:18
1:01:18
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:01:18
The recent SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains. Responding effectively to breaches and hacks requires a cross-section of technical skills and process insights. In this webcast, we explored the lifecycle of the SolarWinds activity and discussed both technical and risk…
…
continue reading
1
Software Engineering for Machine Learning
1:03:11
1:03:11
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:03:11
In this webcast, Grace Lewis and Ipek Ozkaya provide perspectives involved in the development and operation of ML systems. What attendees will learn: • Perspectives involved in the development and operation of ML systems • Types of mismatch that occur in the development of ML systems • Future work in software engineering for ML systems…
…
continue reading
1
Busting the Myths of Programmer Productivity
54:21
54:21
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
54:21
Are the great programmers really 10 times faster than the rest? What does this difference in productivity even mean? What productivity distribution should we expect between professionals? How can we use this knowledge? In this webcast, we make the most of a large set of programmer training data using repeated measures to explore these questions. Wh…
…
continue reading
1
What Is Cybersecurity Engineering and Why Do I Need It?
1:02:05
1:02:05
Daha Sonra Çal
Daha Sonra Çal
Listeler
Beğen
Beğenildi
1:02:05
In this webcast, Carol Woody and Rita Creel discuss how cybersecurity engineering knowledge, methods, and tools throughout the lifecycle of software-intensive systems will reduce their inherent cyber risk and increase their operational cyber resilience.Carol Woody and Rita Creel tarafından oluşturuldu
…
continue reading