SEI Shorts

SEI experts offer quick takes on big issues and complicated topics.

Protecting Systems Using SSH Keys 05/19/2020

Protecting Systems Using SSH Keys In this SEI Cyber Minute, Alex Corn discusses how to protect systems using Secure Shell (SSH). SSH supports keys, which provide efficiency and security benefits. /episode/index/show/cmu-sei-shorts/id/14484077

A New Path to Verifiable Confidence 11/05/2019

A New Path to Verifiable Confidence In this SEI Cyber Minute, Bobbie Stempfley explains how in our increasingly complex world, the SEI is redefining approaches to security to address the transformative technologies being adopted throughout government and industry. /episode/index/show/cmu-sei-shorts/id/11920313

Agile Pitfall in Acquisition: The Bottom of the V 10/11/2019

Agile Pitfall in Acquisition: The Bottom of the V Suzanne Miller explains a pitfall that can occur during Agile implementation within complex, embedded systems and introduces a mindset to help reap the benefits of Agile and lean approaches throughout complex systems development. /episode/index/show/cmu-sei-shorts/id/11607581

Insider Threat Mitigation, We can help! 09/16/2019

Insider Threat Mitigation, We can help! September 2019 has been designated “National Insider Threat Awareness Month.” A number of federal agencies—including the FBI, Office of the Under Secretary of Defense for Intelligence, and Department of Homeland Security—have chosen September to spotlight the risks that insiders pose to national security. /episode/index/show/cmu-sei-shorts/id/11271434

Automating Alert Handling Reduces Manual Effort 08/23/2019

Automating Alert Handling Reduces Manual Effort Static analysis alerts about software code flaws require costly manual effort to validate and repair. As a result, organizations often severely limit the types of alerts they manually examine to the types of code flaws they most worry about. That approach results in a tradeoff where many True flaws may never get fixed. To make alert handling more efficient, the SEI developed and tested novel software that enables the rapid deployment of a method to classify alerts automatically and accurately. /episode/index/show/cmu-sei-shorts/id/10967618

SCAIFE: An Alert Auditing Classification Prototype 08/19/2019

SCAIFE: An Alert Auditing Classification Prototype In this SEI Cyber Minute, Ebonie McNeil explains how the Source Code Analysis Integrated Framework Environment or (SCAIFE) prototype is intended to be used by developers and analysts who manually audit alerts. /episode/index/show/cmu-sei-shorts/id/10917433

Integrating Threat Modeling with the SERA Method 05/08/2019

Integrating Threat Modeling with the SERA Method Threat-modeling methods provide an approach for identifying possible threats to a system and mitigating them. In this SEI Cyber Minute, Chris Alberts discusses the Security Engineering Risk Analysis (SERA) Method and the threats and risks that organizations can use it to model and plan for. In addition, Chris discusses the threat-modeling methods the SEI recently integrated into the SERA Method. /episode/index/show/cmu-sei-shorts/id/9704027

Using Confidence Maps 04/22/2019

Using Confidence Maps Confidence maps collect arguments or doubts about a claim, to which one can then apply a process of elimination to establish how much confidence someone can have that the claim is true. This SEI Cyber Minute gives an example that provides a practical explanation of the information that confidence maps take into consideration and how they work. It also provides a few examples of how the SEI has used them in the past to support certain projects. /episode/index/show/cmu-sei-shorts/id/9485660

Natural Language Processing for Cybersecurity 04/04/2019

Natural Language Processing for Cybersecurity The SEI works on projects that help computers (1) learn about the content that they store and (2) find pertinent information based on what they learn. One particular SEI project involves teaching computers to find clues in specification documents that can lead to the discovery of vulnerabilities without the help of analysts. This SEI Cyber Minute provides a quick overview of these kinds of projects and gives you information about how you can contact the SEI to collaborate on them. /episode/index/show/cmu-sei-shorts/id/9266945

Moving Cloud Computing to the Tactical Edge 03/26/2019

Moving Cloud Computing to the Tactical Edge At the SEI, we built an implementation of tactical cloudlets that we call KD-Cloudlet. Soldiers, emergency workers, field researchers, medics – really anyone who needs to be a cyber forager for computing resources -- can now use KD-Cloudlet to support mobile applications that: /episode/index/show/cmu-sei-shorts/id/9146045

Infrastructure as Code: Sustaining Your Legacy Applications 03/05/2019

Infrastructure as Code: Sustaining Your Legacy Applications Douglas Reynolds describes SEI research that can help organizations with sustainment of legacy applications and with migration to virtualized or cloud hardware. /episode/index/show/cmu-sei-shorts/id/8884565

Why Can’t All Contractors Do Agile the Same Way? 02/15/2019

Why Can’t All Contractors Do Agile the Same Way? Because the Agile methodology is based on a set of principles, contractors sometimes apply Agile methods differently depending on the scope and nature of the work they’re doing. This SEI Cyber Minute explains why these variations occur when practicing Agile methods, and it discusses current work that aims to help organizations establish which variations of Agile are most useful and appropriate in government settings. /episode/index/show/cmu-sei-shorts/id/8662592

The SEI, a DoD FFRDC 02/11/2019

The SEI, a DoD FFRDC Mary Catherine Ward explains the unique work that the SEI does for the Department of Defense as a federally funded research and development center (FFRDC). /episode/index/show/cmu-sei-shorts/id/8600150

