The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לSoftware Engineering Institute (SEI) Podcast Series
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hosts Ben Brock Johnson and Amory Sivertson dig into the internet's vast and curious ecosystem of online communities to find untold histories, unsolved mysteries, and other jaw-dropping stories online and IRL.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k
348
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k35
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: developertea@gmail.com
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
Daily Deals
פודקאסטים ששווה להאזין
בחסות
A
All About Change
1 Gene Baur: Confronting the Morality of Factory Farming 28:16
28:16 
הפעל מאוחר יותר 
הפעל מאוחר יותר 
רשימות 
לייק 
אהבתי28:16
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתיGene Baur is the founder of Farm Sanctuary, a place of rescue, refuge, and adoption for hundreds of farm animals each year. Farm Sanctuary shelters enable visitors to connect with farm animals as emotional, intelligent individuals. Gene has also led campaigns to change laws about animal treatment and taken undercover photographs of farms, stockyards, and slaughterhouses, documenting deplorable conditions. His pictures and videos exposing factory farming cruelties have aired nationally and internationally, educating millions about the plight of modern farm animals, and his rescue work inspired an international farm sanctuary movement. Once called “the conscience of the food movement” by Time magazine, Gene walks the walk and talks the talk when it comes to food and animal rights. Jay and Gene discuss the political and cultural steps that will bring about the end of factory farming and a healthier approach to animals and food. Today's episode was produced by Tani Levitt and Mijon Zulu. To check out more episodes or to learn more about the show, you can visit our website Allaboutchangepodcast.com. If you like our show, spread the word, tell a friend or family member, or leave us a review on your favorite podcasting app. We really appreciate it. All About Change is produced by the Ruderman Family Foundation. Episode Chapters 0:00 Intro 1:05 The state of veganism 6:18 Cultural shifts around factory farming and veganism 14:58 Gene’s three paths of activism 17:44 Gene’s legislative successes 22:25 Accepting people where they are in their journeys 25:36 Thank you and goodbye For video episodes, watch on www.youtube.com/@therudermanfamilyfoundation Stay in touch: X: @JayRuderman | @RudermanFdn LinkedIn: Jay Ruderman | Ruderman Family Foundation Instagram: All About Change Podcast | Ruderman Family Foundation To learn more about the podcast, visit https://allaboutchangepodcast.com/ Looking for more insights into the world of activism? Be sure to check out Jay’s brand new book, Find Your Fight , in which Jay teaches the next generation of activists and advocates how to step up and bring about lasting change. You can find Find Your Fight wherever you buy your books, and you can learn more about it at www.jayruderman.com .…
An Introduction to Software Cost Estimation
Manage episode 453708338 series 2487640
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Software cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Anandi Hira, a data scientist on the SEI’s Software Engineering Measurement and Analysis team sits down with Bill Nichols, principal engineer and SEI data science team lead, to discuss software cost estimation including various metrics, best practices, and common challenges when developing or building a model.
418 פרקים
שתפוManage episode 453708338 series 2487640
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Software cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Anandi Hira, a data scientist on the SEI’s Software Engineering Measurement and Analysis team sits down with Bill Nichols, principal engineer and SEI data science team lead, to discuss software cost estimation including various metrics, best practices, and common challenges when developing or building a model.
418 פרקים
כל הפרקים
×
S
Software Engineering Institute (SEI) Podcast Series
1 Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds 25:10
25:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיContainer images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such as timestamps and external dependencies. Lack of reproducibility can lead to lack of trust, broken builds, and possibly mask hidden malware insertion. Vessel, a recent tool from the Carnegie Mellon University Software Institute (SEI), helps developers identify the difference between two container images to help sort benign from problematic issues. In this SEI Podcast, Kevin Pitstick, a senior software engineer at the SEI and Vessel’s lead developer, and Lihan Zhan, a software engineer at the SEI working on tactical and AI-enabled systems, sit down with Grace Lewis, lead of the Tactical and AI-Enabled Systems (TAS) applied research and development team at the SEI, to discuss the Vessel tool, its development, and application in mission-critical settings.…
S
Software Engineering Institute (SEI) Podcast Series
1 Mitigating Cyber Risk with Secure by Design 32:29
32:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware enables our way of life, but market forces have sidelined security concerns leaving systems vulnerable to attack. Fixing this problem will require the software industry to develop an initial standard for creating software that is secure by design. These are the findings of a recently released paper coauthored by Greg Touhill, director of the Software Engineering Institute (SEI) CERT Division. In this latest SEI podcast, Touhill and Matthew Butkovic, director of Cyber Risk and Resilience at CERT, discuss the paper including its recommendations for making software secure by design.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Magic in the Middle: Evolving Scaled Software Solutions for National Defense 21:25
21:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA January 2025 Defense Innovation Board study on scaling nontraditional defense innovation stated, “We must act swiftly to ensure the DoD leads in global innovation and competition over AI and autonomous systems – and is a trendsetter for their responsible use in modern warfare." In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), chief technical officer Tom Longstaff discusses the SEI’s long-standing work to help the DoD rapidly scale technology including artificial intelligence (AI) and autonomous systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space 44:26
44:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי44:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWarfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SEI) examined the state of DevSecOps within the Department of Defense. In this podcast, Eileen Wrubel, the SEI’s Transforming Software Acquisition Policy and Practice technical director, sits down with George Lamb, director for DoD Cloud and Software Modernization in the Information Enterprise Office of the DoD CIO, which is responsible for the DoD Software Modernization Strategy and its associated implementation plan, and Bill Nichols, lead of the SEI’s Software Engineering Measurement and Analysis work. They discuss DevSecOps successes in the DoD and opportunities for scaling its impact.…
S
Software Engineering Institute (SEI) Podcast Series
Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit down with senior reesearcher Jose Morales to discuss a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition 21:40
21:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA strong cyber defense is vital to public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America’s cybersecurity workforce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) partnered with the SEI to develop and run the President’s Cup Cybersecurity Competition, a national cyber competition that identifies and rewards the best cybersecurity talent in the federal workforce. In six years, more than 8,000 people have taken part in the President’s Cup. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jarrett Booz, technical lead for the President’s Cup, and John DiRicco, a training specialist in the SEI’s CERT Division, sit down with Matthew Butkovic, the CERT technical director of cyber risk and resilience, to reflect on six years of hosting the cup, including challenges, lessons learned, the path forward, and publicly available resources.…
S
Software Engineering Institute (SEI) Podcast Series
1 Updating Risk Assessment in the CERT Secure Coding Standard 26:04
26:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEvaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C Coding Standard to better harmonize with the current state of the art for static analysis tools as well as simplify the process of source code security auditing. In this SEI podcast, David Svobodaand Joseph Sible, both engineers in CERT’s Applied Systems Group and primary developers and maintainers of the standard, sit down with Robert Schiela, deputy technical director of the Cybersecurity Foundations Directorate in CERT, to discuss the proposed changes, specifically in the area of risk assessment.…
S
Software Engineering Institute (SEI) Podcast Series
1 Delivering Next Generation Cyber Capabilities to the DoD Warfighter 27:16
27:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in the Department of Defense.…
S
Software Engineering Institute (SEI) Podcast Series
1 Getting the Most Out of Your Insider Risk Data with IIDES 39:14
39:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInsider incidents cause around 35 percent of data breaches, creating financial and security risks for organizations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Austin Whisnant and Dan Costa discuss the Insider Incident Data Expression Standard (IIDES), a new schema for collecting and sharing data about insider incidents. IIDES facilitates insider incident information handling to help organizations better protect themselves against the compromise of sensitive information and mission-critical systems, which is essential to maintaining national security and defense.…
S
Software Engineering Institute (SEI) Podcast Series
1 Grace Lewis Outlines Vision for IEEE Computer Society Presidency 18:14
18:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיGrace Lewis , a principal researcher at the Carnegie Mellon University Software Engineering Institute (SEI) and lead of the SEI’s Tactical and AI-Enabled Systems Initiative, was elected the 2026 president of the IEEE Computer Society (CS), the largest community of computer scientists and engineers, with more than 370,000 members around the world. In this SEI podcast, Lewis sits down with Ipek Ozkaya, technical director of Engineering Intelligent Software Systems, to discuss her vision and plans for the IEEE CS presidency.…
S
Software Engineering Institute (SEI) Podcast Series
1 Improving Machine Learning Test and Evaluation with MLTE 29:06
29:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMachine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration Center (AI2C) discuss Machine Learning Test and Evaluation (MLTE), a new tool that provides a process and infrastructure for ML test and evaluation. MLTE can aid organizations across the DoD in more effectively negotiating, documenting, and evaluating model and system qualities.…
S
Software Engineering Institute (SEI) Podcast Series
1 DOD Software Modernization: SEI Impact and Innovation 27:12
27:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and resilience in the SEI CERT Division, SEI director Paul Nielsen outlines the SEI’s work with the DoD on software modernization, including controlling the attack surface, incorporating industry practices such as DevSecOps, and the interplay between software, cybersecurity, and AI.…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing Docker Containers: Techniques, Challenges, and Tools 39:09
39:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיContainerization allows developers to run individual software applications in an isolated, controlled, repeatable way. With the increasing prevalence of cloud computing environments, containers are providing more and more of their underlying architecture. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Sasank Venkata Vishnubhatla and Maxwell Trdina, both engineers in the SEI CERT Division, sit down with Tim Chick, technical manager of the Applied Systems Group, to explore issues surrounding containerization, including recent vulnerabilities.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Introduction to Software Cost Estimation 22:55
22:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Anandi Hira, a data scientist on the SEI’s Software Engineering Measurement and Analysis team sits down with Bill Nichols, principal engineer and SEI data science team lead, to discuss software cost estimation including various metrics, best practices, and common challenges when developing or building a model.…
S
Software Engineering Institute (SEI) Podcast Series
1 Cybersecurity Metrics: Protecting Data and Understanding Threats 27:00
27:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOne of the biggest challenges in collecting cybersecurity metrics is scoping down objectives and determining what kinds of data to gather. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Bill Nichols, who leads the SEI’s Software Engineering Measurements and Analysis Group, discusses the importance of cybersecurity measurement, what kinds of measurements are used in cybersecurity, and what those metrics can tell us about cyber systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 3 Key Elements for Designing Secure Systems 36:28
36:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTo make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Timothy A. Chick, technical manager of the Applied Systems Group in the SEI’s CERT Division, discusses building, designing, and operating secure systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Using Role-Playing Scenarios to Identify Bias in LLMs 45:07
45:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי45:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHarmful biases in large language models (LLMs) make AI less trustworthy and secure. Auditing for biases can help identify potential solutions and develop better guardrails to make AI safer. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Katie Robinson and Violet Turri, researchers in the SEI’s AI Division, discuss their recent work using role-playing game scenarios to identify biases in LLMs.…
S
Software Engineering Institute (SEI) Podcast Series
1 Best Practices and Lessons Learned in Standing Up an AISIRT 38:29
38:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn the wake of widespread adoption of artificial intelligence (AI) in critical infrastructure, education, government, and national security entities, adversaries are working to disrupt these systems and attack AI-enabled assets. With nearly four decades in vulnerability management, the Carnegie Mellon University Software Engineering Institute (SEI) recognized a need to create an entity that would identify, research, and identify mitigation strategies for AI vulnerabilities to protect national assets against traditional cybersecurity, adversarial machine learning, and joint cyber-AI attacks. In this SEI podcast, Lauren McIlvenny, director of threat analysis in the SEI’s CERT Division, discusses best practices and lessons learned in standing up an AI Security Incident Response Team (AISIRT).…
S
Software Engineering Institute (SEI) Podcast Series
1 3 API Security Risks (and How to Protect Against Them) 19:28
19:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI CERT Division, discusses three API risks and how to address them through the lens of zero trust.…
S
Software Engineering Institute (SEI) Podcast Series
1 Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices 43:05
43:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי43:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHow can we effectively use large language models (LLMs) for cybersecurity tasks? In this Carnegie Mellon University Software Engineering Institute podcast, Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.
S
Software Engineering Institute (SEI) Podcast Series
1 Capability-based Planning for Early-Stage Software Development 33:55
33:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCapability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains use CBP for financial success or to design a well-balanced defense system. The definitions understandably vary across these domains. In this SEI podcast, Anandi Hira, a data scientist, and William R. Nichols, an initiative lead for Software Engineering Measurement and Analysis, introduce CBP and its use and application in software acquisition.…
S
Software Engineering Institute (SEI) Podcast Series
1 Safeguarding Against Recent Vulnerabilities Related to Rust 26:25
26:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhat can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their sources, and how to mitigate them.
S
Software Engineering Institute (SEI) Podcast Series
1 Developing a Global Network of Computer Security Incident Response Teams (CSIRTs) 30:51
30:51 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:51
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James Lord, security operations technical manager, discuss the SEI’s work developing Computer Security Incident Response Teams (CSIRTs) across the globe.…
S
Software Engineering Institute (SEI) Podcast Series
1 Automated Repair of Static Analysis Alerts 27:05
27:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDevelopers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Redemption, a new open source tool from the SEI that automatically repairs common errors in C/C++ code generated from static analysis alerts, making code safer and static analysis less overwhelming.…
S
Software Engineering Institute (SEI) Podcast Series
1 Developing and Using a Software Bill of Materials Framework 37:37
37:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWith the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Woody, principal researcher, and Michael Bandor, a senior software engineer, discuss a Software Bill of Materials (SBOMs) framework to help promote the use of SBOMs and establish a more comprehensive set of practices and processes that organizations can leverage as they build their programs. They also offer guidance for government agencies who are interested in incorporating SBOMs into their work.…
S
Software Engineering Institute (SEI) Podcast Series
1 Using Large Language Models in the National Security Realm 34:45
34:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAt the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower Project at Carnegie Mellon University’s Software Engineering Institute (SEI) from May 2023 through September 2023. The Mayflower Project attempted to answer the following questions: How might the IC set up a baseline, stand-alone LLM? How might the IC customize LLMs for specific intelligence use cases? How might the IC evaluate the trustworthiness of LLMs across use cases? In this SEI Podcast, Shannon Gallagher, AI engineering team lead, and Rachel Dzombak, special advisor to the director of the SEI’s AI Division, discuss the findings and recommendations from the Mayflower Project and provides additional background information about LLMs and how they can be engineered for national security use cases.…
S
Software Engineering Institute (SEI) Podcast Series
1 Atypical Applications of Agile and DevSecOps Principles 33:41
33:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיModern software engineering practices of Agile and DevSecOps have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business mission and capability delivery even though these concerns are critical to the successful delivery of a software product. Through our work with government organizations, we have found that expanding DevSecOps beyond product development enables other teams to increase their capabilities and improve their processes. Agile methodologies are also being used for complex system and hardware developments. In this podcast from the Carnegie Mellon University Software Engineering Institute, Lyndsi Hughes, a senior systems engineer and David Sweeney, an associate software developer, both with the SEI CERT Division, share their experiences leveraging DevSecOps pipelines in atypical situations in support of teams focused on the capability delivery and business mission for their organizations.…
S
Software Engineering Institute (SEI) Podcast Series
1 When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction 35:21
35:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIncreasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations that software program managers must first address. In this podcast, Patrick Place, a senior engineer, and Stephen Wilson, a test engineer, both with the SEI Agile Transformation Team, discuss seven considerations for successful use of Agile and EVM.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Impact of Architecture on Cyber-Physical Systems Safety 34:05
34:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs developers continue to build greater autonomy into cyber-physical systems (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and more precise data, but they require a complex architecture to correctly transfer and process multiple data streams. This increase in complexity comes with additional challenges for functional verification and validation, a greater potential for faults, and a larger attack surface. What’s more, CPSs often cannot distinguish faults from attacks. To address these challenges, researchers from the SEI and Georgia Tech collaborated on an effort to map the problem space and develop proposals for solving the challenges of increasing sensor data in CPSs. In this podcast from the Carnegie Mellon University Software Engineering Institute, Jerome Hugues, a principal researcher in the SEI Software Solutions Division, discusses this collaboration and its larger body of work, Safety Analysis and Fault Detection Isolation and Recovery (SAFIR) Synthesis for Time-Sensitive Cyber-Physical Systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies 46:22
46:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTo better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span multiple domains and call for vastly different capabilities. In this podcast, Matthew Walsh, a senior data scientist in CERT, and Dominic Ross, Multi-Media Design Team lead, discuss their work in developing the four case studies as well as limitations and future uses of ChatGPT.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Cybersecurity of Quantum Computing: 6 Areas of Research 23:01
23:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיResearch and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT Division, was recently invited to be a participant in the Workshop on Cybersecurity of Quantum Computing , co-sponsored by the National Science Foundation (NSF) and the White House Office of Science and Technology Policy, to examine the emerging field of cybersecurity for quantum computing. In this podcast from the Carnegie Mellon University Software Engineering Institute, Scanlon discusses how to create the discipline of cyber protection of quantum computing and outlines six areas of future research in quantum cybersecurity.…
S
Software Engineering Institute (SEI) Podcast Series
Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be collected. A top-down, deterministic specification of graphs or other depictions of data required by the metrics program can distract participants from the potentially useful information that the metrics reveal and illuminate. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Will Hayes, who leads the Agile Transformation Team, and Patrick Place, a principal engineer on that team, discuss with principal researcher Suzanne Miller, how user stories can help put development in the context of who is using the system and lead to a conversation about why a specific metric is being collected.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Product Manager’s Evolving Role in Software and Systems Development 24:19
24:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle of a successful product. These activities include thoroughly exploring the problem space by talking to users, assessing existing solutions, understanding the competition, and positioning the product to create value for customers. In this podcast from the Carnegie Mellon University Software Engineering Institute, Hwang talks with principal researcher Suzanne Miller about the importance of implementing foundational product management principles in software and systems development and offers resources for audience members who looking to strengthen their Agile product delivery practices.…
S
Software Engineering Institute (SEI) Podcast Series
1 Measuring the Trustworthiness of AI Systems 19:27
19:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate levels of trust, expectations must be managed for what AI can realistically deliver. In this podcast from the SEI’s AI Division, Carol Smith, a senior research scientist specializing in human-machine interaction, joins design researchers Katherine-Marie Robinson and Alex Steiner, to discuss how to measure the trustworthiness of an AI system as well as questions that organizations should ask before determining if it wants to employ a new AI technology.…
S
Software Engineering Institute (SEI) Podcast Series
1 Actionable Data in the DevSecOps Pipeline 31:58
31:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the help of readily available data. As in commercial companies, DoD PMs are accountable for the overall cost, schedule, and performance of a program. The PM’s job is even more complex in large programs with multiple software-development pipelines where cost, schedule, performance, and risk for the products of each pipeline must be considered when making decisions, as well as the interrelationships among products developed on different pipelines. Nichols and Cohen discuss how PMs can collect and transform unprocessed DevSecOps development data into useful program-management information that can guide decisions they must make during program execution. The ability to continuously monitor, analyze, and provide actionable data to the PM from tools in multiple interconnected pipelines of pipelines can help keep the overall program on track.…
S
Software Engineering Institute (SEI) Podcast Series
1 Insider Risk Management in the Post-Pandemic Workplace 47:34
47:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise threat and vulnerability management, and Randy Trzeciak, deputy director of Cyber Risk and Resilience, both with the SEI’s CERT Division, discuss how remote work in the post-pandemic world is changing expectations about employee behavior monitoring and insider risk detection.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Agile Approach to Independent Verification and Validation 31:57
31:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIndependent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Justin Smith, senior Agile transformation leader in the SEI Software Solutions Division, talks with principal researcher Suzanne Miller about how to bring concepts from Lean and Agile software development into the practice of IV&V. Smith describes his experiences at NASA’s Katherine Johnson IV&V Facility as a project manager for the Orion IV&V team. On that project, the developer employed Scaled Agile Framework (SAFe) as their development process, which had challenging consequences for established IV&V practices within NASA IV&V. Smith also discusses the ways in which NASA adapted to this change and describes strategies and tactics for reconciling Agile and IV&V.…
