Afleveringen
-
The exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI CERT Division, discusses three API risks and how to address them through the lens of zero trust.
-
Zijn er afleveringen die ontbreken?
-
Capability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains use CBP for financial success or to design a well-balanced defense system. The definitions understandably vary across these domains. In this SEI podcast, Anandi Hira, a data scientist, and William R. Nichols, an initiative lead for Software Engineering Measurement and Analysis, introduce CBP and its use and application in software acquisition.
-
Cybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James Lord, security operations technical manager, discuss the SEI’s work developing Computer Security Incident Response Teams (CSIRTs) across the globe.
-
Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Redemption, a new open source tool from the SEI that automatically repairs common errors in C/C++ code generated from static analysis alerts, making code safer and static analysis less overwhelming.
-
Not all paths to cybersecurity careers look the same. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Randy Trzeciak, deputy director of cyber risk and resilience in the SEI’s CERT division, discusses his career journey, resources for pursuing a career in cybersecurity, and the importance of building a diverse workforce.
-
Sam Procter started out studying computer science at the University of Nebraska, but he didn’t love it. It wasn’t until he took his first software engineering course that he knew he’d found his career path. In this podcast from the Carnegie Mellon University Software Engineering Institute, Sam Procter discusses the early influences that shaped his career, the importance of embracing different types of diversity in his research and work, and the value of a work-life balance.
-
With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Woody, principal researcher, and Michael Bandor, a senior software engineer, discuss a Software Bill of Materials (SBOMs) framework to help promote the use of SBOMs and establish a more comprehensive set of practices and processes that organizations can leverage as they build their programs. They also offer guidance for government agencies who are interested in incorporating SBOMs into their work.
-
Across the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri, a software developer in the SEI’s AI Division, discusses the evolution of her career in AI and the importance of diversity in the field.
-
At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower Project at Carnegie Mellon University’s Software Engineering Institute (SEI) from May 2023 through September 2023. The Mayflower Project attempted to answer the following questions:
How might the IC set up a baseline, stand-alone LLM? How might the IC customize LLMs for specific intelligence use cases? How might the IC evaluate the trustworthiness of LLMs across use cases?In this SEI Podcast, Shannon Gallagher, AI engineering team lead, and Rachel Dzombak, special advisor to the director of the SEI’s AI Division, discuss the findings and recommendations from the Mayflower Project and provides additional background information about LLMs and how they can be engineered for national security use cases.
-
Modern software engineering practices of Agile and DevSecOps have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business mission and capability delivery even though these concerns are critical to the successful delivery of a software product. Through our work with government organizations, we have found that expanding DevSecOps beyond product development enables other teams to increase their capabilities and improve their processes. Agile methodologies are also being used for complex system and hardware developments. In this podcast from the Carnegie Mellon University Software Engineering Institute, Lyndsi Hughes, a senior systems engineer and David Sweeney, an associate software developer, both with the SEI CERT Division, share their experiences leveraging DevSecOps pipelines in atypical situations in support of teams focused on the capability delivery and business mission for their organizations.
-
Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations that software program managers must first address. In this podcast, Patrick Place, a senior engineer, and Stephen Wilson, a test engineer, both with the SEI Agile Transformation Team, discuss seven considerations for successful use of Agile and EVM.
-
As developers continue to build greater autonomy into cyber-physical systems (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and more precise data, but they require a complex architecture to correctly transfer and process multiple data streams. This increase in complexity comes with additional challenges for functional verification and validation, a greater potential for faults, and a larger attack surface. What’s more, CPSs often cannot distinguish faults from attacks. To address these challenges, researchers from the SEI and Georgia Tech collaborated on an effort to map the problem space and develop proposals for solving the challenges of increasing sensor data in CPSs. In this podcast from the Carnegie Mellon University Software Engineering Institute, Jerome Hugues, a principal researcher in the SEI Software Solutions Division, discusses this collaboration and its larger body of work, Safety Analysis and Fault Detection Isolation and Recovery (SAFIR) Synthesis for Time-Sensitive Cyber-Physical Systems.
-
To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span multiple domains and call for vastly different capabilities. In this podcast, Matthew Walsh, a senior data scientist in CERT, and Dominic Ross, Multi-Media Design Team lead, discuss their work in developing the four case studies as well as limitations and future uses of ChatGPT.
-
Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT Division, was recently invited to be a participant in the Workshop on Cybersecurity of Quantum Computing, co-sponsored by the National Science Foundation (NSF) and the White House Office of Science and Technology Policy, to examine the emerging field of cybersecurity for quantum computing. In this podcast from the Carnegie Mellon University Software Engineering Institute, Scanlon discusses how to create the discipline of cyber protection of quantum computing and outlines six areas of future research in quantum cybersecurity.
-
Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be collected. A top-down, deterministic specification of graphs or other depictions of data required by the metrics program can distract participants from the potentially useful information that the metrics reveal and illuminate. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Will Hayes, who leads the Agile Transformation Team, and Patrick Place, a principal engineer on that team, discuss with principal researcher Suzanne Miller, how user stories can help put development in the context of who is using the system and lead to a conversation about why a specific metric is being collected.
-
In working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle of a successful product. These activities include thoroughly exploring the problem space by talking to users, assessing existing solutions, understanding the competition, and positioning the product to create value for customers. In this podcast from the Carnegie Mellon University Software Engineering Institute, Hwang talks with principal researcher Suzanne Miller about the importance of implementing foundational product management principles in software and systems development and offers resources for audience members who looking to strengthen their Agile product delivery practices.
- Laat meer zien