Assuring Cyber-Physical Systems 01/17/2019

Assuring Cyber-Physical Systems Self-driving cars, drones, or missiles that use computer systems to interact with the physical world are examples of cyber-physical systems. As these systems become more complex and unpredictable, establishing confidence that they work correctly becomes challenging. The SEI is conducting research to develop programs that focus on enforcing that cyber-physical systems perform only safe actions and how use of these programs can reduce development time and cost. /episode/index/show/cmu-sei-shorts/id/8293694

Getting Your Agile Program Started 01/07/2019

Getting Your Agile Program Started Eileen Wrubel discusses getting your agile program started. /episode/index/show/cmu-sei-shorts/id/8166374

Cross-Origin Resource Sharing (CORS) 12/20/2018

Cross-Origin Resource Sharing (CORS) Same-origin policy is a feature of modern web browsers that restricts scripts hosted on one website from making calls to another website. While useful from a security perspective, this policy can restrict certain legitimate use cases in which there is no security threat. The best solution to allow those legitimate cases to function properly is to employ cross-origin resource sharing (CORS). This Cyber Minute discusses how CORS works and how it should be configured to avoid risk. /episode/index/show/cmu-sei-shorts/id/7990538

Influence Attacks on Machine Learning 12/12/2018

Influence Attacks on Machine Learning Watch Mark Sherman in this SEI Cyber Minute as he discusses "Influence Attacks on Machine Learning". /episode/index/show/cmu-sei-shorts/id/7890014

A Complete DevOps Pipeline: The Foundation for Success 12/03/2018

A Complete DevOps Pipeline: The Foundation for Success Shane Ficorilli explains some of the requirements for successfully implementing DevOps in your organization, including how to establish a complete deployment pipeline. /episode/index/show/cmu-sei-shorts/id/7780469

What does a software architect do? 11/26/2018

What does a software architect do? Watch SEI Researcher Andrew Kotov respond to "What does a software architect do?" /episode/index/show/cmu-sei-shorts/id/7687067

Where Dynamic and Static Code Analysis Merge 11/26/2018

Where Dynamic and Static Code Analysis Merge Watch Bob Schiela and Jeff Boleng discuss "Where dynamic and static code analysis merge". /episode/index/show/cmu-sei-shorts/id/7687010

Why aren’t DoD Programs using static analysis as commercial firms do? 11/26/2018

Why aren’t DoD Programs using static analysis as commercial firms do? Watch Bob Schiela discuss "Why aren’t DoD Programs using static analysis as commercial firms do?" /episode/index/show/cmu-sei-shorts/id/7686962

Deep Learning in Cybersecurity 11/15/2018

Deep Learning in Cybersecurity Eliezer Kanal explains deep learning, a subfield of artificial intelligence, and how the SEI is conducting research to learn how it might be used to advance cybersecurity. /episode/index/show/cmu-sei-shorts/id/7575665

Should a software architect be concerned with risk analysis? 11/14/2018

Should a software architect be concerned with risk analysis? Watch SEI Researchers Andrew Kotov and John Klein respond to "Should a software architect be concerned with risk analysis?" /episode/index/show/cmu-sei-shorts/id/7559036

Do all systems have technical debt? 11/14/2018

Do all systems have technical debt? Watch SEI Researcher Ipek Ozkaya respond to "Do all systems have technical debt?" /episode/index/show/cmu-sei-shorts/id/7558568

How can automated code repair help DoD with legacy code vulnerability analysis? 11/14/2018

How can automated code repair help DoD with legacy code vulnerability analysis? Watch Bob Schiela and Jeff Boleng discuss "How can automated code repair help DoD with legacy code vulnerability analysis? /episode/index/show/cmu-sei-shorts/id/7557320

How do you integrate software architecture into Agile/DevOps environments? 11/14/2018

How do you integrate software architecture into Agile/DevOps environments? Watch SEI Researchers Andrew Kotov and John Klein respond to "How do you integrate software architecture into Agile/DevOps environments?" /episode/index/show/cmu-sei-shorts/id/7557077

Exploring the System Design Tradespace 11/08/2018

Exploring the System Design Tradespace Here at the Software Engineering Institute, we have created a new tool prototype that helps explore a system’s design tradespace. The tradespace is the possible combinations of system software, hardware, and configuration options. Our prototype – which combines previous work here at the SEI with software developed at Penn State University – enables system designers to evaluate design options in the tradespace rapidly and automatically. /episode/index/show/cmu-sei-shorts/id/7486793

Natural Forces 11/07/2018

Natural Forces Pat Place discusses the forces that influence how often your organization is able to perform system updates. /episode/index/show/cmu-sei-shorts/id/7468874

Automating Repair of Pervasive Software Flaws 11/07/2018

Automating Repair of Pervasive Software Flaws Manually fixing coding errors is time- and money-consuming. As a result, teams charged to make the fixes can eliminate few vulnerabilities; and fixing errors often breaks the working code, adding unwanted delay in testing. The SEI has developed a tool to detect and automatically repair integer overflow and reads of stale sensitive data, two pervasive software flaws. /episode/index/show/cmu-sei-shorts/id/7468700

Build Secure Applications with DevSecOps 11/06/2018

Build Secure Applications with DevSecOps Watch Hasan Yasar discuss how to "Build Secure Applications with DevSecOps." DevSecOps is a model on integrating the software development and operational process that considers security activities throughout DevOps pipeline with practicing collaboration and communication between software development teams , IT operations staff along with acquirers, suppliers, security teams, and other stakeholders in the lifecycle of a software system. /episode/index/show/cmu-sei-shorts/id/7459433

SEI Shorts

TOPICS