S
Software Engineering Institute (SEI) Podcast Series
1 Zero Trust Architecture: Best Practices Observed in Industry 27:53
27:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיZero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in practice. Recent executive orders have accelerated the timeline for zero trust adoption in the federal sector, and many private-sector organizations are following suit. Researchers in the CERT Division at the Carnegie Mellon University Software Engineering Institute (SEI) hosted Zero Trust Industry Days to enable industry stakeholders to share information about implementing zero trust. In this SEI podcast, CERT researchers Matthew Nicolai and Nathaniel Richmond discuss five zero trust best practices identified during the two-day event, explain their significance, and provide commentary and analysis on ways to empower your organization’s zero trust transformation.…
S
Software Engineering Institute (SEI) Podcast Series
1 Automating Infrastructure as Code with Ansible and Molecule 39:38
39:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles, users must deal with various concerns, including what operating system(s) and version(s) will be supported and whether a single node or a cluster of machines is needed. In this podcast from the Carnegie Mellon University Software Engineering Institute, Matthew Heckathorn, an integration engineer with the SEI’s CERT Division, offers guidance for systems engineers, system administrators, and others on developing Ansible roles and automating infrastructure as code.…
S
Software Engineering Institute (SEI) Podcast Series
1 Identifying and Preventing the Next SolarWinds 46:04
46:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to prevent a recurrence of another major attack on key systems that are in widespread use. Solar Winds is the name of a company that provided software to the U.S. federal government. In late 2020, news surfaced about a cyberattack that had already been underway for several months and that had reportedly compromised 250 government agencies, including the Treasury Department, the State Department, and nuclear research labs. In addition to compromising data, the attack resulted in financial losses of more than $90 million and was probably one of the most dangerous modern attacks on software and software-based businesses and government agencies in the recent past. The SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains. In this podcast, Touhill discusses topics including the need for systems to be secure by design and secure by default, the importance of transparency in the reporting of vulnerabilities and anomalous system behavior, the CERT Acquisition Security Framework, the need to secure data across a wide range of disparate devices and systems, and tactics and strategies for individuals and organizations to safeguard their data and the systems they rely on daily.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Penetration Testing Findings Repository 25:47
25:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that they helped to build. The repository is a source of information for active directory, phishing, mobile technology, systems and services, web applications, and mobile- and wireless-technology weaknesses that could be discovered during a penetration test. The repository is intended to help assessors provide reports to organizations using standardized language and standardized names for findings, and to save assessors time on report generation by having descriptions, standard remediations, and other resources available in the repository for their use. The repository is available at https://github.com/cisagov/pen-testing-findings…
S
Software Engineering Institute (SEI) Podcast Series
1 Understanding Vulnerabilities in the Rust Programming Language 36:45
36:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhile the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there is the possibility of security vulnerabilities–and malicious software that can take advantage of those vulnerabilities. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Garret Wassermann, researchers with the SEI's CERT Division, explore tools for understanding vulnerabilities in Rust whether the original source code is available or not. These tools are important for understanding malicious software where source code is often unavailable, as well as commenting on possible directions in which tools and automated code analysis can improve.…
S
Software Engineering Institute (SEI) Podcast Series
1 We Live in Software: Engineering Societal-Scale Systems 39:31
39:31 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:31
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSocietal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mechanisms for global communication and connect people with unprecedented speed. Despite the numerous benefits of societal-scale systems, these systems are designed to optimize user engagement and scale by using psychology (such as gaming and reward mechanisms) to influence users. Individual users struggle with privacy of their data and bias in these systems, while governments face new threats of misinformation. In this podcast from the Carnegie Mellon University Software Engineering Institute, John Robert and Forrest Shull discuss issues that must be considered when engineering societal-scale systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Secure by Design, Secure by Default 54:05
54:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי54:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work of the SEI and CERT in particular. The SEI has been in the forefront of secure software development, promoting an approach where security weaknesses are addressed, prevented, or eliminated earlier in the software development lifecycle, which not only helps to ensure secure systems, but also saves time and money. Touhill also discusses the CERT strategy in support of SEI sponsors in the U.S. Department of Defense (DoD), the Department of Homeland Security (DHS), and the Cybersecurity Infrastructure Security Agency (CISA) and his vision for the future of cybersecurity and the role of the CERT Division.…
S
Software Engineering Institute (SEI) Podcast Series
1 Key Steps to Integrate Secure by Design into Acquisition and Development 48:50
48:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי48:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSecure by design means performing more security and assurance activities earlier in the product and system lifecycles. A secure-by-design mindset addresses the security of systems during the requirements, design, and development phases of lifecycles rather than waiting until the system is ready for implementation. The need for a secure-by-design mindset is exacerbated by the amount of interconnectedness of today’s systems and the increasing amount of automation that characterizes system development. These trends have led to increased levels of risk and made implementation of security controls during test and patching systems after deployment increasingly unsustainable. In this podcast from the Carnegie Mellon University Software Engineering Institute, Robert Schiela, technical manager of the Secure Coding group, and Carol Woody, a principal researcher in the SEI’s CERT Division, talk with Suzanne Miller about the importance of integrating the practices and mindset of secure by design into the acquisition and development of software-reliant systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Exploration of Enterprise Technical Debt 25:56
25:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיLike all technical debt, enterprise technical debt consists of choices expedient in the short term, but often problematic over the long term. In enterprise technical debt, the impact reaches beyond the scope of a single system or project. Because ignoring enterprise technical debt can have significant consequences, software and systems architects should be alert for it, and they should not let it get overlooked or ignored when they come across it. Enterprise technical debt often results in multi-project or organization-wide risks that increase the organization’s cost, efficiency, or security risks. Remediation of enterprise technical debt requires intervention by governance structures whose scope is broader than that of individual teams or projects. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Stephany Bellomo, a principal engineer in the SEI’s Software Solutions Division, talks with principal researcher Suzanne Miller about identifying and remediating enterprise technical debt.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Messy Middle of Large Language Models 33:46
33:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe recent growth of applications that leverage large language models, including ChatGPT and Copilot, has spurred reactions ranging from fear and uncertainty to adoration and lofty expectations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Jay Palat, senior engineer and technical director of AI for mission, and Dr. Rachel Dzombak, senior advisor to the director of the SEI’s AI Division, discuss the current landscape of large language models (LLMs), common misconceptions about LLMs, how to leverage tools built on top of LLMs, and the need for critical thinking around both the outputs of the tools and the trends in their use.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Infrastructure-Focused Framework for Adopting DevSecOps 43:35
43:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי43:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDevSecOps practices, including continuous-integration/continuous-delivery (CI/CD) pipelines, enable organizations to respond to security and reliability events quickly and efficiently and to produce resilient and secure software on a predictable schedule and budget. Despite growing evidence and recognition of the efficacy and value of these practices, the initial implementation and ongoing improvement of the methodology can be challenging. In this podcast from the Carnegie Mellon University Software Engineering Institute, senior engineers Vanessa Jackson and Lyndsi Hughes discuss with principal researcher Suzanne Miller the DevSecOps adoption framework, which guides organizations in the planning and implementation of a roadmap to functional CI/CD pipeline capabilities.…
S
Software Engineering Institute (SEI) Podcast Series
Rust is growing in popularity. Its unique security model promises memory safety and concurrency safety, while providing the performance of C/C++. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Joe Sible, both engineers in the SEI’s CERT Division, talk with principal researcher Suzanne Miller about the Rust programming language and its security-related features. Svoboda and Sible discuss Rust’s compile-time safety guarantees, the kinds of vulnerabilities that Rust fixes and those that it does not, situations in which users would not want to use Rust, and where interested users can go to get more information about the Rust programming language.…
S
Software Engineering Institute (SEI) Podcast Series
1 Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron 51:16
51:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי51:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCoordinated vulnerability disclosure (CVD) begins when at least one individual becomes aware of a vulnerability, but it can’t proceed without the cooperation of many. Software supply chains, software libraries, and component vulnerabilities have evolved in complexity and have become as much a part of the CVD process as vulnerabilities in vendors’ proprietary code. Many CVD cases now require coordination across multiple vendors. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Allen Householder, a senior vulnerability and incident researcher in the SEI’s CERT Division, talks with principal researcher Suzanne Miller about Vultron , a protocol for multi-party coordinated vulnerability disclosure (MPCVD).…
S
Software Engineering Institute (SEI) Podcast Series
1 Asking the Right Questions to Coordinate Security in the Supply Chain 31:11
31:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about the SEI’s newly released Acquisition Security Framework, which helps programs coordinate the management of engineering and supply-chain risks across system components including hardware, network interfaces, software interfaces, and mission capabilities.…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing Open Source Software in the DoD 35:33
35:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Scott Hissam, a researcher within the SEI’s Software Solutions Division who works on software assurance in Department of Defense (DoD) systems, talks with Linda Parker Gates, initiative lead for the SEI’s Software Acquisition Pathways, about the use of free and open-source software (FOSS) in the DoD, building on insights that surfaced in a recent workshop held for producers and consumers of FOSS for DoD systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Model-Based Tool for Designing Safety-Critical Systems 48:43
48:43 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי48:43
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Sam Procter and Lutz Wrage, researchers with the SEI, discuss the Guided Architecture Trade Space Explorer (GATSE), a new SEI-developed model-based tool to help with the design of safety-critical systems. The GATSE tool allows engineers to evaluate more design options in less time than they can now. This prototype language extension and software tool partially automates the process of model-based systems engineering so that systems engineers can rapidly explore combinations of different design options.…
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Developer Velocity and System Security with DevSecOps 32:55
32:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn aiming for correctness and security of product, as well as for development speed, software development teams often face tension in their objectives. During a recent customer engagement that involved the development of a continuous-integration (CI) pipeline, developers wanted to develop features and deploy to production, deferring non-critical bugs as technical debt, whereas cyber engineers wanted compliant software by having the pipeline fail on any security requirement that was not met. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Alejandro Gomez, a researcher in the SEI’s CERT Division who worked on the customer project, talked with principal researcher Suzanne Miller about how the team explored—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Method for Assessing Cloud Adoption Risks 21:47
21:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe shift to a cloud environment provides significant benefits. Cloud resources can be scaled quickly, updated frequently, and widely accessed without geographic limitations. Realizing these benefits, however, requires organizations to manage associated organizational and technical risks. In this podcast from the Carnegie Mellon University Software Engineering Institute, Chris Alberts, principal cybersecurity analyst in the SEI’s CERT Division, discusses with principal researcher Suzanne Miller a prototype set of cloud adoption risk factors and describes a method that managers can employ to assess their cloud initiatives against these risk factors.…
S
Software Engineering Institute (SEI) Podcast Series
1 Software Architecture Patterns for Deployability 29:09
29:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCompetitive pressures in many domains, as well as development paradigms such as Agile and DevSecOps , have led to the increasingly common practice of continuous delivery or continuous deployment where frequent updates to software systems are rapidly and reliably fielded. In today’s systems, releases can occur at any time—possibly hundreds of releases per day—and each can be instigated by a different team within an organization. Being able to release frequently means that bug fixes and security patches do not have to wait until the next scheduled release, but rather can be made and released as soon as a bug is discovered and fixed. It also means that new features can be put into production at any time and don’t have to wait to be bundled into a release. In this podcast, Rick Kazman, an SEI visiting scientist and coauthor of Software Architecture in Practice , talks with principal researcher Suzanne Miller about using patterns for software deployability. These patterns fall into two broad categories: complete replacement of services and canary testing.…
S
Software Engineering Institute (SEI) Podcast Series
1 ML-Driven Decision Making in Realistic Cyber Exercises 48:58
48:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי48:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Thomas Podnar and Dustin Updyke, both senior cybersecurity engineers with the SEI’s CERT Division, discuss their work to apply machine learning to increase the realism of non-player characters (NPCs) in cyber training exercises.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Roadmap for Creating and Using Virtual Prototyping Software 56:30
56:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי56:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Douglass Post and Richard Kendall, authors of "Creating and Using Virtual Prototyping Software: Principles and Practices" discuss with principal researcher Suzanne Miller experiences and insights that they gleaned from applying virtual prototyping in CREATE (Computational Research and Engineering Acquisition Tools and Environments), a multiyear DoD program to develop and deploy software for systems like ships, air vehicles, ground vehicles, and radio-frequency antennas. CREATE enabled engineers and scientists to design these complex systems and to accurately predict their performance.…
S
Software Engineering Institute (SEI) Podcast Series
1 Software Architecture Patterns for Robustness 31:13
31:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, visiting scientist Rick Kazman and principal researcher Suzanne Miller discuss software architecture patterns and the effect that certain architectural patterns have on quality attributes, such as availability and robustness. Kazman also provides examples of mechanisms—such as architectural tactics and patterns—and the effects they have on availability and robustness, especially in cloud-based systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Platform-Independent Model for DevSecOps 23:41
23:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDevSecOps encompasses all the best software engineering principles known today with an emphasis on faster delivery through increased collaboration of all stakeholders resulting in more secure, useable, and higher-quality software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, researchers Tim Chick and Joe Yankel present a DevSecOps Platform-Independent Model (PIM), which uses model based systems engineering (MBSE) to formalize the practices of DevSecOps pipelines and organize relevant guidance. This first-of-its-kind model gives software development enterprises the structure and articulation needed for creating, maintaining, securing, and improving DevSecOps pipelines.…
S
Software Engineering Institute (SEI) Podcast Series
1 Using the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems 27:36
27:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Jason Larkin and Daniel Justice, researchers in the SEI’s AI Division, discuss a paper outlining their efforts to simulate the performance of Quantum Approximate Optimization Algorithm (QAOA) for the Max-Cut problem and compare it with some of the best classical alternatives, for exact, approximate, and heuristic solutions.…
S
Software Engineering Institute (SEI) Podcast Series
To ensure trust, artificial intelligence systems need to be built with fairness, accountability, and transparency at each step of the development cycle. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in human machine interaction, and Dustin Updyke, a senior cybersecurity engineering in the SEI’s CERT Division, discuss the construction of trustworthy AI systems and factors influencing human trust of AI systems.…
S
Software Engineering Institute (SEI) Podcast Series
In this podcast from the Carnegie Mellon University Software Engineering Institute, Shannon Gallagher, a data scientist with SEI’s CERT Division, and Dominic Ross, multimedia team lead for the SEI, discuss deepfakes, their exponential growth in recent years, their increasing technical sophistication, and the problems they pose for individuals and organizations. Gallagher and Ross also discuss the SEI’s recent research in assessing the technology underlying the creation and detection of deepfakes and understanding current and future threat levels.…
S
Software Engineering Institute (SEI) Podcast Series
1 Challenges and Metrics in Digital Engineering 42:18
42:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDigital engineering uses digital tools and representations in the process of developing, sustaining, and maintaining systems, including requirements, design, analysis, implementation, and test. The digital modeling approach is intended to establish an authoritative source of truth for the system, in which discipline-specific views of the system are created using the same model elements. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), William “Bill” Nichols, a senior member of the technical staff with the SEI’s Software Solutions Division, discusses with principal researcher Suzanne Miller the challenges in making the transition from traditional development practices to digital engineering.…
S
Software Engineering Institute (SEI) Podcast Series
1 The 4 Phases of the Zero Trust Journey 34:28
34:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOver the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the federal sector. Private sector organizations are also looking to adopt zero trust to bring their technical infrastructure and processes in line with cybersecurity best practices. Real-world preparation for zero trust, however, has not caught up with existing cybersecurity frameworks and literature. NIST standards have defined the desired outcomes for zero trust transformation, but the implementation process is still relatively undefined. As the nation’s first federally funded research and development center with a clear emphasis on cybersecurity, the Carnegie Mellon University Software Engineering Institute (SEI) is uniquely positioned to bridge the gap between NIST standards and real-world implementation. In this podcast, Tim Morrow and Matthew Nicolai, researchers with the SEI’s CERT Division, have outlined 4 steps that organizations can take to implement and maintain zero trust architecture.…
S
Software Engineering Institute (SEI) Podcast Series
In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Hasan Yasar, technical director, Continuous Deployment of Capability at the SEI, and Jay Palat, interim director of AI for Mission in the SEI’s AI Division, discuss how to engineer AI systems with DevSecOps and explore the relationship between MLOps and DevSecOps.…
S
Software Engineering Institute (SEI) Podcast Series
1 Undiscovered Vulnerabilities: Not Just for Critical Software 35:26
35:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Jonathan Spring, a senior vulnerability researcher, discusses with Suzanne Miller the findings in a paper he published recently analyzing the number of undiscovered vulnerabilities in information systems. This paper examines the paradigm that the number of undiscovered vulnerabilities is manageably small through the lens of mathematical concepts from the theory of computing.…
S
Software Engineering Institute (SEI) Podcast Series
As the field of artificial intelligence (AI) has matured, increasingly complex opaque models have been developed and deployed to solve hard problems. Unlike many predecessor models, these models, by the nature of their architecture, are harder to understand and oversee. When such models fail or do not behave as expected or hoped, it can be hard for developers and end-users to pinpoint why or determine methods for addressing the problem. Explainable AI (XAI) meets the emerging demands of AI engineering by providing insight into the inner workings of these opaque models. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri and Rachel Dzombak, both with the SEI's AI Division, discuss explainable AI, which encompasses all the techniques that make the decision-making processes of AI systems understandable to humans.…
S
Software Engineering Institute (SEI) Podcast Series
1 Model-Based Systems Engineering Meets DevSecOps 34:10
34:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, senior researchers Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and technology. Hugues and Yankel also discuss how making this integration between DevSecOps and MBSE explicit unlocks both the speed of DevSecOps and the risk reduction of MBSE.…
S
Software Engineering Institute (SEI) Podcast Series
1 Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy 31:46
31:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is rampant. The downside is that this reused code contains defects unknown to the new user, which, in turn, propagate vulnerabilities into new systems. This is troubling news in an operational climate already rife with cybersecurity risk. Organizations must develop a cybersecurity engineering strategy for systems that addresses the integration of DevSecOps with the software supply chain. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Carol Woody, a principal researcher in the SEI’s CERT Division, talks with Suzanne Miller about supply-chain issues and the planning needed to integrate software from the supply chain into operational environments. The discussion includes building a cybersecurity engineering strategy for DevSecOps that addresses those supply-chain challenges.…
S
Software Engineering Institute (SEI) Podcast Series
1 Software and Systems Collaboration in the Era of Smart Systems 26:04
26:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), director Paul Nielsen talks with principal researcher Suzanne Miller about how the advent of smart systems has led to a growing need for effective collaboration and cross-pollination between the disciplines of systems engineering and software engineering.…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing the Supply Chain for the Defense Industrial Base 18:37
18:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Gavin Jurecko, who leads the Resilience Diagnostics Team, talks with Katie Stewart about risks associated with the supply chains of the defense industrial base (DIB), and how the SEI works with the U.S. Department of Defense to help secure the DIB supply chain.…
S
Software Engineering Institute (SEI) Podcast Series
1 Building on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis 23:24
23:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jeffrey Gennari, a senior malware reverse engineer, and Garret Wassermann, a vulnerability analyst, both with the SEI’s CERT Division, discuss Kaiju, a series of tools that they have developed that allows for malware analysis and reverse engineering. Kajiu helps analysts take better advantage of Ghidra, the National Security Agency’s reverse-engineering tool.…
S
Software Engineering Institute (SEI) Podcast Series
1 Envisioning the Future of Software Engineering 40:11
40:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Anita Carleton, director of the Software Solutions Division at the SEI, and Forrest Shull, lead for defense software acquisition policy research in the Software Solutions Division of the SEI, discuss the recently published SEI-led study Architecting the Future of Software Engineering: A National Agenda for Software Engineering Research & Development . In creating this multi-year research and development vision and roadmap for engineering next-generation software-reliant systems, the SEI engaged the software engineering community and assembled an advisory board of senior thought leaders across commercial industry, academia, and government, with participation from Microsoft, Google, SpaceX, Lockheed Martin, Boeing, DARPA, and others.…
S
Software Engineering Institute (SEI) Podcast Series
1 Implementing the DoD's Ethical AI Principles 23:17
23:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in Human Machine Interaction, and Alexandrea Van Deusen, an assistant design researcher, both with the SEI’s AI Division, discuss a recent project in which they helped the Defense Innovation Unit (DIU) of the U.S. Department of Defense develop guidelines for responsible use of artificial intelligence (AI), based on the DoD’s Ethical Principles for AI. These guidelines can serve as a guide for organizations in industry and government to implement responsible AI considerations into practice in real-world programs.…
S
Software Engineering Institute (SEI) Podcast Series
1 Walking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems 39:36
39:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Nickolas Guertin, a senior systems engineer with the SEI’s Software Solutions Division, and Douglas Schmidt, associate provost of research at Vanderbilt University and former chief technical officer at the SEI, discuss strategies for creating architectures for large-scale, complex systems that comprise functions with a wide range of requirements. This is one of the most challenging areas in U.S. Department of Defense acquisition, and this approach and the strategies discussed are important to the future of our large systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Software Engineering for Machine Learning: Characterizing and Understanding Mismatch in ML Systems 30:19
30:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMismatches between the perspectives and practices of the roles involved in the development and fielding of ML systems—data scientists, software engineers, and operations personnel—can affect the ability of systems to achieve their intended missions. In this SEI Podcast, Grace Lewis, a principal researcher and lead for the Tactical and AI-Enabled Systems Initiative, and Ipek Ozkaya, technical director of Engineering Intelligent Software Systems, discuss their research into characterizing, codifying, and mitigating such mismatches.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Discussion on Automation with Watts Humphrey Award Winner Rajendra Prasad 37:17
37:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Mike Konrad, a principal researcher in the SEI's Software Solutions Division, talks with 2020 IEEE Computer Society SEI Watts Humphrey Software Quality Award winner Rajendra Prasad of Accenture about automation and how SEI-developed process improvement methods and tools provided the foundation for his leadership role.…
S
Software Engineering Institute (SEI) Podcast Series
1 Enabling Transition From Sustainment to Engineering Within the DoD 31:22
31:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganic software sustainment organizations within the Department of Defense are expanding beyond their traditional purview of software maintenance into software engineering and development. Instead of repairing and maintaining legacy software in already deployed systems, software sustainment teams must now shift to designing and implementing new software architectures and code. Unfortunately, many of these sustainment teams are taking on these new responsibilities without proper guidance and an understanding of the people, process, and technology issues that must first be addressed in these new roles. In this podcast, Thomas Evans, a senior software architect at the SEI, and Douglas C. Schmidt, associate provost of research at Vanderbilt University and former chief technical officer at the SEI, discuss the challenges that software sustainment teams face while making this transition and strategies for success.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Silver Thread of Cyber in the Global Supply Chain 26:56
26:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe global supply chain touches every aspect of our lives, from fuel prices to the availability of computer chips and supermarket products. In out latest podcast, Matt Butkovic, technical director of risk and resilience at Carnegie Mellon University’s Software Engineering Institute , discusses with Suzanne Miller the supply chain's silver thread of cyber, specifically how cyber both underpins the cyber supply chain and the broader supply chain. Butkovic’s team recently engaged with the World Economic Forum to create an online transformation map, a set of connected topics defining a specific domain of interest. In this episode, Butkovic also discusses work on this map, the importance of cyber resilience, and how to determine the resilience your organization needs and the resilience it currently possesses.…
S
Software Engineering Institute (SEI) Podcast Series
1 Measuring DevSecOps: The Way Forward 39:32
39:32 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:32
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Bill Nichols and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss DevSecOps metrics with Suzanne Miller. DevSecOps practices, made possible by improvements in underlying technology that automate the development-to-production pipeline, can generate more information about development and operational performance than has ever been readily available before. Nichols and Yasar discuss the ways in which DevSecOps practices yield valuable information about software performance that is likely to lead to innovations in software engineering metrics.…
S
Software Engineering Institute (SEI) Podcast Series
1 Bias in AI: Impact, Challenges, and Opportunities 24:58
24:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in human-machine interaction, and Jonathan Spring, a senior vulnerability researcher, discuss the hidden sources of bias in artificial intelligence (AI) systems and how systems developers can raise their awareness of bias, mitigate consequences, and reduce risks.…
S
Software Engineering Institute (SEI) Podcast Series
1 Agile Strategic Planning: Concepts and Methods for Success 29:50
29:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe rapid pace of change in software development, in business, and in the world has many organizations struggling to execute daily operations, wrangle big projects, and feel confident that there is a long-term strategy at play. Incorporating agile principles into strategic planning and execution is a highly effective way to drive strategy development, strategy execution, data-driven decision making, and results. In this SEI Podcast, Linda Parker Gates, initiative lead, Software Acquisition Pathways, and Suzanne Miller, principal researcher in the SEI’s Software Solutions Division, discuss the principles of Agile Strategic Planning and methods for success.…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Scientific Methods in Cybersecurity 39:49
39:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Dr. Leigh Metcalf and Dr. Jonathan Spring, both researchers with the Carnegie Mellon University Software Engineering Institute’s CERT Division, discuss the application of scientific methods to cybersecurity. As described in their recently published book, Using Science in Cybersecurity , Metcalf and Spring describe a common-sense approach and practical tools for applying scientific rigor to the field of cybersecurity.…
S
Software Engineering Institute (SEI) Podcast Series
1 Zero Trust Adoption: Benefits, Applications, and Resources 30:25
30:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיZero trust adoption is a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve cybersecurity posture requires the alignment of multiple stakeholders, systems, acquisitions, and exponentially changing technology. This alignment is always a complex undertaking and requires cybersecurity strategy and engineering to succeed. In this SEI Podcast, Geoff Sanders, a senior network defense analyst in the CERT Division at Carnegie Mellon University's Software Engineering Institute, discusses zero trust adoption and its benefits, applications, and available resources.…
S
Software Engineering Institute (SEI) Podcast Series
1 Uncertainty Quantification in Machine Learning: Measuring Confidence in Predictions 31:40
31:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Dr. Eric Heim, a senior machine learning research scientist at Carnegie Mellon University's Software Engineering Institute (SEI), discusses the quantification of uncertainty in machine-learning (ML) systems. ML systems can make wrong predictions and give inaccurate estimates for the uncertainty of their predictions. It can be difficult to predict when their predictions will be wrong. Heim also discusses new techniques to quantify uncertainty, identify causes of uncertainty, and efficiently update ML models to reduce uncertainty in their predictions. The work of Heim and colleagues at the SEI Emerging Technology Center closes the gap between the scientific and mathematical advances from the ML research community and the practitioners who use the systems in real-life contexts, such as software engineers, software developers, data scientists, and system developers.…
S
Software Engineering Institute (SEI) Podcast Series
1 11 Rules for Ensuring a Security Model with AADL and Bell–LaPadula
48:05
48:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי48:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Aaron Greenhouse, a senior architecture researcher with Carnegie Mellon University’s Software Engineering Institute, talks with principal researcher Suzanne Miller about use of the Bell–LaPadula mathematical security model in concert with the Architecture Analysis and Design Language (AADL) to model and validate confidentiality. Greenhouse and Miller also discuss 11 analysis rules that must be enforced over an AADL instance to ensure the consistency of a security model. Mapping Bell–LaPadula to AADL allows the expression of key concepts within the AADL model so that they can be analyzed automatically.…
S
Software Engineering Institute (SEI) Podcast Series
1 Benefits and Challenges of Model-Based Systems Engineering 33:10
33:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיNataliya (Natasha) Shevchenko and Mary Popeck, both senior researchers in the CERT Division at Carnegie Mellon University’s Software Engineering Institute, discuss the use of model-based systems engineering (MBSE), which, in contrast to document-centric engineering, puts models at the center of system design. MBSE is used to support the requirements, design, analysis, verification, and validation associated with the development of complex systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Can DevSecOps Make Developers Happier? 41:17
41:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAuthor Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous Deployment of Capability at Carnegie Mellon University’s Software Engineering Institute, relates these components to DevSecOps and summarizes a recent survey affirming that DevSecOps practices do indeed make developers and other stakeholders in their organizations happier.…
S
Software Engineering Institute (SEI) Podcast Series
1 Is Your Organization Ready for AI? 30:20
30:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, digital transformation lead Dr. Rachel Dzombak and research scientist Carol Smith, both with the SEI’s Emerging Technology Center at Carnegie Mellon University, discuss how AI Engineering can support organizations to implement AI systems. The conversation covers the steps that organizations need to take (as well as the hard conversations that need to occur) before they are AI ready.…
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Vulnerabilities in Machine Learning and Artificial Intelligence Systems 40:59
40:59 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:59
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe robustness and security of artificial intelligence, and specifically machine learning (ML), is of vital importance. Yet, ML systems are vulnerable to adversarial attacks. These can range from an attacker attempting to make the ML system learn the wrong thing (data poisoning), do the wrong thing (evasion attacks), or reveal the wrong thing (model inversion). Although there are several efforts to provide detailed taxonomies of the kinds of attacks that can be launched against a machine learning system, none are organized around operational concerns. In this podcast, Jonathan Spring, Nathan VanHoudnos, and Allen Householder, all researchers at the Carnegie Mellon University Software Engineering Institute, discuss the management of vulnerabilities in ML systems as well as the Adversarial ML Threat Matrix, which aims to close this gap between academic taxonomies and operational concerns.…
S
Software Engineering Institute (SEI) Podcast Series
In this SEI Podcast, Rachel Dzombak and Jay Palat discuss growth in the field of artificial intelligence (AI) and how organizations can hire and train staff to take advantage of the opportunities afforded by AI and machine learning—and the critical need for an AI engineering discipline to grow the AI workforce.…
S
Software Engineering Institute (SEI) Podcast Series
DevSecOps is a set of principles and practices that provide faster delivery of secure software capabilities by improving the collaboration and communication between software development teams, IT operations, and security staff within an organization, as well as with acquirers, suppliers, and other stakeholders in the life of a software system. In this SEI podcast, Hasan Yasar, technical director of the Continuous Deployment of Capability group in the Software Solutions Division of the SEI, discusses the transition from DevOps to DevSecOps.…
S
Software Engineering Institute (SEI) Podcast Series
1 Mission-Based Prioritization: A New Method for Prioritizing Agile Backlogs 13:18
13:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Keith Korzec discusses the Mission-Based Prioritization method for prioritizing Agile backlogs. This method overcomes the shortcomings of prioritization based on “weighted shortest job first” and utilizes objective, mission-focused criteria while allowing ongoing re-prioritization to be conducted with minimal overhead.…
S
Software Engineering Institute (SEI) Podcast Series
1 Digital Engineering and DevSecOps 30:45
30:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDigital engineering is an integrated digital approach that uses authoritative sources of systems data and models as a continuum across disciplines to support lifecycle activities from concept through disposal. With digital engineering, models are developed for everything, not just for software, but for all components of a system of systems, hardware and software. The models and associated data are stored in a singular repository of knowledge and are the single source that is used by all contractors and everyone working on the project. In this SEI Podcast, David Shepard, a researcher with the Carnegie Mellon University Software Engineering Institute, discusses digital engineering and its relationship with DevSecOps.…
S
Software Engineering Institute (SEI) Podcast Series
1 A 10-Step Framework for Managing Risk 30:31
30:31 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:31
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBrett Tucker, a technical manager for cyber risk in the SEI CERT Division, discusses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for the Enterprise (OCTAVE FORTE) Model, which helps organizations evaluate security risks and use principles of enterprise risk management to bridge the gap between executives and practitioners. In this SEI Podcast, Tucker outlines OCTAVE FORTE's 10-step framework to guide organizations in managing risk.…
S
Software Engineering Institute (SEI) Podcast Series
1 7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts 20:23
20:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIf organizations take more steps to address security-related activities now, they will be less likely to encounter security incidents in the future. When it comes to application containers, security is achieved through adopting a series of best practices and guidelines. In this SEI Podcast, Tom Scanlon and Richard Laughlin, researchers with the SEI's CERT Division, discuss seven steps that developers can take to engineer security into ongoing and future container adoption efforts.…
S
Software Engineering Institute (SEI) Podcast Series
1 Ransomware: Evolution, Rise, and Response 32:50
32:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Marisa Midler and Tim Shimeall, network defense analysts within the SEI's CERT Division, discuss the growing problem of ransomware including the rise of ransomware as a service threats. Ransom payments from Quarter 3 of 2019 were on average $42,000, and in Quarter 1 of 2020, that average increased $70,000 to $112,000. The volume of attacks also increased by 25 percent in Quarter 4 of 2019 and by another 25 percent in Quarter 1 of 2020. The sophistication of the attacks has increased alongside their severity. Midler and Shimeall discuss steps and strategies that organizations can adopt to minimize their exposure to the risks and threats associated with ransomware.…
S
Software Engineering Institute (SEI) Podcast Series
1 VINCE: A Software Vulnerability Coordination Platform 38:14
38:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware vulnerability coordination at the CERT Coordination Center (CERT/CC) has traditionally relied on a hub-and-spoke model, with reports submitted to analysts at the CERT/CC analysts who would then work with contact affected vendors. To scale communications and increase the level of collaboration between vulnerability reporters, coordinators, and software vendors, the CERT/CC team has created a web-based platform for software vulnerability reporting and coordination called the Vulnerability Information and Coordination Environment (VINCE). In this SEI Podcast, Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI’s CERT Division, discuss the rollout of VINCE, how to use it, and future work in vulnerability coordination.…
S
Software Engineering Institute (SEI) Podcast Series
1 Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network
46:17
46:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe COVID-19 pandemic has forced significant changes in enterprise work practices, including an increased use of telecommunications technologies required by the new work-from-home policies that most organizations have instituted in response. In this podcast, Phil Groce, a senior network defense analyst in the CERT Division of the Carnegie Mellon University Software Engineering Institute, discusses the security implications of this dramatic increase in the number of people in organizations who are working from home, examines the threats and vulnerabilities associated with the increase in remote work, and offers practical solutions to individuals and enterprises for operating securely in this new environment.…
S
Software Engineering Institute (SEI) Podcast Series
The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, researchers at the Carnegie Mellon University Software Engineering Institute and architects of the model, discuss the CMMC assessment guides, how they were developed, and how they can be used.…
S
Software Engineering Institute (SEI) Podcast Series
1 The CMMC Level 3 Assessment Guide: A Closer Look 13:45
13:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model and researchers at Carnegie Mellon University's Software Engineering Institute, discuss the Level 3 Assessment Guide for the CMMC and how it differs from the Level 1 Assessment Guide.…
S
Software Engineering Institute (SEI) Podcast Series
1 The CMMC Level 1 Assessment Guide: A Closer Look 20:37
20:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 1 Assessment Guide for the CMMC.…
S
Software Engineering Institute (SEI) Podcast Series
1 Achieving Continuous Authority to Operate (ATO) 33:29
33:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAuthority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.…
S
Software Engineering Institute (SEI) Podcast Series
1 Challenging the Myth of the 10x Programmer 16:51
16:51 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:51
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA pervasive belief in software engineering is that some programmers are much, much better than others (the times-10, or 10x, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organizations’ success or failure. Bill Nichols, a researcher with the Carnegie Mellon University Software Engineering Institute, recently examined the veracity and relevance of this widely held notion. Using data from a study conducted at the SEI, Nichols found evidence that not only challenges the idea that some programmers are inherently far more skilled or productive than others but that the truth if far more nuanced.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Stakeholder-Specific Approach to Vulnerability Management 37:11
37:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMany organizations use the Common Vulnerability Scoring System (CVSS) to prioritize actions during vulnerability management. This podcast—which highlights the latest work in prioritizing actions during vulnerability management—presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that avoids some problems with CVSS. SSVC takes the form of decision trees for different vulnerability management communities. During this podcast, CERT vulnerability researchers Eric Hatleback, Allen Householder, and Jonathan Spring discuss SSVC and also take audience members through a sample scoring vulnerability.…
S
Software Engineering Institute (SEI) Podcast Series
The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 5 process maturity requirements, which are standardizing and optimizing a documented approach for CMMC.…
S
Software Engineering Institute (SEI) Podcast Series
1 Reviewing and Measuring Activities for Effectiveness in CMMC Level 4 13:13
13:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss reviewing and communicating CMMC activities and measuring those activities for effectiveness, which are requirements of Level 4 of the model.…
S
Software Engineering Institute (SEI) Podcast Series
1 Situational Awareness for Cybersecurity: Beyond the Network 25:35
25:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSituational awareness makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help leaders make more informed decisions. In this SEI Podcast, Angela Horneman and Timothy Morrow, researchers in the SEI's CERT Division, discuss the importance of looking beyond the network to acquire situational awareness for cybersecurity.…
S
Software Engineering Institute (SEI) Podcast Series
1 Quantum Computing: The Quantum Advantage 30:34
30:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhile actual quantum computers are available from several different companies, we are currently in the Noisy Intermediate-Scale Quantum (NISQ) era. Working in the NISQ era presents a number of challenges, and the SEI is working to use NISQ devices not only to solve specific mission applications for the Department of Defense, but also to help determine when they will demonstrate so-called quantum advantage: a quantum computer solving a problem of practical interest faster than a classical computer. In this episode, the latest from the SEI Podcast Series , Dr. Jason Larkin, a researcher in the SEI's Emerging Technology Center, discusses the challenges of working in the NISQ era and the work that the SEI is doing in this area. Dr. Larkin also provides a list of resources in quantum computing.…
S
Software Engineering Institute (SEI) Podcast Series
The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss how assessed DIB organizations are scored according to the model.…
S
Software Engineering Institute (SEI) Podcast Series
1 Developing an Effective CMMC Policy 10:25
10:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי10:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, present guidelines for developing an effective CMMC policy.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Future of Cyber: Educating the Cybersecurity Workforce 28:10
28:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe culture of computers and information technology changes quickly. The Future of Cyber Podcast series explores the future of cyber and whether we can use the innovations of the past to address the problems of the future. In our latest episode, Bobbie Stempfley, director of the SEI’s CERT Division, interviews Dr. Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection, or I3P, and vice provost for research at American University. Their discussion focused on educating the cybersecurity workforce in a way that closes the gap between what students are taught in school and the skills they’ll need to use in the workplace.…
S
Software Engineering Institute (SEI) Podcast Series
The Cybersecurity Maturity Model Certification (CMMC) 1.0 for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss process documentation, a Level 2 requirement.…
S
Software Engineering Institute (SEI) Podcast Series
Software development is shifting to incremental delivery to meet the demand for software quicker and at lower costs. With the current cyber threat climate, the demand for cybersecurity is growing but existing compliance processes focus on a completed product and do not support incremental delivery. Cybersecurity must be carefully woven into each increment deliver results with sufficient security and quality. Previous SEI research has shown that improved quality results in improved cybersecurity. In this SEI Podcast, Dr. Carol Woody and Will Hayes discuss an approach that allows organizations to integrate cybersecurity into the agile pipeline.…
S
Software Engineering Institute (SEI) Podcast Series
1 CMMC Levels 1-3: Going Beyond NIST SP-171 12:56
12:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from Defense Industrial Base (DIB) entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all the CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss CMMC Levels 1-3 and what steps organizations need to take to move beyond NIST 800-171.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Future of Cyber: Secure Coding 41:16
41:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיFor more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and the dependence of national capabilities on the cyber domain. These challenges demand that we think about how to achieve the future we need, which is the subject of a new series of podcasts, The Future of Cyber. In this episode, Bobbie Stempfley, director of the CERT Division of the SEI, explores the future of secure coding with Steve Lipner, the executive director of SAFECode and former director of software security at Microsoft, where he created Microsoft’s Security Development Lifecycle.…
S
Software Engineering Institute (SEI) Podcast Series
1 Challenges to Implementing DevOps in Highly Regulated Environments 38:42
38:42 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:42
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI podcast, Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environments (HREs), exploring issues such as environment parity, the approval process, and compliance. This podcast is the second to explore DevOps in HREs.
S
Software Engineering Institute (SEI) Podcast Series
The culture of computers and information technology evolves quickly. In this environment, how can we build a culture of security through regulations and best practices when technology can move so much faster than legislative bodies? The Future of Cyber Podcast Series explores whether we can use the innovations of the past to address the problems of the future. In this SEI Podcast, David Hickton, founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security, sits down with Bobbie Stempfley, director of the SEI’s CERT Division, to talk about the future of cybercrime.…
S
Software Engineering Institute (SEI) Podcast Series
Artificially intelligent (AI) systems hold great promise to empower us with knowledge and enhance human effectiveness. As a senior research scientist in human-machine interaction at the Software Engineering Institute's Emerging Technology Center, Carol Smith works to further understand how humans and machines can better collaborate to solve important problems and also understand our responsibilities and how that work continues once AI systems are operational. In this podcast, Smith discusses a framework that builds upon the importance of diverse teams and ethical standards to ensure that AI systems are trustworthy and able to effectively augment warfighters.…
S
Software Engineering Institute (SEI) Podcast Series
1 The CERT Guide to Coordinated Vulnerability Disclosure 35:01
35:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Allen Householder and David Warren discuss the CERT Guide to Coordinated Vulnerability Disclosure , which is intended for use by security researchers, software vendors, and other stakeholders in navigating the complexities of informing others about security vulnerabilities.
S
Software Engineering Institute (SEI) Podcast Series
1 The Future of Cyber: Security and Privacy 24:57
24:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיComputers and information technology are getting more and more integrated into our daily lives, so they need to be easy to use. But recent, historically large data breaches have demonstrated the need to make systems more secure and to protect information about individuals. How will the security−privacy−usability triangle successfully accommodate the challenges that the future will bring? In this podcast, Dr. Lorrie Faith Cranor, director of CyLab, sits down with Bobbie Stempfley, director of the SEI’s CERT Division, to talk about the future of cyber in security and privacy.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Future of Cyber: Security and Resilience 33:19
33:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיFor more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and the dependence of national capabilities on the cyber domain. These challenges demand that we think about how to achieve the future we need. In this podcast, the first in a series exploring The Future of Cyber, Bobbie Stempfley, director of the CERT Division of the SEI, and Dr. Michael McQuade, vice-president for research at Carnegie Mellon University, explore past and present technologies that have helped to secure our digital infrastructure and how past advancements will help us secure future architectures.…
S
Software Engineering Institute (SEI) Podcast Series
In this podcast, Jeff Gennari and Cory Cohen discuss updates to the Pharos Binary Analysis Framework in GitHub, including a new plug-in to import OOAnalyzer analysis into the NSA's recently released Ghidra software reverse engineering tool suite.
S
Software Engineering Institute (SEI) Podcast Series
1 Benchmarking Organizational Incident Management Practices 35:08
35:08 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:08
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSuccessful management of incidents that threaten an organization's computer security is a complex endeavor. Frequently an organization's primary focus is on the response aspects of security incidents, which results in its failure to manage incidents beyond simply reacting to threatening events. In this SEI Podcast, Robin Ruefle and Mark Zajicek discuss recent work that provides a baseline or benchmark of incident management practices for an organization and detail how important it is to focus on preparation for incident management along with coordination and communication of analysis and response activities.…
S
Software Engineering Institute (SEI) Podcast Series
1 Machine Learning in Cybersecurity: 7 Questions for Decision Makers 27:49
27:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיApril Galyardt, Angela Horneman, and Jonathan Spring discuss seven key questions that managers and decision makers should ask about machine learning to effectively solve cybersecurity problems.
S
Software Engineering Institute (SEI) Podcast Series
1 Human Factors in Software Engineering 47:24
47:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSolving the technical aspects isn’t enough to build reliable, enduring, resilient software and systems. Human decision making, behavioral factors, and cultural factors influence software engineering, acquisition, and cybersecurity. In this podcast roundtable, Andrew Mellinger, Suzanne Miller, and Hasan Yasar discuss the human factors that impact software engineering, from communication tools they use to the environment that they work in.…
S
Software Engineering Institute (SEI) Podcast Series
1 Improving the Common Vulnerability Scoring System 21:04
21:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, the authors discuss a 2019 paper that outlines challenges with the Common Vulnerability Scoring System (CVSS) and proposes changes to improve it.
S
Software Engineering Institute (SEI) Podcast Series
1 Why Software Architects Must Be Involved in the Earliest Systems Engineering Activities 22:07
22:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיToday's major defense systems rely heavily on software-enabled capabilities. However, many defense programs acquiring new systems first determine the physical items to develop, assuming the contractors for those items will provide all needed software for the capability. But software by its nature spans physical items: it provides the inter-system communication that has a direct influence on most capabilities, and thus must be architected intelligently, especially when pieces are built by different contractors. As Dr. Sarah Sheard discusses in this SEI Podcast, if this architecture step is not done properly, a software-reliant project can be set up to fail from the first architectural decision.…
S
Software Engineering Institute (SEI) Podcast Series
1 Selecting Metrics for Software Assurance 18:37
18:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition program’s current cybersecurity practices and chart a course for improvement, ultimately reducing the cybersecurity risk of deployed, software-reliant systems. In this podcast, Dr. Carol Woody discusses the selection of metrics for measuring the software assurance of a product as it is developed and delivered to function in a specific system context.…
S
Software Engineering Institute (SEI) Podcast Series
1 AI in Humanitarian Assistance and Disaster Response 22:16
22:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn 2017 and 2018, the world witnessed a record number of climate and weather-related disasters. Government agencies are increasingly interested in the use of artificial intelligence (AI) to help first responders in locating survivors, identifying structures in satellite imagery, and removing debris after a disaster. Ritwik Gupta, a machine learning research scientist in the SEI’s Emerging Technology Center, discusses the use of AI in humanitarian assistance and disaster response (HADR) efforts.…
S
Software Engineering Institute (SEI) Podcast Series
1 The AADL Error Library: 4 Families of Systems Errors 23:33
23:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיClassifying errors in a component-based system is challenging. Components, and the systems that rely on them, can fail in myriad, unpredictable ways. It is nonetheless a challenge that should be addressed because component-based, software-driven systems are increasingly used for safety-critical applications. In this podcast, SEI researchers Peter Feiler and Sam Procter present the Architecture Analysis and Design Language (AADL) EMV2 Error Library , which is an established taxonomy that draws on a broad range of previous work in classifying system errors.…
S
Software Engineering Institute (SEI) Podcast Series
In this SEI Podcast, Dr. Giulia Fanti, an assistant professor of Electrical and Computer Engineering at Carnegie Mellon University, discusses her latest research including privacy problems in the cryptocurrency and blockchain space and generative adversarial networks.
S
Software Engineering Institute (SEI) Podcast Series
1 Cyber Intelligence: Best Practices and Biggest Challenges 35:54
35:54 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:54
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCyber Intelligence is a rapidly changing field, and many organizations do not have the people, time, and funding in place to build a cyber intelligence team, according to a report on cyber intelligence released in late May by researchers in the SEI’s Emerging Technology Center. As this podcast details, the report provides a snapshot of best practices and biggest challenges along with three guides for implementing cyber intelligence with artificial intelligence, the internet of things, and public cyber threat frameworks. Lead author Jared Ettinger discusses the findings of the report, which the SEI conducted on behalf of the U.S. Office of the Director of National Intelligence.…
S
Software Engineering Institute (SEI) Podcast Series
1 Assessing Cybersecurity Training 13:43
13:43 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:43
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSimulation environments allow people to practice skills such as setting up and defending networks. If we can record informative traces of activity in these online environments and draw accurate inferences about trainee capabilities, then we can provide evidence-based guidance on performance, assess mission readiness, optimize training schedules, and refine training modules. April Galyardt, a machine learning research scientist with Carnegie Mellon University's Software Engineering Institute, discusses efforts to develop a new approach to assessing the skills of the cybersecurity workforce.…
S
Software Engineering Institute (SEI) Podcast Series
1 DevOps in Highly Regulated Environments 40:48
40:48 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:48
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHighly regulated environments (HREs), such as finance and healthcare, are mandated by policies for various reasons, most often general security and protection of intellectual property. These policies make the sharing and open access principles of DevOps that much harder to apply. In this podcast, SEI researchers Hasan Yasar and Jose Morales discuss the process, challenges, approaches, and lessons learned in implementing DevOps in the software development lifecycle in HREs.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Role of the Software Factory in Acquisition and Sustainment 25:19
25:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDr. Paul Nielsen discusses his involvement on a Defense Science Board Task Force that concluded that the software factory should be a key player in the acquisition and sustainment of software for defense. “This is one case where the military or the government can learn from industry, sort of a spin-in to the government. The government has traditionally followed other approaches that were very requirements-based. They have perfected requirements engineering. What we have found is that in many cases with software systems, we really don’t know the requirements when we start, not completely, and they evolve with time as users start to experience the software.”…
S
Software Engineering Institute (SEI) Podcast Series
1 Defending Your Organization Against Business Email Compromise 44:24
44:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי44:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOperation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and resulted in 74 arrests in the United States and overseas, including 29 in Nigeria and 3 in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers. In this podcast, Anne Connell, a researcher in the SEI’s CERT Division, discusses recent business email compromise (BEC) attacks, including the one at the center of Operation Wire Wire and another attack involving a Texas energy company. Connell also offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of attack.…
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Technical Debt: A Focus on Automation, Design, and Architecture 35:15
35:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTechnical debt communicates the tradeoff between the short-term benefits of rapid delivery and the long-term value of developing a software system that is easy to evolve, modify, repair, and sustain. In this SEI Podcast, Rod Nord and Ipek Ozkaya discuss the SEI's current work in technical debt including the development of analysis techniques to help software engineers and decision makers manage the effect of technical debt on their software projects.…
S
Software Engineering Institute (SEI) Podcast Series
1 Leading in the Age of Artificial Intelligence 21:47
21:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTom Longstaff, who in 2018 was hired as the SEI’s chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence.
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Best Practices in Network Traffic Analysis 22:12
22:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn today's operational climate, threats and attacks against network infrastructures have become far too common. Researchers in the SEI’s CERT Division work with organizations and large enterprises, many of whom analyze their network traffic data for ongoing status, attacks, or potential attacks. Through this work we have observed both challenges and best practices as these network traffic analysts analyze incoming contacts to the network, including packets traces or flows. In this SEI Podcast, Tim Shimeall and Timur Snoke, both researchers in the SEI’s CERT Division, highlight some best practices (and application of these practices) that they have observed in network traffic analysis.…
S
Software Engineering Institute (SEI) Podcast Series
1 10 Types of Application Security Testing Tools and How to Use Them 20:11
20:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBugs and weaknesses in software are common: 84 percent of system breaches exploit vulnerabilities at the application layer. The prevalence of software-related problems is a key motivation for using application security testing tools. With a growing number of application security testing tools available, it can be confusing for leaders, developers, and engineers to know which tools address which issues. In this podcast, Thomas Scanlon, a researcher in the SEI’s CERT Division, discusses the different types of application security testing tools and provides guidance on how and when to use each tool.…
S
Software Engineering Institute (SEI) Podcast Series
1 Using Test Suites for Static Analysis Alert Classifiers 30:11
30:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיStatic analysis tools used to identify potential vulnerabilities in source code produce a large number of alerts with high false-positive rates that engineers must painstakingly examine to find legitimate flaws. Researchers in the SEI’s CERT Division have developed the SCALe (Source Code Analysis Laboratory) tool to help analysts be more efficient and effective at auditing static analysis alerts. In this podcast, CERT researchers Lori Flynn and Zach Kurtz discuss ongoing research using test suites as a source of labeled training data to create classifiers for static analysis alerts.…
S
Software Engineering Institute (SEI) Podcast Series
Beyond its financial hype, researchers are exploring and understanding the promise of Blockchain technologies. In this SEI Podcast, Eliezer Kanal and Eugene Leventhal discuss blockchain research at Carnegie Mellon University and beyond.
S
Software Engineering Institute (SEI) Podcast Series
1 Leading in the Age of Artificial Intelligence 21:47
21:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTom Longstaff, who in 2018 was hired as the SEI’s chief technology officer, discusses the challenges of leading a technical organization in the age of artificial intelligence.
S
Software Engineering Institute (SEI) Podcast Series
1 System Architecture Virtual Integration: ROI on Early Discovery of Defects 29:13
29:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיPeter Feiler discusses the cost savings (26.1 percent) realized when using the System Architecture Virtual Integration approach on the development of software-reliant systems for aircraft. “If you discover [software defects] at system integration test, the cost of fixing a problem is 300 to 1,000 times higher than doing it upfront. So if upfront, you spent $10,000 fixing it, it’s between $3 and $10 million on the backend that you are saving by the way.”…
S
Software Engineering Institute (SEI) Podcast Series
1 A Technical Strategy for Cybersecurity 14:51
14:51 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:51
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיRoberta “Bobbie” Stempfley, who was appointed director of the SEI’s CERT Division in June 2017, discusses a technical strategy for cybersecurity. “There is never enough time, money, power, resources—whatever it is—and we make design tradeoffs. Adversaries are looking at what opportunities that creates. They are looking at failures in implementation.”…
S
Software Engineering Institute (SEI) Podcast Series
1 Best Practices for Security in Cloud Computing 19:20
19:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDon Faatz and Tim Morrow, researchers with the SEI’s CERT Division, outline best practices that organizations should use to address the vulnerabilities and risks in moving applications and data to cloud services.
S
Software Engineering Institute (SEI) Podcast Series
1 Risks, Threats, and Vulnerabilities in Moving to the Cloud 18:11
18:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTim Morrow and Donald Faatz outline the risks, threats, and vulnerabilities that organizations face when moving applications or data to the cloud. “If you look at large organizations like the DoD, they have embraced this. They are looking to buy infrastructures as a service and even moving office automation to the cloud. For smaller organizations, though, it is something of a challenge, so we wanted to look at and give people some ideas about the challenges they will face when they do this.”…
S
Software Engineering Institute (SEI) Podcast Series
1 How to Be a Network Traffic Analyst 21:10
21:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTim Shimeall and Timur Snoke, researchers in the SEI’s CERT Division, examine the role of the network traffic analyst in capturing and evaluating ever-increasing volumes of network data. “Part of it is the ability to use a wide variety of tools to answer questions about what is happening on the network and to figure out ways to go past inference and supposition and to get facts that can actually provide support for the hypothesis that you’re coming up with.…
S
Software Engineering Institute (SEI) Podcast Series
1 Workplace Violence and Insider Threat 15:02
15:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTracy Cassidy and Carrie Gardner, researchers with the CERT National Insider Threat Center, discuss research on using technology to detect an employee’s intent to cause physical harm. “A chronology naturally fell out that gave a temporal description of how a particular incident unfolded. So we can see precursor events that foreshadowed the event or the escalation of events that were to…
S
Software Engineering Institute (SEI) Podcast Series
To contain costs, it is essential to understand which factors drive costs over the longer term and can be controlled. In studies of software development, as a research community, we have not done an adequate job of differentiating causal influences from noncausal statistical correlations. In this podcast, Mike Konrad and Bob Stoddard discuss the use of an approach known as causal learning that can help the Department of Defense identify which factors cause software costs to escalate and, therefore, serve as a better basis for guidance on how to intervene to better control costs.…
S
Software Engineering Institute (SEI) Podcast Series
In this podcast, Dr. Carol Woody discusses opportunities and risks in cybersecurity engineering, software assurance, and the resulting CERT Cybersecurity Engineering and Software Assurance Professional Certificate. The courses for this certificate program focus on software-reliant systems engineering and acquisition activities. The goal of the program is to infuse an awareness of cybersecurity (and an approach to identifying security requirements, engineering risk, and supply chain risk) early in the lifecycle. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Software Sustainment and Product Lines 28:22
28:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn the SEI’s examination of the software sustainment phase of the Department of Defense (DoD) acquisition lifecycle, we have noted that the best descriptor for sustainment efforts for software is “continuous engineering.” Typically, during this phase, the hardware elements are repaired or have some structural modifications to carry new weapons or sensors. Software, on the other hand, continues to evolve in response to new security threats, new safety approaches, or new functionality provided within the system of systems. In this podcast, Mike Phillips and Harry Levinson will examine the intersection of three themes—product line practices, software sustainment, and public-private partnerships—that emerged during our work with one government program. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Best Practices in Cyber Intelligence 19:26
19:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe SEI Emerging Technology Center is conducting a study sponsored by the U.S. Office of the Director of National Intelligence to understand cyber intelligence best practices, common challenges, and future technologies that we will culminate in a published report. Through interviews with U.S.-based organizations from a variety of sectors, researchers are identifying tools, practices, and resources that help those organizations make informed decisions that protect their information and assets. In this podcast, Jared Ettinger describes preliminary findings from the interviews including best practices in cyber intelligence. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 The Evolving Role of the Chief Risk Officer 28:22
28:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn today's global business environment, risk management must be aligned to business strategy. As companies continue to shift their business models, strategies change and risk management becomes even more important. A company must find the right balance between risk resiliency and risk agility. The chief risk officer (CRO) role is an important catalyst to make that happen, so a company's long term strategic objectives may be realized. The CRO Certificate Program is developed and delivered by Carnegie Mellon University’s Heinz College of Information Systems and Public Policy, and the CERT Division of the Software Engineering Institute (SEI). In this podcast, Summer Fowler and Ari Lightman discuss the evolving role of the chief risk officer and a Chief Risk Officer Program. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Obsidian: A Safer Blockchain Programming Language 31:36
31:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Defense Advanced Research Projects Agency (DARPA) and other agencies are expressing significant interest in blockchain technology because it promises inherent transparency, resiliency, forgery-resistance, and nonrepudiation, which can be used to protect sensitive infrastructure. At the same time, numerous high-profile incidents of blockchain coding errors that cause major damage to organizations have raised serious concerns about blockchain adoption. In this podcast, Eliezer Kanal and Michael Coblenz discuss the creation of Obsidian, a novel programming language specifically tailored to secure blockchain software development that significantly reduces the risk of such coding errors. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
DevOps breaks down software development silos to encourage free communication and constant collaboration. Agile, an iterative approach to development, emphasizes frequent deliveries of software. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program, and Hasan Yasar, technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division, discuss how Agile and DevOps can be deployed together to meet organizational needs. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Is Software Spoiling Us? Technical Innovations in the Department of Defense 21:14
21:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThis series of podcasts presents excerpts from a recent SEI virtual event, Is Software Spoiling Us? Jeff Boleng, acting chief technical officer, moderated the discussion, which featured a panel of SEI researchers: Grace Lewis, Eliezer Kanal, Joseph Yankel, and Satya Venneti. In this segment, the panel discusses technical innovations that can be applied to the Department of Defense including improved situational awareness, human-machine interactions, artificial intelligence, machine learning, data, and continuous integration and deployments. The panel also discusses barriers to implementing these technologies. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Is Software Spoiling Us? Innovations in Daily Life from Software 16:44
16:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThis series of podcasts presents excerpts from a recent SEI virtual event, Is Software Spoiling Us. Jeff Boleng, acting chief technical officer, moderated the discussion, which featured a panel of SEI researchers: Grace Lewis, Eliezer Kanal, Joseph Yankel, and Satya Venneti. In this podcast, the panel discusses awesome innovations in daily life that are made possible because of software. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 How Risk Management Fits into Agile & DevOps in Government 34:17
34:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDevOps, which breaks down software development silos to encourage free communication and constant collaboration, reinforces many Agile methodologies. Equally important, the Risk Management Framework, provides a clearly defined framework that helps program managers incorporate security and risk management activities into the software and systems development life cycle. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together. The panelists include Tim Chick, Will Hayes, and Hasan Yasar. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 5 Best Practices for Preventing and Responding to Insider Threat 11:13
11:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי11:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInsider threat continues to be a problem with approximately 50 percent of organizations experiencing at least one malicious insider incident per year, according to the 2017 U.S. State of Cybercrime Survey. Although the attack methods vary depending on the industry, the primary types of attacks identified by researchers at the CERT Insider Threat Center—theft of intellectual property, sabotage, fraud, and espionage—continue to hold true. In our work with public and private industry, we continue to see that insider threats are influenced by a combination of technical, behavioral, and organizational issues. In this podcast Randy Trzeciak, technical manager of the CERT National Insider Threat Center, discusses the fifth edition of the Common Sense Guide to Mitigating Insider Threats, which highlights policies, procedures, and technologies to mitigate insider threats in all areas of an organization. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Pharos Binary Static Analysis: An Update 10:03
10:03 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי10:03
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיPharos was created by the SEI CERT Division to automate the reverse engineering of binaries, with a focus on malicious code analysis. Pharos, which was recently released on Github, builds upon the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more. In this podcast, the SEI CERT Division’s Jeff Gennari discusses updates to the Pharos framework including new tools, improvements, and bug fixes. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Positive Incentives for Reducing Insider Threat 24:10
24:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn the 2016 Cyber Security Intelligence Index, IBM found that 60 percent of all cyber attacks were carried out by insiders. One reason that insider threat remains so problematic is that organizations typically respond to these threats with negative technical incentives, such as practices that monitor and constrain employee behavior, detect and punish misbehavior, and otherwise try to force employees to act in the best interest of the organization. In this podcast, Andrew Moore and Dan Bauer highlight results from our recent research that suggests organizations need to take a more holistic approach to mitigating insider threat: one that considers the impact of organizational behavior on insider motivations. In particular, positive incentives can complement traditional practices for insider threat defense in a way that can improve employee worklife as well as more effectively reduce insider risk. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Dr. Andrew Moore, who is the Dean of the School of Computer Science at CMU, predicted that 2016 would be a watershed year for machine emotional intelligence. Evidence of this can be seen in the Department of Defense, which increasingly relies on biometric data, such as iris scans, gait recognition, and heart-rate monitoring to protect against both cyber and physical attacks. Current state-of-the-art approaches do not make it possible to gather biometric data in real-world settings, such as border and airport security checkpoints, where people are in motion. In this podcast, Satya Venneti presents exploratory research undertaken by the SEI's Emerging Technology Center to design algorithms to extract heart rate from video capture of non-stationary subjects in real-time. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 At Risk Emerging Technology Domains 10:37
10:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי10:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn today’s increasingly interconnected world, the information security community must be prepared to address emerging vulnerabilities that may arise from new technology domains. Understanding trends and emerging technologies can help information security professionals, leaders of organizations, and others interested in information security to anticipate and prepare for such vulnerabilities. In this podcast, CERT vulnerability analyst Dan Klinedinst discusses research aimed at helping the Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT) understand future technologies and their risks. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
For some time now, the cyber world has been under attack by a diffused set of enemies who improvise their own tools in many different varieties and hide them where they can do much damage. In this podcast, CERT researcher Vijay Sarvepalli explores Domain Name System or DNS Blocking, the idea of disrupting communications from malicious code such as ransomware that is used to lock up your digital assets, or data-exfiltration software that is used to steal your digital data. DNS blocking ensures a wide impact while avoiding the complexity of having to install or instrument every device in your enterprise. The key takeaway is to target a break in the chain of malware to minimize its effectiveness and the malicious code developer’s intended success. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Best Practices: Network Border Protection 24:06
24:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhen it comes to network traffic, it’s important to establish a filtering process that identifies and blocks potential cyberattacks, such as worms spreading ransomware and intruders exploiting vulnerabilities, while permitting the flow of legitimate traffic. In this podcast, the latest in a series on best practices for network security, Rachel Kartch explores best practices for network border protection at the Internet router and firewall. It is important to note that these recommendations are geared toward large organizations and government agencies and would not likely be appropriate for a home network or very small business network. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Verifying Software Assurance with IBM’s Watson 19:41
19:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSince its debut on Jeopardy in 2011, IBM’s Watson has generated a lot of interest in potential applications across many industries. As detailed in this podcast, Mark Sherman recently led a research team investigating whether the Department of Defense could use Watson to improve software assurance and help acquisition professionals assemble and review relevant evidence from documents. Specifically, Sherman and his team examined whether typical developers could build an IBM Watson application to support an assurance review. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 The CERT Software Assurance Framework 19:08
19:08 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:08
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions also increase. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. The costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. Field experiences of technical staff at the SEI indicate that few programs currently implement effective cybersecurity practices early in the acquisition lifecycle. Recent Department of Defense directives are beginning to shift programs’ priorities regarding cybersecurity. As a result, researchers from the CERT Division of the SEI have started cataloging the cybersecurity practices needed to acquire, engineer, and field software-reliant systems that are acceptably secure. In this podcast, Carol Woody and Christopher Alberts introduce the prototype Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition program’s current cybersecurity practices and chart a course for improvement, ultimately reducing the cybersecurity risk of deployed software-reliant systems. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
All major defense contractors in the market can tell you about their approaches to implementing the values and principles found in the Agile Manifesto. Published frameworks and methodologies are rapidly maturing, and a wave of associated terminology is part of the modern lexicon. We are seeing consultants feuding on Internet forums as well, each claiming to have the “true” answer for what Agile is and how to make it work in your organization. The challenge now is to scale Agile to work in complex settings with larger teams, larger systems, longer timelines, diverse operating environments, and multiple engineering disciplines. In this podcast, Will Hayes and Eileen Wrubel present five perspectives on scaling Agile from leading thinkers in the field, including Scott Ambler, Steve Messenger, Craig Larman, Jeff Sutherland, and Dean Leffingwell. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Ransomware: Best Practices for Prevention and Response 30:18
30:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOn May 12, 2017, in the course of a day, the WannaCry ransomware attack infected nearly a quarter million computers. WannaCry is the latest in a growing number of ransomware attacks where, instead of stealing data, cyber criminals hold data hostage and demand a ransom payment. WannaCry was perhaps the largest ransomware attack to date, taking over a wide swath of global computers from FedEx in the United States to the systems that power Britain’s healthcare system to systems across Asia, according to the New York Times. In this podcast, CERT researchers spell out several best practices for prevention and response to a ransomware attack. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
The term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks to fast development and release. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. In this podcast, Hasan Yasar discusses how the Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 SEI Fellows Series: Peter Feiler 40:46
40:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe position of SEI Fellow is awarded to people who have made an outstanding contribution of the work of the SEI and from home the SEI leadership may expect valuable advice for continued success in the institute’s mission. Peter Feiler was named an SEI Fellow in August 2016. This podcast is the second in a series highlighting interviews with SEI Fellows Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
The network time protocol (NTP) synchronizes the time of a computer client or server to another server or within a few milliseconds of Coordinated Universal Time (UTC). NTP servers, long considered a foundational service of the Internet, have more recently been used to amplify large-scale Distributed Denial of Service (DDoS) attacks. While 2016 did not see a noticeable uptick in the frequency of DDoS attacks, the last 12 months have witnessed some of the largest DDoS attacks, according to Akamai's State of the Internet/Security report. One issue that attackers have exploited is abusable NTP servers. In 2014, there were over seven million abusable NTP servers. As a result of software upgrades, repaired configuration files, or the simple fact that ISPs and IXPs have decided to block NTP traffic, the number of abusable servers dropped by almost 99 percent in a matter months, according to a January 2015 article in ACM Queue. But there is still work to be done. It only takes 5,000 abusable NTP servers to generate a DDoS attack in the range of 50-400 Gbps. In this podcast, Timur Snoke explores the challenges of NTP and prescribes some best practices for securing accurate time with this protocol. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Establishing Trust in Disconnected Environments 17:46
17:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיFirst responders, search-and-rescue teams, and military personnel often work in “tactical edge” environments defined by limited computing resources, rapidly changing mission requirements, high levels of stress, and limited connectivity. In these tactical edge environments, software applications that enable tasks such as face recognition, language translation, decision support, and mission planning and execution are critical due to computing and battery limitations on mobile devices. Our work on tactical cloudlets addresses some of these challenges by providing a forward-deployed platform for computation offload and data staging. When establishing communication between two nodes, such as a mobile device and a tactical cloudlet in the field, identification, authentication, and authorization provide the information and assurances necessary for the nodes to trust each other (i.e., mutual trust). A common solution for establishing trust is to create and share credentials in advance and then use an online trusted authority to validate the credentials of the nodes. The tactical environments in which first responders, search-and-rescue, and military personnel operate, however, do not consistently provide access to that online authority or certificate repository because they are disconnected, intermittent, limited (DIL). In this podcast, Grace Lewis presents a solution for establishing trusted identities in disconnected environments based on secure key generation and exchange in the field, as well as an evaluation and implementation of the solution. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Distributed Artificial Intelligence in Space 18:06
18:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn 2014-2015, a group of researchers across various disciplines gathered at the Caltech Keck Institute for Space Studies (KISS) to explore whether recent advances in multifunctional, reconfigurable, and adaptive structures could enable a microenvironment control to support space exploration in extreme environments. The workshop series spawned multiple working groups and project ideas for pushing the state-of-the-art in space exploration, colonization and infrastructure. One such project, called the Multi-planetary Smart Tile, explores the possibility of creating a multi-functional power grid for the solar system that is capable of distributed computation, renewable power generation, and power beaming to remote locations. In this podcast, Dr. James Edmondson discusses his work to bring distributed artificial intelligence to a next generation, renewable power grid in space. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Verifying Distributed Adaptive Real-Time Systems 47:02
47:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMaking sure government and privately owned drones share international air space safely and effectively is a top priority for government officials. Distributed Adaptive Real-Time (DART) systems are key to many areas of Department of Defense (DoD) capability, including the safe execution of autonomous, multi-unmanned aerial systems missions having civilian benefits. DART systems promise to revolutionize several such areas of mutual civilian-DoD interest, such as robotics, transportation, energy, and health care. To fully realize the potential of DART systems, however, the software controlling them must be engineered for high-assurance and certified to operate safely and effectively. In short, these systems must satisfy guaranteed and highly-critical safety requirements (e.g., collision avoidance) while adapting smartly to achieve application requirements, such as protection coverage, while operating in dynamic and uncertain environments. In this podcast, James Edmondson and Sagar Chaki describe an architecture and approach to engineering high-assurance software for DART systems. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 10 At-Risk Emerging Technologies 17:12
17:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn today's increasingly interconnected world, the information security community must be prepared to address vulnerabilities that may arise from new technologies. Understanding trends in emerging technologies can help information security professionals, leaders of organizations, and others interested in information security identify areas for further study. Researchers in the SEI's CERT Division recently examined the security of a large swath of technology domains being developed in industry and maturing over the next five years. This podcast highlights our current understanding of future technologies and identified domains that not only impacted cybersecurity but also finance, personal health, and safety. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Technical Debt as a Core Software Engineering Practice 23:04
23:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs software developers deal with issues such as legacy modernization, agile adoption, and architecture, they need to be able to articulate the tradeoffs of design and business decisions. In this podcast, Ipek Ozkaya talks about managing technical debt as a core software engineering practice and its importance in the education of future software engineers. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
The Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong. DNS also serves as the backbone for other services critical to organizations including email, external web access, file sharing and voice over IP (VoIP). There are steps, however, that network administrators can take to ensure the security and resilience of their DNS infrastructure and avoid security pitfalls. In this podcast, Mark Langston discusses best practices for designing a secure, reliable DNS infrastructure. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Three Roles and Three Failure Patterns of Software Architects 13:35
13:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs a software system moves through its lifecycle, each phase calls for the architect to use a different mix of skills. This podcast explores three roles and three failure patterns of software architects that he has observed working with industry and government software projects. This blog post by John Klein is read by Bill Thomas. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Recent research indicates that security is no longer only a matter of code and is tightly linked to software architecture. SEI researchers have created security-focused modeling tools that capture vulnerabilities and their propagation paths in an architecture. These security-focused modeling tools help security analysts and researchers improve system and software analysis. In this podcast, Julien Delange discusses the motivation for the work, the available tools, and how to use them. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Best Practices for Preventing and Responding to Distributed Denial of Service (DDoS) Attacks 33:03
33:03 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:03
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn November 2016, Internet users across the Eastern Seaboard of the United States had trouble accessing popular websites, such as Reddit, Netflix, and the New York Times. Known as the Dyn attack, the disruption was the result of multiple distributed denial of service (DDoS) attacks against a single organization: Dyn, a New Hampshire-based Internet infrastructure company. DDoS attacks can be extremely disruptive, and they are on the rise. The Verisign Distributed Denial of Service Trends Report states that DDoS attack activity increased 85 percent in each of the last two years, with 32 percent of those attacks in the fourth quarter of 2015 targeting IT services, cloud computing, and software-as-a-service companies. In this podcast, CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Cyber Security Engineering for Software and Systems Assurance 18:12
18:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEffective cybersecurity engineering requires the integration of security into the software acquisition and development lifecycle. For engineering to address security effectively, requirements that establish the target goal for security must be in place. Risk management must include identification of possible threats and vulnerabilities within the system, along with the ways to accept or address them. There will always be cyber security risk, but engineers, managers, and organizations must be able to plan for the ways in which a system should avoid as well as recognize, resist, and recover from an attack. In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles that address the challenges of acquiring, building, deploying, and sustaining software systems to achieve a desired level of confidence for software assurance. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Dynamic network defense (or moving target defense) is based on a simple premise: a moving target is harder to attack than a stationary target. In recent years the government has invested substantially into moving target and adaptive cyber defense. This rapidly growing field has seen recent developments of many new technologies—defenses that range from shuffling of client-to-server assignments to protect against distributed denial-of-service (DDoS) attacks, to packet header rewriting, to rebooting servers. As researchers develop new technologies, they need a centralized reference platform where new technologies can be vetted to see where they complement each other and where they do not, as well as a standard against which future technologies can be evaluated. In this podcast, Andrew Mellinger, a senior software developer in the SEI's Emerging Technology Center discusses work to develop a platform to organize dynamic defenses. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Improving Cybersecurity Through Cyber Intelligence 18:47
18:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCyber intelligence is the acquisition of information to identify, track, or predict the cyber capabilities and actions of malicious actors to offer courses of action to decision makers charged with protecting organizations. In this podcast, Jared Ettinger of the SEI’s Emerging Technology Center (ETC) talks about the ETC’s latest work in cyber intelligence as well as the Cyber Intelligence Research Consortium, which brings together organizations from a variety of sectors to exchange cyber intelligence ideas, participate in hands-on training activities, and learn about emerging cyber intelligence technologies from experts in the field. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 A Requirement Specification Language for AADL 30:44
30:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Peter Feiler describes a textual requirement specification language for the Architecture Analysis & Design Language (AADL) called ReqSpec. ReqSpec is based on the draft Requirements Definition and Analysis Language Annex, which defines a meta-model for requirement specification as annotations to AADL models. A set of plug-ins to the Open Source AADL Tool Environment (OSATE) toolset supports the ReqSpec language. Users can follow an architecture-led requirement specification process that uses AADL models to represent the system in its operational context as well as the architecture of the system of interest. ReqSpec can also be used to represent existing stakeholder and system requirement documents. Requirement documents represented in the Requirements Interchange Format can be imported into OSATE to migrate such documents into an architecture-centric virtual integration process. Finally, ReqSpec is an element of an architecture-led, incremental approach to system assurance. In this approach, requirements specifications are complemented with verification plans. When executed, these plans produce evidence that a system implementation satisfies the requirements. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Becoming a CISO: Formal and Informal Requirements 23:32
23:32 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:32
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhether you are a CISO, CISO equivalent, or have another title with organizational cybersecurity responsibilities, the role you play in your organization to protect and sustain the key information and technical assets needed to achieve the mission is critical in today’s landscape of data breaches, nation-state hackers, and increased threats to the business. In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Predicting Quality Assurance with Software Metrics and Security Methods 11:24
11:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי11:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTo ensure software will function as intended and is free of vulnerabilities (aka software assurance), software engineers must consider security early in the lifecycle, when the system is being designed and architected. Recent research on vulnerabilities supports this claim: Nearly half the weaknesses identified in the Common Weakness Enumeration (CWE) repository have been identified as design weaknesses. These weaknesses are introduced early in the lifecycle and cannot be patched away in later phases. They result from poor (or incomplete) security requirements, system designs, and architecture choices for which security has not been given appropriate priority. Effective use of metrics and methods that apply systematic consideration for security risk can highlight gaps earlier in the lifecycle before the impact is felt and when the cost of addressing these gaps is less. In this podcast, Dr. Carol Woody explores the connection between measurement, methods for software assurance, and security. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
By the close of 2016, annual global IP traffic will pass the zettabyte ([ZB]; 1000 exabytes [EB]) threshold and will reach 2.3 ZBs per year by 2020, according to Cisco's Visual Networking Index. While capturing and evaluating network traffic enables defenders of large-scale organizational networks to generate security alerts and identify intrusions, operators of networks with even comparatively modest size struggle with building a full, comprehensive view of network activity. To make wise security decisions, operators need to understand the mission activity on their network and the threats to that activity (referred to as network situational awareness). In this podcast, Timothy Shimeall discusses approaches for analyzing network security using and going beyond network flow data to gain situational awareness to improve security. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 A Community College Curriculum for Secure Software Development 20:23
20:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Girish Seshagiri discusses a two-year community college software assurance program that he developed and facilitated with SEI Fellow Nancy Mead at Illinois Community College. The two-year degree program in secure software development, which is based on the SEI’s software assurance curriculum, is the result of a collaboration between Central Illinois Center of Excellence for Secure Software and Illinois Central College. The program, which also incorporates an apprenticeship model, was developed in response to industry needs. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Security and the Internet of Things 17:09
17:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInternet-connected devices—from cars, insulin pumps, and baby monitors to thermostats and coffee makers—are growing in number and complexity. Most of these Internet of Things (IoT) devices weren’t built with connectivity and security in mind, leaving them vulnerable to attacks. In this podcast, CERT researcher Art Manion discusses work that his team is doing with the Department of Homeland Security to examine and secure IoT devices. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 The SEI Fellow Series: Nancy Mead 28:37
28:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe position of SEI Fellow is awarded to people who have made an outstanding contribution to the work of the SEI and from whom the SEI leadership may expect valuable advice for continued success in the institute's mission. Nancy Mead, a principal researcher in the SEI’s CERT Division, was named an SEI Fellow in 2013. This podcast is the first in a series highlighting interviews with SEI Fellows. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 An Open Source Tool for Fault Tree Analysis 14:19
14:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSafety-critical software must be analyzed and checked carefully. Each potential error, failure, or defect must be considered and evaluated before you release a new product. For example, if you are producing a quadcopter drone, you would like to know the probability of engine failure to evaluate the system's reliability. Safety analysis is hard. Standards such as ARP4761 mandate several analyses, such as Functional Hazard Assessment and Failure Mode and Effect Analysis. One popular type of safety analysis is Fault Tree Analysis (FTA), which provides a graphical representation of all contributors to a failure (e.g., error events and propagations). In this podcast, Julien Delange discusses the concepts of the FTA and introduce a new tool to design and analyze fault trees. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Global Value Chain – An Expanded View of the ICT Supply Chain 30:12
30:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganizations “are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the organizations’ decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated and deployed, as well as the processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services.” In this podcast, Edna Conway, Chief Security Officer, Global Value Chain and Cisco, and John Haller, a member of the CERT Cyber Assurance team, discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Intelligence Preparation for Operational Resilience 27:00
27:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIntelligence preparation for Operational Resilience (IPOR) is a structured framework that decision makers can use to: •identify intelligence needs •consume the information received by intelligence sources •make informed decisions about the organization and courses of action In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Evolving Air Force Intelligence with Agile Techniques 17:00
17:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn the past decade, the U.S. Air Force has built up great capability with the Distributed Common Ground System (AF DCGS), the Air Force’s primary weapon system for intelligence, surveillance, reconnaissance, planning, direction, collection, processing, exploitation, analysis, and dissemination. AF DCGS employs a global communications architecture that connects multiple intelligence platforms and sensors. In this podcast, Harry Levinson discusses the SEI’s work with the Air Force to further evolve the AF DCGS system using Agile techniques working in incremental, iterative approaches to deliver more frequent, more manageable deliveries of capability. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Threat Modeling and the Internet of Things 17:39
17:39 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:39
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThreat modeling, which has been popularized by Microsoft in the last decade, provides vulnerability analysts a means to analyze a system and identify various attack surfaces and use that knowledge to bolster a system against vulnerabilities. In this podcast, Art Manion and Allen Householder of CERT’s vulnerability analysis team, talk about threat modeling and its use in improving security of the Internet of Things. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Open Systems Architectures: When & Where to Be Closed 19:52
19:52 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:52
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDue to advances in hardware and software technologies, Department of Defense (DoD) systems today are highly capable and complex. However, they also face increasing scale, computation, and security challenges. Compounding these challenges, DoD systems were historically designed using stove-piped architectures that lock the government into a small number of system integrators, each devising proprietary point solutions that are expensive to develop and sustain over the lifecycle. Although these stove-piped solutions have been problematic (and unsustainable) for years, the budget cuts occurring under sequestration are motivating the DoD to reinvigorate its focus on identifying alternative means to drive down costs, create more affordable acquisition choices, and improve acquisition program performance. A promising approach to meet these goals is open systems architecture (OSA). In this podcast, Don Firesmith discusses how acquisition professionals and system integrators can apply OSA practices to effectively decompose large monolithic business and technical architectures into manageable and modular solutions that can integrate innovation more rapidly and lower total ownership costs. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Toward Efficient and Effective Software Sustainment 23:20
23:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Department of Defense (DoD) must focus on sustaining legacy weapons systems that are no longer in production, but are expected to remain a key component of our defense capability for decades to come. Despite the fact that these legacy systems are no longer in the acquisition phase, software upgrade cycles are needed to refresh their capabilities every 18 to 24 months. In addition, significant modernization can often be made by more extensive, focused software upgrades with relatively modest hardware changes. In this podcast, Mike Phillips discusses effective sustainment engineering efforts in the Army and Air Force, using examples from across its software engineering centers. These examples are tied to SEI research on capability maturity models, agility, and the Architecture Analysis and Design Language (AADL) modeling notation. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Effective Reduction of Avoidable Complexity in Embedded Systems 18:32
18:32 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:32
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSafety-critical systems are becoming extremely software-reliant. Software complexity can increase total acquisition costs as much as 16 percent. The Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project aims to identify and remove complexity in software models. At the same time, safety-critical development is shifting from traditional programming (e.g., Ada, C) to modeling languages (e.g., Simulink, SCADE). In this podcast, Julien Delange discusses the Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project, which aims to identify and remove complexity in software models. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Quality Attribute Refinement and Allocation 24:00
24:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWe know from existing SEI work on attribute-driven design, Quality Attribute Workshops, and the Architecture Tradeoff Analysis Method that a focus on quality attributes prevents costly rework. Such a long-term perspective, however, can be hard to maintain in a high-tempo, agile delivery model, which is why the SEI continues to recommend an architecture-centric engineering approach, regardless of the software methodology chosen. As part of our work in value-driven incremental delivery, we conducted exploratory interviews with teams in these high-tempo environments to characterize how they managed architectural quality attribute requirements (QARs). These requirements—such as performance, security, and availability—have a profound impact on system architecture and design, yet are often hard to divide, or slice, into the iteration-sized user stories common to iterative and incremental development. This difficulty typically exists because some attributes, such as performance, touch multiple parts of the system. In this podcast, Neil Ernst discusses research on slicing (refining) performance in two production software systems and ratcheting (periodic increase of a specific response measure) of scenario components to allocate QAR work. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Whether Java is more secure than C is a simple question to ask, but a hard question to answer well. When researchers on the CERT Secure Coding Team began writing the SEI CERT Oracle Coding Standard for Java, they thought that Java would require fewer secure coding rules than the SEI CERT C Coding Standard because Java was designed with security in mind. They also assumed that a more secure language would need fewer rules than a less secure one. However, Java has 168 coding rules compared to just 116 for C. Why? Are there problems with our C or Java rules, or are Java programs, on average, just as susceptible to vulnerabilities as C programs? In this podcast, CERT researcher David Svoboda analyzes secure coding rules for both C and Java to determine if they indeed refute the conventional wisdom that Java is more secure than C. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Identifying the Architectural Roots of Vulnerabilities 23:43
23:43 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:43
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn our studies of many large-scale software systems, we have observed that defective files seldom exist alone. They are usually architecturally connected, and their architectural structures exhibit significant design flaws that propagate bugginess among files. We call these flawed structures the architecture roots, a type of technical debt that incurs high maintenance penalties. Removing the architecture roots of bugginess requires refactoring, but the benefits of refactoring have historically been difficult for architects to quantify or justify. In this podcast, Rick Kazman and Carol Woody discuss an approach to model and analyze software architecture as a set of design rule spaces). Using data extracted from the project’s development artifacts, this approach identifies the files implicated in architecture flaws and suggest refactorings based on removing these flaws. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations 31:27
31:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Building Security In Maturity Model (BSIMM) is the result of a multi-year study of real-world software security initiatives. It is built directly from data observed in 78 software security initiatives from firms in nine market sectors. The best way to use the BSIMM is to compare and contrast your own initiative with the data about what other organizations are doing as described in the model. You can then identify goals and objectives and refer to the BSIMM to determine which additional activities make sense for you.The BSIMM data show that high maturity initiatives are well-rounded—carrying out numerous activities in all 12 of the practices described by the model. The model also describes how mature software security initiatives evolve, change, and improve over time.In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Grady Booch recently delivered a presentation as part of the SEI’s CTO Distinguished Speaker Series where he discussed his perspectives on the biggest challenges for the future of software engineering. During his visit to the SEI, he sat down for an interview with SEI Fellow Nancy Mead for the SEI Podcast Series. Booch will be a keynote speaker at SATURN 2016. Please click the related link below for additional details. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Structuring the Chief Information Security Officer Organization 31:23
31:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיChief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations based on inputs from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 How Cyber Insurance Is Driving Risk and Technology Management 21:23
21:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEvery day another story arises about a significant breach at a major company or Government agency. Increasingly, cybersecurity is being viewed as a risk management issue by CEOs and boards of directors. So how does corporate America address risk? Insurance. Since, like a natural disaster, a company cannot completely avoid cyber attacks, the next best option is to mitigate the impact these attacks can have. [1]In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In their haste to deliver software capabilities, developers sometimes engage in less-than-optimal coding practices. If not addressed, these shortcuts can ultimately yield unexpected rework costs that offset the benefits of rapid delivery. Technical debt conceptualizes the tradeoff between the short-term benefits of rapid delivery and long-term value. Taking shortcuts to expedite the delivery of features in the short term incurs technical debt, analogous to financial debt, that must be paid off later to optimize long-term success. Managing technical debt is an increasingly critical aspect of producing cost-effective, timely, and high-quality software products, especially in projects that apply agile methods. A delicate balance is needed between the desire to release new software features rapidly to satisfy users and the desire to practice sound software engineering that reduces rework. Too often, however, technical debt focuses on coding issues when a broader perspective—one that incorporates software architectural concerns—is needed. In this podcast, Dr. Neil Ernst discusses the findings of a recent field study to assess the state of the practice and current thinking regarding technical debt and guide the development of a technical debt timeline. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 How the University of Pittsburgh Is Using the NIST Cybersecurity Framework 23:46
23:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (Pitt), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework). The University of Pittsburgh is a large, decentralized institution with a diverse population of networks and information types. The challenge of balancing academic freedom with security and protection of research data is put to the test every day. The use of the CSF, created by NIST as a common starting point for improving the cybersecurity of critical infrastructure providers, has proven valuable to help Pitt understand its baseline security posture, prioritize gaps, and set a target profile for improvement. The flexibility of the five NIST CSF categories (Identify, Protect, Detect, Respond, Recover) provide a solid starting point from which to understand the information security practices that are already in place at Pitt and the practices that are needed to improve the overall program. The podcast is based on a presentation available here. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 A Software Assurance Curriculum for Future Engineers 19:34
19:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיModern society is deeply and irreversibly dependent on software systems of remarkable scope and complexity in areas that are essential for preserving our way of life. Software assurance is critical to ensuring our confidence in these systems and that they are free from vulnerabilities, function in the intended manner, and provide security capabilities appropriate to the threat environment. In this podcast, Dr. Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Four Types of Shift Left Testing 26:56
26:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOne of the most important and widely discussed trends within the software testing community is shift left testing, which simply means beginning testing as early as practical in the lifecycle. What is less widely known, both inside and outside the testing community, is that testers can employ four fundamentally-different approaches to shift testing to the left. Unfortunately, different people commonly use the generic term shift left to mean different approaches, which can lead to serious misunderstandings. In this post, SEI principal researcher Don Firesmith explains the importance of shift left testing and defines each of these four approaches using variants of the classic V model to illustrate them. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Capturing the Expertise of Cybersecurity Incident Handlers 26:01
26:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Dr. Richard Young, a professor with Carnegie Mellon’s Tepper School of Business, teams with Sam Perl, a member of the CERT Division’s Enterprise Threat and Vulnerability Management team, to discuss their research on how expert cybersecurity incident handlers think, learn, and act when faced with an incident. The research study focuses on critical cognitive factors that such experts use to make decisions when faced with a complex incident, including how to deal with critical information that is missing. Study results may be used to enhance the knowledge and skills of less experienced responders. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Toward Speed and Simplicity: Creating a Software Library for Graph Analytics 15:37
15:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHigh performance computing is now central to the federal government and industry as evidenced by the shift from single-core and multi-core or homogeneous central processing units, also known as CPUs, to many core and heterogeneous systems that also include other types of processors like graphics processing units, also known as GPUs.In this podcast, Scott McMillan and Eric Werner of the SEI’s Emerging Technology Center discuss work to create a software library for graph analytics that would take advantage of these more powerful heterogeneous supercomputers to perform graph analytics at larger scales and more quickly, while making them simpler to program. Graph analytics are more complex, and thus, more difficult to program. These algorithms are used in the DoD-mission applications including intelligence analysis, knowledge representation and reasoning in autonomous systems, cyber intelligence and security, routing planning, and logistics optimization. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Improving Quality Using Architecture Fault Analysis with Confidence Arguments 18:02
18:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Peter Feiler discusses a case study that demonstrates how an analytical architecture fault-modeling approach can be combined with confidence arguments to diagnose a time-sensitive design error in a control system and to provide evidence that proposed changes to the system address the problem. The analytical approach, based on the SAE Architecture Analysis and Design Language for its well-defined timing and fault-behavior semantics, demonstrates that such hard-to-test errors can be discovered and corrected early in the lifecycle, thereby reducing rework cost. The case study shows that by combining the analytical approach with confidence maps, we can present a structured argument that system requirements have been met and problems in the design have been addressed adequately—increasing our confidence in the system quality. The case study analyzes an aircraft engine control system that manages fuel flow with a stepper motor. The original design was developed and verified in a commercial model-based development environment without discovering the potential for missed step commanding. During system tests, actual fuel flow did not correspond to the desired fuel flow under certain circumstances. The problem was traced to missed execution of commanded steps due to variation in execution time. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
A surprisingly large number of different types of testing exist and are used during the development and operation of software-reliant systems. While most testers, test managers, and other testing stakeholders are quite knowledgeable about a relatively small number of testing types, many people know very little about most of them and are unaware that others even exist. Understanding these different types of testing is important because different types of testing tend to uncover different types of defects and multiple testing types are needed to achieve sufficiently low levels of residual defects. Although not all of these testing types are relevant on all projects, a complete taxonomy can be used to help discover the ones that are appropriate and ensure that no relevant types of testing are accidentally overlooked. Such a taxonomy can also be useful as a way to organize and prioritize one’s study of testing. In this podcast, Donald Firesmith introduces the taxonomy of testing types he created to help testers and testing stakeholders select the appropriate types of testing for their specific needs. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Reducing Complexity in Software & Systems 19:05
19:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSystems are increasingly software-reliant and interconnected, making design, analysis and evaluation harder than in the past. While new capabilities are welcome, they require more thorough validation. Complexity could mean that design flaws or defects could lead to hazardous conditions that are undiscovered and unresolved. In this podcast, Dr. Sarah Sheard discusses a two-year research project to investigate the nature of complexity, how it manifests in software-reliant systems, such as avionics, how to measure it, and how to tell when too much complexity might lead to safety and certifiability problems. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Designing Security Into Software-Reliant Systems 11:41
11:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי11:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware is a growing component of modern business- and mission-critical systems. As organizations become more dependent on software, security-related risks to their organizational missions are also increasing. Traditional security-engineering approaches rely on addressing security risks during the operation and maintenance of software-reliant systems. However, the costs required to control security risks increase significantly when organizations wait until systems are deployed to address those risks. It is more cost effective to address software security risks as early in the lifecycle as possible. As a result, researchers from the CERT Division of the Software Engineering Institute (SEI) have started investigating early lifecycle security risk analysis (i.e., during requirements, architecture, and design). In this podcast, CERT researcher Christopher Alberts introduces the Security Engineering Risk Analysis (SERA) Framework, a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle. The framework integrates system and software engineering with operational security by requiring engineers to analyze operational security risks as software-reliant systems are acquired and developed. Initial research activities have focused on specifying security requirements for these systems. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Agile Methods in Air Force Sustainment 12:27
12:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיFor several years, the Software Engineering Institute has researched the viability of Agile software development methods within Department of Defense programs and barriers to the adoption of those methods. In this podcast, SEI researcher Eileen Wrubel discusses how software sustainers leverage Agile methods and avoid barriers to using Agile methods. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Defect Prioritization With the Risk Priority Number 17:42
17:42 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:42
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMost software systems have some "defects" that are identified by users. Some of these are truly defects in that the requirements were not properly implemented; some are caused by changes made to other systems; still others are requests for enhancement – improvements that would improve the users' experience. These "defects" are generally stored in a database and are worked off in a series of incrementally delivered updates. For most systems, it is not financially feasible to fix all of the concerns in the near term, and indeed some issues may never be addressed. The government program office has an obligation to choose wisely among a set of competing defects to be implemented, especially in a financially constrained environment. In this podcast, Will Hayes and Julie Cohen discuss a generalized technique that could be used with any type of system to assist the program office in addressing and resolving the conflicting views and creating a better value system for defining releases. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 SEI-HCII Collaboration Explores Context-Aware Computing for Soldiers 20:18
20:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs the number of sensors on smart phones continues to grow, these devices can automatically track data from the user's environment, including geolocation, time of day, movement, and other sensor data. Making sense of this data in an ethical manner that respects the privacy of smartphone users is just one of the many challenges faced by researchers. In this podcast, Dr. Anind Dey, director of the Human Computer Interaction Institute (HCII) at CMU, and Dr. Jeff Boleng, principal researcher at the SEI, introduce context-aware computing and discuss a collaboration to help dismounted soldiers using context derived from sensors on them and their mobile devices, to ensure that they have the information and sensor support they need to optimize their mission performance. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 An Introduction to Context-Aware Computing 19:24
19:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs the number of sensors on smart phones continues to grow, these devices can automatically track data from the user's environment, including geolocation, time of day, movement, and other sensor data. Making sense of this data in an ethical manner that respects the privacy of smartphone users is just one of the many challenges faced by researchers. In this podcast, the first in a two-part series, Dr. Anind Dey and Dr. Jeff Boleng introduce context-aware computing and explore other issues related to sensor-fueled data in the internet of things. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Software vulnerabilities are defects or weaknesses in a software system that, if exploited, can lead to compromise of the control of a system or the information it contains. The problem of vulnerabilities in fielded software is pervasive and serious. In 2012, SEI researchers began investigating vulnerabilities reported to the SEI's CERT Division and determined that a large number of significant and pernicious software vulnerabilities likely had their origins early in the software development lifecycle in the requirements and design phases.In this podcast, SEI researchers Mike Konrad and Art Mansion discuss a project that was launched to investigate design-related vulnerabilities and quantify their effects. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Supply Chain Risk Management: Managing Third Party and External Dependency Risk 28:09
28:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOne caveat of outsourcing is that you can outsource business functions, but you cannot outsource the risk and responsibility to a third party. These must be borne by the organization that asks the population to trust they will do the right thing with their data.In this podcast, Matt Butkovic, the Technical Manager of CERT’s Cybersecurity Assurance Team, and John Haller, a member of Matt’s team, discuss approaches for more effectively managing supply chain risks, focusing on risks arising from "external entities that provide, sustain, or operate Information and Communications Technology (ICT) to support your organization." This is sometimes referred to as third party or external dependency risk. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Twelfth Principle 12:14
12:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the 12th and final podcast in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the 12th principle: at regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Introduction to the Mission Thread Workshop 23:45
23:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn Department of Defense programs, a system of systems (SoS) is integrated to accomplish a number of missions that involve cooperation among individual systems. Understanding the activities conducted within each system and how they interoperate to accomplish the missions of the SoS is of vital importance. A mission thread is a sequence of end-to-end activities and events, given as a series of steps, that accomplish the execution of one or more capabilities that the SoS supports. However, listing the steps and describing them do not reveal all the important concerns associated with cooperation among the systems to accomplish the mission; understanding the architectural and engineering considerations associated with each mission thread is also essential. In this podcast, Michael Gagliardi introduces the Mission Thread Workshop (MTW), a facilitated, stakeholder-centric workshop whose purpose is to elicit and refine end-to-end quality attribute, capability, and engineering considerations for SoS mission threads. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Eleventh Principle 14:05
14:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the 11th in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the 11th principle: the best architectures, requirements, and designs emerge from self-organizing teams. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 A Workshop on Measuring What Matters 30:41
30:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThis podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team’s experiences in planning and executing the workshop, and identifying improvements for future offerings. The Measuring What Matters Workshop introduces the Goal-Question-Indicator-Metric (GQIM) approach that enables users to derive meaningful metrics for managing cybersecurity risks from strategic and business objectives. This approach helps ensure that organizational leaders have better information to make decisions, take action, and change behaviors. Katie Stewart, Michelle Valdez, Lisa Young, and Julia Allen, the developers and facilitators of this workshop, are all members of CERT’s Cyber Resilience Management team. Further details about this workshop can be found in our workshop report. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Tenth Principle 13:57
13:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the tenth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the tenth principle: Simplicity—the art of maximizing the amount of work not done—is essential. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Predicting Software Assurance Using Quality and Reliability Measures 19:02
19:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSecurity vulnerabilities are defects that enable an external party to compromise a system. Our research indicates that improving software quality by reducing the number of errors also reduces the number of vulnerabilities and hence improves software security. Some portion of security vulnerabilities (maybe over half of them) are also quality defects. Can quality defect models that predict quality results be applied to security to predict security results? Simple defect models focus on an enumeration of development errors after they have occurred and do not relate directly to operational security vulnerabilities, except when the cause is quality related. In this podcast, Carol Woody and Bill Nichols discuss how a combination of software development and quality techniques can improve software security. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Ninth Principle 17:35
17:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the ninth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the ninth principle: continuous attention to technical excellence and good design enhances Agile. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Cyber Insurance and Its Role in Mitigating Cybersecurity Risk 37:26
37:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe goal of any cybersecurity investment is to reduce the potential impact from cyber risk. Initial investments should be in capability development—the implementation of controls to protect and sustain operations that depend on technology. As capability increases, additional capability investments produce diminishing returns—the curve flattens. At that point, investment in cyber insurance becomes an efficient means to further reduce risk.In this podcast, Jim Cebula, the Technical Manager of CERT’s Cybersecurity Risk Management Team, and David White, Chief Knowledge Officer with Axio Global, discuss cyber insurance, its potential role in reducing operational and cybersecurity risk, and how organizations are using it today. We also discuss ongoing CERT research on this topic. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In 2013, the AADL Standards meeting was held at SEI headquarters in Pittsburgh, Pa. The SEI Podcast Series team was there, and we interviewed several members of the AADL Standards Committee. This podcast is the fourth in a series based on these interviews. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
Soldiers in battle or emergency workers responding to a disaster often find themselves in environments with limited computing resources, rapidly-changing mission requirements, high levels of stress, and limited connectivity, which are often referred to as “tactical edge environments.” These types of scenarios make it hard to use mobile software applications that would be of value to soldiers or emergency personnel, including speech and image recognition, natural language processing, and situational awareness, because these computation-intensive tasks take a heavy toll on a mobile device’s battery power and computing resources. Researchers in the Advanced Mobile Systems Initiative at the SEI focus on cyber foraging, which uses discoverable, forward-deployed servers to extend the capabilities of mobile devices by offloading battery-draining computations to these more powerful resources, or for staging data particular to a mission. In this podcast, Grace Lewis discusses five approaches that her team developed and tested for using tactical cloudlets as a strategy for providing infrastructure to support computation offload and data staging at the tactical edge. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Agile Software Teams and How They Engage with Systems Engineering on DoD Acquisition Programs 11:46
11:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי11:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיPart of a series exploring Agile in the Department of Defense, this podcast addresses key issues that occur when Agile software teams engage with systems engineering functions in the development and acquisition of software-reliant systems. Published acquisition guidance still largely focuses on a system perspective, and fundamental differences exist between systems engineering and software engineering approaches. Those differences are compounded when Agile becomes a part of the mix, rather than adhering to more traditional "waterfall"-based development lifecycles. In this research, the SEI gathered more data from users of Agile methods in the DoD and delved deeper into the existing body of knowledge about Agile and systems engineering before addressing them. In this podcast, Acquisition researchers Eileen Wrubel and Suzanne Miller offer insight into how systems engineers and Agile software engineers can better collaborate when taking advantage of Agile as they deliver incremental mission capability. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Given that up to 70 percent of system errors are introduced during the design phase, stakeholders need a modeling language that will ensure both requirements enforcement during the development process and the correct implementation of these requirements. Previous work demonstrates that using the Architecture Analysis and Design Language (AADL) early in the development process not only helps detect design errors before implementation but also supports implementation efforts and produces high-quality code. Previous research has demonstrated how AADL can identify potential design errors and avoid propagating them through the development process. Verified specifications, however, are still implemented manually. This manual process is labor intensive and error prone, and it introduces errors that might break previously verified assumptions and requirements. For these reasons, code production should be automated to preserve system specifications throughout the development process. In this podcast, Julien Delange summarizes different perspectives on research related to code generation from software architecture models. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In September 2014, Alistair Cockburn met with researchers at the SEI headquarters in Pittsburgh, Pa. The SEI Podcast Series team was there as Cockburn sat down with Suzanne Miller to discuss his unique perspective as one of the creators of the Agile manifesto and his viewpoint on the current state of Agile adoption. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Eighth Principle 13:28
13:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the eighth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the eighth principle: Agile processes promotes sustainable development. The sponsors, developers, and users should be able to maintain a constant pace indefinitely. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 A Taxonomy of Operational Risks for Cyber Security 32:47
32:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganizations of all sizes in both the public and private sectors are increasingly reliant on information and technology assets, supported by people and facility assets, to successfully execute business processes that, in turn, support the delivery of services. Failure of these assets has a direct, negative impact on the business processes they support. This, in turn, can cascade into an inability to deliver services, which ultimately impacts the organizational mission. Given these relationships, the management of operational cybersecurity-related risks to these assets is a key factor in positioning the organization for success.In this podcast, Jim Cebula, the Technical Manager of the CERT Cybersecurity Risk Management Team, discusses a taxonomy that provides organizations with a common language and terminology they can use to discuss, document, and mitigate operational cybersecurity risks. The taxonomy identifies and organizes the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. This podcast is based on an SEI technical report and blog post. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
As the prevalence of suppliers using Agile methods grows, these professionals supporting the acquisition and maintenance of software-reliant systems are witnessing large portions of the industry moving away from so-called "traditional waterfall" lifecycle processes. The existing infrastructure supporting the work of acquisition professionals has been shaped by the experience of the industry—which up until recently has tended to follow a waterfall process. The industry is finding that the methods geared toward legacy life cycle processes must be realigned with new ways of doing business. In this podcast Will Hayes and Suzanne Miller discuss research intended to aid U. S. Department of Defense acquisition professionals in the use of Agile software development methods. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Four Principles for Engineering Scalable, Big Data Systems 20:12
20:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Ian Gorton describes four general principles that hold for any scalable, big data system. These principles can help architects continually validate major design decisions across development iterations, and hence provide a guide through the complex collection of design trade-offs all big data systems require. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 An Appraisal of Systems Engineering: Defense v. Non-Defense 14:05
14:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Joseph Elm analyzes differences in systems-engineering activities for defense and non-defense projects and finds differences in both deployment and effectiveness. This research is the result analysis of data collected from the 2011 Systems Engineering (SE) Effectiveness Survey performed by the National Defense Industrial Association Systems Engineering Division, the Institute of Electrical and Electronics Engineers Aerospace and Electronic Systems Society, and the SEI. This analysis examined the differences in the deployment and impact of SE activities between defense-domain projects and non-defense projects. The analysis found significant differences in both the deployment of SE in the two domains and the effectiveness of the SE. The report identifies specific process areas where effectiveness in one domain is noticeably higher than in the other. Further research to understand these differences will benefit both domains by enabling them to share best practices. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 HTML5 for Mobile Apps at the Edge 20:49
20:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMany warfighters and first responders operate at what we call "the tactical edge," where users are constrained by limited communication connectivity, storage availability, processing power, and battery life. In these environments, onboard sensors are used to capture data on behalf of mobile applications to perform tasks such as face recognition, speech recognition, natural language translation, and situational awareness. These applications then rely on network interfaces to send the data to nearby servers or the cloud, if local processing resources are inadequate. While software developers have traditionally used native mobile technologies to develop these applications, the approach has some drawbacks, such as limited portability. In contrast, HTML5 has been touted for its portability across mobile device platforms as well an ability to access functionality without having to download and install applications. In this podcast, Grace Lewis describes research aimed at evaluating the feasibility of using HTML5 to develop applications that can meet tactical edge requirements. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Seventh Principle 17:58
17:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the seventh in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense, the two researchers discuss the application of the seventh principle: Working software is the primary measure of progress. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In 2013, the AADL Standards meeting was held at SEI headquarters in Pittsburgh, Pa. The SEI Podcast Series team was there, and we interviewed several members of the AADL Standards Committee. This podcast is the third in a series based on these interviews. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Security and Wireless Emergency Alerts 12:30
12:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Wireless Emergency Alerts (WEA) service depends on information technology (IT)—computer systems and networks—to convey potentially life-saving information to the public in a timely manner. However, like other cyber-enabled services, the WEA service is susceptible to risks that may enable an attacker to disseminate unauthorized alerts or to delay, modify, or destroy valid alerts. Successful attacks on the alerting process may result in property destruction, financial loss, infrastructure disruption, injury, or death. Such attacks may damage WEA credibility to the extent that users ignore future alerts or disable alerting on their mobile devices. In this podcast, Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Safety and Behavior Specification Using the Architecture Analysis and Design Language 20:40
20:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Julien Delange discusses two extensions to the Architecture Analysis and Design Language: the behavior annex and the error-model annex. The behavior annex represents the functional logic of AADL components and interacts with the other system elements. SEI researchers are currently participating in the ongoing improvements of this extension of the AADL by connecting it to other analysis tools. The error model annex augments the architecture description by specifying safety concerns of the system (error propagation, error behavior, etc.). The language is the foundation of new analysis tools that provide qualitative and quantitative assessment of system safety and reliability. SEI researches have defined new tools that analyze the model and produces safety validation documents, such as the one required by safety standard such as the SAE ARP4761. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Characterizing and Prioritizing Malicious Code 27:08
27:08 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:08
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEvery day, major anti-virus companies and research organizations are inundated with new malware samples. Although estimates vary, approximately 150,000 new malware strains are released each day. Not enough manpower exists to manually address the volume of new malware samples that arrive daily in analysts' queues. Malware analysts need an approach that allows them to sort samples in a fundamental way so they can assign priority to the most malicious binary files. In this podcast, Jose Morales, a malicious software researcher with the CERT Division, discusses an approach for prioritizing malware samples, helping analysts to identify the most destructive malware to examine first, based on the binary file's execution behavior and its potential impact. Related Training Malware Analysis Apprenticeship Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Sixth Principle 15:00
15:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the sixth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense (DoD), the two researchers discuss the application of the sixth principle,The most efficient and effective method of conveying information to and within a development team is face-to-face conversation. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Using Quality Attributes to Improve Acquisition 18:24
18:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn the acquisition of a software-intensive system, the relationship between the software architecture and the acquisition strategy is typically not examined. Although software is increasingly important to the success of government programs, there is often little consideration given to its impact on early key program decisions. The Carnegie Mellon University Software Engineering Institute (SEI) is conducting a multi-phase research initiative aimed at answering the question: is the probability of a program's success improved through deliberately producing a program acquisition strategy and software architecture that are mutually constrained and aligned? Moreover, can we develop a method that helps government program offices produce such alignment? In this podcast, Patrick Place describes research aimed at determining how acquisition quality attributes can be expressed and used to facilitate alignment among the software architecture and acquisition strategy. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Best Practices for Trust in the Wireless Emergency Alerts Service 21:58
21:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTrust is a key factor in the effectiveness of the Wireless Emergency Alerts (WEA) service. Alert originators at emergency management agencies must trust WEA to deliver alerts to the public in an accurate and timely manner. The public must also trust the WEA service before they will act on the alerts that they receive. Managing trust in WEA is a responsibility shared among many stakeholders who are engaged with WEA. In this podcast, Robert Ellison and Carol Woody discuss research aimed at developing recommendations for alert originators, the Federal Emergency Management Agency, commercial mobile service providers, and suppliers of message-generation software that would enhance both alert originators' trust in the WEA service and the public's trust in the alerts that they receive. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Three Variations on the V Model for System and Software Testing 21:25
21:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe importance of verification and validation (especially testing) is a major reason that the traditional waterfall development cycle underwent a minor modification to create the V model that links early development activities to their corresponding later testing activities. In this podcast, Don Firesmith introduces three variants on the V model of system or software development that make it more useful to testers, quality engineers, and other stakeholders interested in the use of testing as a verification and validation method. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Adapting the PSP to Incorporate Verified Design by Contract 17:44
17:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Personal Software Process promotes the use of careful procedures during all stages of development with the aim of increasing an individual's productivity and producing high quality final products. Formal methods use the same methodological strategy as the PSP: emphasizing care in development procedures as opposed to relying on testing and debugging. They also establish the radical requirement of proving mathematically that the programs produced satisfy their specifications. Design by Contract is a technique for designing components of a software system by establishing their conditions of use and behavioral requirements in a formal language. When appropriate techniques and tools are incorporated to prove that the components satisfy the established requirements, the method is called Verified Design by Contract (VDbC). In this podcast, Bill Nichols discusses a proposal for integrating VDbC into PSP to reduce the number of defects present at the unit-esting phase, while preserving or improving productivity. The resulting adaptation of the PSP, called PSPVDC, incorporates new phases, modifies others, and adds new scripts and checklists to the infrastructure. Specifically, the phases of formal specification, formal specification review, formal specification compile, test case construct, pseudo code, pseudo code review, and proof are added. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Comparing IT Risk Assessment and Analysis Methods 37:27
37:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTechnical professionals are often called on to research, recommend, implement, and execute IT risk assessment and analysis processes. These processes provide important data used by management to responsibly grow and protect the business through good decision making for mitigating, accepting, transferring, or avoiding risk. These decisions must account for IT risks caused by emerging threats to the enterprise and vulnerabilities in the people, processes and technologies required for digital business. Which method you choose for IT risk assessment and risk analysis is far less important than ensuring that the selected methodology is operationalized and a good fit for the corporate culture. The selected approach must be able to produce output that is meaningful to management, and supporting processes must account for assumptions, documentation, and potential gaming of the system. Tools should be leveraged, where possible, to ease method adoption. In this podcast, Ben Tomhave and Erik Heidt, research directors with Gartner Technical Professionals, discuss methods for IT risk assessment and analysis and comparison factors for selecting the methods that are the best fit for your organization. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In 2013, the AADL Standards meeting was held at SEI headquarters in Pittsburgh, PA. The SEI Podcast Series team was there, and we interviewed several members of the AADL Standards Committee. This podcast is the second in a series based on those interviews. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
The SEI has seen increased interest and adoption of OSS products across the federal government, including the Department of Defense, the intelligence community, and the Department of Homeland Security. The catalyst for this increase has been innovators in government seeking creative solutions to rapidly field urgently needed technologies. While the rise of OSS adoption signals a new approach for government t acquirers, it is not without risks that, it is not without risks that must be acknowledged and addressed, particularly given current certification and accreditation (C&A) techniques. In this podcast, Kate Ambrose Sereno and Naomi Anderson discuss research aimed at developing adoptable, evidence-based, data-driven approaches to evaluating (open source) software. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Security Pattern Assurance through Roundtrip Engineering 16:00
16:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe process of designing and analyzing software architectures is complex. Architectural design is a minimally constrained search through a vast multi-dimensional space of possibilities. The end result is that architects are seldom confident that they have done the job optimally, or even satisfactorily. Over the past two decades, practitioners and researchers have used architectural patterns to expedite sound software design. Architectural patterns are prepackaged chunks of design that provide proven structural solutions for achieving particular software system quality attributes, such as scalability or modifiability. While use of patterns has simplified the architectural design process somewhat, key challenges remain. In this podcast, Rick Kazman discusses these challenges and a solution he has developed for achieving system security qualities through use of patterns. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) 28:50
28:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיES-C2M2 helps improve the operational resilience of the U.S. power grid. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Fifth Principle 20:53
20:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the fifth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of Agile principles in the Department of Defense (DoD), the two researchers discuss the application of the fifth principle, Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job done. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
From the braking system in automobiles to the software that controls aircraft, safety-critical systems are ubiquitous. Showing that such systems meet their safety requirements has become a critical area of work for software and systems engineers. The SEI is addressing this issue with a significant research program into assurance cases. In this podcast, the first in a series on assurance cases and confidence, Charles Weinstock introduces the concept of assurance cases and discusses how they can be used to assure that complex software-based systems meet certain kinds of requirements such as safety, security, and reliability. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Raising the Bar - Mainstreaming CERT C Secure Coding Rules 25:17
25:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAn essential element of secure coding in the C programming language is a set of well-documented and enforceable coding rules. The rules specified in this Technical Specification apply to analyzers, including static analysis tools, and C language compiler vendors that wish to diagnose insecure code beyond the requirements of the language standard. All rules are meant to be enforceable by static analysis. The application of static analysis to security has been done in an ad hoc manner by different vendors, resulting in nonuniform coverage of significant security issues. This specification enumerates secure coding rules and requires analysis engines to diagnose violations of these rules as a matter of conformance to this specification. In this podcast, Robert Seacord, the leader of CERT's Secure Coding Initiative, discusses the 7-year journey resulting in the selection of 46 coding rules, derived from the CERT C Secure Coding Standard, for this new technical specification. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In 2013, the AADL Standards meeting was held at SEI headquarters in Pittsburgh, Pa. The SEI Podcast Series team was there, and we interviewed several members of the AADL Standards Committee. This podcast, with Peter Feiler and Etienne Borde of Télécom Paris Tech, is the first in a series based on these interviews. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 From Process to Performance-Based Improvement 23:49
23:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Tim Chick and Gene Miluk discuss methodology and outputs of the Checkpoint Diagnostic, a tool that provides organizations with actionable performance related information and analysis closely linked to business value. The Checkpoint Diagnostic utilizes process models, data mapping, and quantitative analytics to provide organizations with qualitative process baselines, quantitative performance baselines, benchmark performance comparison, and a prioritized listing of improvement opportunities. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 An Approach to Managing the Software Engineering Challenges of Big Data 20:07
20:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, Ian Gorton and John Klein discuss big data and the challenges it presents for software engineers. With help from fellow SEI researchers, the two have developed a lightweight risk reduction approach to help software engineers manage the challenges of big data. Called Lightweight Evaluation and Architecture Prototyping (for Big Data), the approach is based on principles drawn from proven architecture and technology analysis and evaluation techniques to help the Department of Defense (DoD) and other enterprises including avionics, communications, and healthcare develop and evolve systems to manage big data. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience 27:46
27:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe U.S. Department of Homeland Security (DHS) conducts a no-cost, voluntary Cyber Resilience Review (CRR) to evaluate and enhance cybersecurity capacities and capabilities within all 18 Critical Infrastructure and Key Resources (CIKR) Sectors, as well as State, Local, Tribal, and Territorial (SLTT) governments. The goal of the CRR is to develop an understanding of an organization’s operational resilience and ability to manage cyber risk to its critical services and assets during normal operations and during times of operational stress and crises. In this podcast, Kevin Dillon, Branch Chief for Stakeholder Risk Assessment and Mitigation with DHS and Matthew Butkovic, the CERT Division’s Technical Portfolio Manager for Infrastructure Resilience, discuss the DHS Cyber Resilience Review and how it is helping critical infrastructure owners and operators improve their operational resilience and security. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In this podcast Soumya Simanta describes research aimed at creating the Edge Mission-Oriented Tactical App Generator (eMontage), a software prototype that allows warfighters and first responders to rapidly integrate or mash geo-tagged situational awareness data from multiple remote data sources. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Fourth Principle 18:19
18:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the fourth in a series by Suzanne Miller and Mary Ann Lapham exploring the application of agile principles in the Department of Defense (DoD), the two researchers discuss the application of the fourth principle, "Business people and developers must work together daily throughout the project." Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Architecting Systems of the Future 12:44
12:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, Eric Werner discusses research that he and several of his colleagues are conducting to help software developers create systems for the many-core central processing units in massively parallel computing environments. Eric and his team are creating a software library that can exploit the heterogeneous parallel computers of the future and allow developers to create systems that are more efficient at computation and power consumption. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In this episode, Bill Novak talks about his work with acquisition archetypes and how they can be used to help government programs avoid problems in software development and systems acquisition. Acquisition archetypes are developed based on experiences with actual programs, and they use concepts from systems thinking to characterize and analyze dynamics. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In this episode, James Edmondson discusses his research on autonomous systems, specifically robotic systems and autonomous systems for robotic systems. In particular, his research focuses on partial autonomy with an aim of complementing human users and extending their reach and capabilities in mission- critical environments. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Mobile Applications for Emergency Managers 10:15
10:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי10:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn late June 2013, a team of SEI researchers attended a four-day music festival at the invitation of Adam Miller, director of the Huntingdon County, Pennsylvania, Emergency Management Agency. The festival typically draws close to 100,000 concert goers to a rural farm in Pennsylvania that lacks significant infrastructure and is accessible only by a two-lane highway. Miller is charged with ensuring the public safety, so it seemed like a good match to partner with researchers from the SEI's Advanced Mobile Systems Team, which supports emergency responders and soldiers in the field who work in situations with limited computer resources, poor connections with networks, and highly diverse missions. This podcast highlights an interview that Bill Pollak, communication and transition manager in the SEI Software Solutions Division, conducted with Miller. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions 32:55
32:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn recent years, rapid evolutions have occurred in technology and its application in most market sectors, leading to the introduction of many new systems, business processes, markets, and enterprise integration approaches. How do you manage the interactions of systems and processes that are continually evolving? Just as important, how can you tell if you are doing a good job of managing these changes, as well as monitoring your progress on an ongoing basis? And how do poor processes impact interoperability, safety, reliability, efficiency, and effectiveness? Maturity models can help you answer these questions by providing a benchmark to use when assessing how a set of security practices has evolved. [1] In this podcast, Rich Caralli, the technical director of CERT's Cyber Enterprise and Workforce Management Directorate, discusses maturity models and how they are being used to improve cybersecurity. He describes their key concepts, definitions, and principles and how these can and have been applied to a wide range of disciplines and market sectors. Related Courses Introduction to the CERT Resilience Management Model Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Third Principle 16:16
16:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the third in a series by Suzanne Miller and Mary Ann Lapham exploring the application of agile principles in the Department of Defense (DoD), the two researchers discuss the application of the third principle, "Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale." Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 DevOps - Transform Development and Operations for Fast, Secure Deployments 33:44
33:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי"Release early, release often" to significantly improve software performance, stability, and security using a DevOps approach. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Application Virtualization as a Strategy for Cyber Foraging 21:28
21:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיModern mobile devices create new opportunities to interact with their surrounding environment, but their computational power and battery capacity is limited. Code offloading to external servers located in clouds or data centers can help overcome these limitations. However, in hostile environments it is not possible to guarantee reliable networks. Consequently, stable cloud access is not available. Cyber foraging is a technique for offloading resource-intensive tasks from mobile devices to resource-rich surrogate machines in close wireless proximity. One type of surrogate machine is a cloudlet—a generic server that runs one or more virtual machines (VMs) located in single-hop distance to the mobile device. Cloudlet-based cyber foraging can compensate for missing cloud access in hostile environments. One strategy for cloudlet provisioning is VM synthesis. Unfortunately, this method is time consuming and battery draining because it requires large file transfers. In this podcast, researcher Grace Lewis discusses application virtualization as a more lightweight alternative to VM synthesis for cloudlet provisioning. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Common Testing Problems: Pitfalls to Prevent and Mitigate 16:45
16:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe National Institute of Standards & Technology (NIST) reports that inadequate testing methods and tools annually cost the U.S. economy between $22.2 billion and $59.5 billion, with roughly half of these costs borne by software developers in the form of extra testing and half by software users in the form of failure avoidance and mitigation efforts. The same study notes that between 25 percent and 90 percent of software development budgets are often spent on testing. In this episode, SEI researcher Don Firesmith discusses problems that commonly occur during testing as well as his development of a framework that lists potential symptoms by which each can be recognized, potential negative consequences, and potential causes, and makes recommendations for preventing them or mitigating their effects. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Joint Programs and Social Dilemmas 13:19
13:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, SEI researcher Bill Novak discusses joint programs and social dilemmas, which have become increasingly common in defense acquisition, and the ways in joint program outcomes can be affected by their underlying structure. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: Second Principle 12:33
12:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the second in a series by Suzanne Miller and Mary Ann Lapham exploring the application of agile principles in the Department of Defense (DoD), the two researchers discuss the application of the second principle, "Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive advantage." Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Disruptive Events - CERT-RMM Experience Reports 36:26
36:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיFour experience reports demonstrate how the CERT Resilience Management Model can be applied to manage complex and diverse operational risks. Related Courses Introduction to the CERT Resilience Management Model CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Reliability Validation and Improvement Framework 13:45
13:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, Peter Feiler discusses his recent work to improve the quality of software-reliant systems through an approach known as the Reliability Validation and Improvement Framework. The purpose of the framework is to facilitate early defect discovery and incremental end-to-end validation. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 The Business Case for Systems Engineering 25:18
25:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Joe Elm discusses the results of a recent technical report, The Business Case for Systems Engineering, which establishes clear links between the application of systems engineering (SE) best practices to projects and programs and the performance of those projects and programs. The report clearly shows that projects that do more SE perform better in terms of meeting budgets, schedules, and technical requirements. The survey population consisted of projects and programs executed by system developers reached through the National Defense Industrial Association Systems Engineering Division, the Institute of Electrical and Electronics Engineers Aerospace and Electronic Systems Society, and the International Council on Systems Engineering. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity 21:24
21:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA common language is essential to develop a shared understanding to better analyze malicious code. Related Course Malware Analysis Apprenticeship Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Agile in the DoD: First Principle 18:36
18:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, the first in a series by Suzanne Miller and Mary Ann Lapham exploring the application of agile principles in the Department of Defense (DoD), the two researchers discuss the application of the first principle, "Our highest priority is to satisfy the customer through early and continuous delivery of valuable software." Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 The Evolution of a Science Project 19:47
19:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAnalysis work by the SEI on data collected from more than 100 independent technical assessments (ITAs) of software-reliant acquisition programs has produced insights into some of the most common ways that programs encounter difficulties. In this episode, Bill Novak and Andy Moore describe a recent technical report, The Evolution of a Science Project, which is based on these insights, and intends to mitigate the effects of both misaligned acquisition program organizational incentives, and adverse software-reliant acquisition structural dynamics, by improving acquisition staff decision-making. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing Mobile Devices aka BYOD 24:06
24:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnsuring the security of personal mobile devices that have access to enterprise networks requires action from employers and users. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 What's New With Version 2 of the AADL Standard? 13:33
13:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, Peter Feiler, primary author of the Architecture Analysis & Design Language (AADL) standard, discusses the latest changes to the standard, the second version of which was released in January 2009. First published in 2004 by SAE International, AADL is a modeling notation that employs both a textual and graphical representation to provide modeling concepts to describe the runtime architecture of application systems in terms of concurrent tasks, their interactions, and their mapping onto an execution platform. Development organizations use AADL to conduct lightweight, rigorous, yet comparatively inexpensive analyses of critical real-time factors such as performance, dependability, security, and data integrity. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 The State of the Practice of Cyber Intelligence 17:29
17:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn 2012, representatives from the government approached the SEI Innovation Center about conducting research to assess the state of the practice of cyber intelligence. The overall intent is to expose industry to the best practices in capabilities and methodologies developed by the government, and for the government to learn from the process efficiencies and tools used in industry. In areas where both the government and industry are experiencing challenges, the SEI can leverage its expertise to develop and prototype innovative technologies and processes that can benefit all participants in the program. In this podcast, Troy Townsend and Jay McAllister discuss their findings with Suzanne Miller, a researcher at the SEI. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Mitigating Insider Threat - New and Improved Practices Fourth Edition 35:15
35:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי371 cases of insider attacks lead to 4 new and 15 updated best practices for mitigating insider threat. Related Course Insider Threat Workshop Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Technology Readiness Assessments 15:47
15:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast, Michael Bandor discusses technology readiness assessments, which the Department of Defense defines as a formal, systematic, metrics-based process and accompanying report that assess the maturity of critical hardware and software technologies to be used in systems. In a discussion with fellow researcher Suzanne Miller, Bandor discusses the latest developments with TRAs and his experiences. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Organizations that use the cloud want the ability to easily move workloads and data from one cloud provider to another or between private and public clouds. A common tactic for enabling interoperability is the use of open standards, and many cloud standardization projects are developing standards for the cloud. In this podcast, Grace Lewis discusses her latest research exploring the role of standards in cloud-computing interoperability, which covers cloud-computing basics, standard-related efforts, cloud-interoperability use cases, and provides some recommendations for moving forward with cloud-computing adoption regardless of the maturity of standards for the cloud. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk 26:45
26:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיGovernments and markets are calling for the integration of plans for and responses to disruptive events. Related Courses Introduction to the CERT Resilience Management Model CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
In this episode, Julien Delange and Peter Feiler discuss the latest developments with the Architecture Analysis and Design Language (AADL) standard. First published in 2004 by SAE International, AADL is a modeling notation that employs both a textual and graphical representation. AADL provides modeling concepts to describe the runtime architecture of application systems in terms of concurrent tasks, their interactions, and their mapping onto an execution platform. Development organizations use AADL to conduct lightweight, rigorous, yet comparatively inexpensive analyses of critical real-time factors such as performance, dependability, security, and data integrity. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In today's fast-paced, global economy, industry and government customers demand innovation coupled with the ability to adapt products and systems to rapidly changing needs. At the same time, the time frame for developing software continues to shorten. As a result, agile software development processes like Scrum and Extreme Programming, with their emphasis on releasing new software capabilities rapidly, are increasing in popularity beyond small teams and individual projects. In this episode, Tim Chick, a senior member of the technical staff in the Team Software Process (TSP) initiative, discusses the fundamentals of agile, specifically what it means for an organization to be agile and provides three criteria for organizations seeking to implement agile. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Software for Soldiers who use Smartphones 16:57
16:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhether soldiers are on the battlefield or providing humanitarian relief effort, they need to capture and process a wide range of text, image, and map-based information. To support soldiers in this effort, the Department of Defense is beginning to equip soldiers with smartphones to allow them to manage that vast array and amount of information they encounter while in the field. Whether the information gets correctly conveyed up the chain of command depends, in part, on the soldier's ability to capture accurate data while in the field. In this episode, Ed Morris describes research to create a software application for smartphones that allows soldier end-users to program their smartphones to provide an interface tailored to the information they need for a specific mission. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Disruptive Events: Making the Case for Operational Resilience 24:26
24:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיToday's high-risk, global, fast, and very public business environment demands a more integrated approach to not be surprised by disruptive events. Related Courses Introduction to the CERT Resilience Management Model CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Listen on Apple Podcasts .…
A common misconception is that developers using a service-oriented architecture can achieve system qualities such as interoperability and modifiability by simply integrating a set of vendor products that provide an infrastructure. Developers often believe they may then use this infrastructure to expose a set of reusable services to build systems. In reality, developers need to make many architectural decisions. In this episode, Grace Lewis discusses general guidelines for architecting service-oriented systems, how common service-oriented system components support these principles, and the effect these principles and their implementation have on system quality attributes. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
In this podcast, Bill discusses the development of the long-term, technical strategic plan of the SEI to advance the practice of software engineering for the Department of Defense (DoD) through research and technology transition involving the DoD, federal agencies, industry, and academia. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Quantifying Uncertainty in Early Lifecycle Cost Estimation 10:05
10:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי10:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBy law, major defense acquisition programs are now required to prepare cost estimates earlier in the acquisition lifecycle, including pre-Milestone A, well before concrete technical information is available on the program being developed. Estimates are therefore often based on a desired capability-or even on an abstract concept-rather than a concrete technical solution plan to achieve the desired capability. Hence the role and modeling of assumptions becomes more challenging. In today's podcast episode, Jim McCurley and Robert Stoddard discuss a new method developed by the SEI's Software Engineering Measurement and Analysis (SEMA) team, Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE). QUELCE is a method for improving pre-Milestone A software cost estimates through research designed to improve judgment regarding uncertainty in key assumptions (called "program change drivers"), the relationships among the program change drivers, and their impact on cost. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities 28:55
28:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA network profile can help identify unintended points of entry, misconfigurations, and other weaknesses that may be visible to attackers. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Architecting a Financial System with TSP 28:27
28:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe SEI recently worked with Bursatec to create a reliable and fast new trading system for Groupo Bolsa Mexicana de Valores, the Mexican Stock Exchange. This project combined elements of the SEI's Architecture Centric Engineering (ACE) method, which requires effective use of software architecture to guide system development, with its Team Software Process (TSP), which is a team-centric approach to developing software that enables organizations to better plan and measure their work. In this episode, Felix Bachmann and James McHale discuss their work on the project. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Organizations rely on valid data to make informed decisions. When data integrity is compromised, the veracity of the decision-making process is likewise threatened. In this episode, Dave Zubrow discusses the importance of data quality and research that his team is undertaking in this area. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them 37:39
37:39 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:39
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDeploy vulnerability exploit prevention and mitigation techniques to thwart attacks and manage the arms race. Related Course Malware Analysis Apprenticeship Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
In this episode, Novak discusses misaligned incentives, misaligned people incentives in software acquisition programs, and how the wrong incentives can undermine acquisition programs and produce poor outcomes. Listen on Apple Podcasts .
Soldiers can use handheld mobile computing devices (aka smart-phones) to help with various tasks, such as speech and image recognition, natural language processing, decision making and mission planning. There are challenges to achieving these capabilities such as unreliable networks and bandwidth, lack of computational power, and the toll that computation-intensive tasks take on battery power. In this episode, Grace discusses research that she is leading to overcome these challenges by using cloudlets, which are localized, lightweight servers running one or more virtual machines on which soldiers can offload expensive computations from their handheld mobile devices, thereby providing greater processing capacity and helping conserve battery power. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 An Architecture-Focused Measurement Framework for Managing Technical Debt 15:49
15:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיManaging technical debt, which refers to the rework and degraded quality resulting from overly hasty delivery of software capabilities to users, is an increasingly critical aspect of producing cost-effective, timely, and high-quality software products. A delicate balance is needed between the desire to release new software capabilities rapidly to satisfy users and the desire to practice sound software engineering that reduces rework. In this podcast, Ipek Ozkaya discusses the SEI's research on the strategic management of technical debt, which involves decisions made to defer necessary work during the planning or execution of a software project. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
The SEI is focused on reducing the DoD information technology (IT) development cycle currently as long as 81 months to short, incremental approaches that yield results more quickly. One complicating factor is that DoD acquisition programs (like other highly-regulated commercial environments) have a prescribed vision of how IT systems are developed. This podcast explores the SEI's research and work to assist the DoD in Agile acquisition. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 How a Disciplined Process Enhances & Enables Agility 21:04
21:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTypically, people who believe themselves to be Agile, believe that developers realize the best results when they focus on empowered teams, collaboration with stakeholders, avoiding unnecessary work, and receiving frequent feedback. Agilests hate the term "process" because they use the word somewhat differently than we do. The word "process," however, can be defined as something done repeatedly, with some discipline, and to achieve an end. In this podcast, Bill Nichols discusses how a disciplined process enables and enhances agility. Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 U.S. Postal Inspection Service Use of the CERT Resilience Management Model 23:53
23:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCERT-RMM can be used to establish and meet resilience requirements for a wide range and diverse set of business objectives. Related Courses Introduction to the CERT Resilience Management Model CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Insights from the First CERT Resilience Management Model Users Group 26:36
26:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיImplementing CERT-RMM requires well-defined improvement objectives, sponsorship, proper scoping and diagnosis, and defined processes and measures. Related Courses: Introduction to the CERT Resilience Management Model CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 NIST Catalog of Security and Privacy Controls, Including Insider Threat 28:10
28:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSecurity controls, including those for insider threat, are the safeguards necessary to protect information and information systems. Related Course Insider Threat Workshop Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Cisco's Adoption of CERT Secure Coding Standards 24:41
24:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיImplementing secure coding standards to reduce the number of vulnerabilities that can escape into operational systems is a sound business decision. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors. Related Courses Information Security for Technical Staff Fundamentals of Incident Handling Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Considering Security and Privacy in the Move to Electronic Health Records 28:27
28:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיElectronic health records bring many benefits along with security and privacy challenges. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Measuring Operational Resilience 25:32
25:32 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:32
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMeasures of operational resilience should answer key questions, inform decisions, and affect behavior. Related Course Introduction to the CERT Resilience Management Model Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Why Organizations Need a Secure Domain Name System 20:51
20:51 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:51
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיUse of Domain Name System security extensions can help prevent website hijacking attacks. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Controls for Monitoring the Security of Cloud Services 19:19
19:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDepending on the service model, cloud providers and customers can monitor and implement controls to better protect their sensitive information. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Building a Malware Analysis Capability 24:47
24:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAnalyzing malware is essential to assess the damage and reduce the impact associated with ongoing infection. Related Course Malware Analysis Apprenticeship Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Using the Smart Grid Maturity Model (SGMM) 29:41
29:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOver 100 electric power utilities are accelerating their transformation to the smart grid by using the Smart Grid Maturity Model. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM 28:06
28:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders must address risk at the enterprise, business process, and system levels to effectively protect against today's and tomorrow's threats. Related Courses Assessing Information Security Risk Using the OCTAVE Approach Introduction to the CERT Resilience Management Model Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
Scenario-based exercises help organizations, governments, and nations prepare for, identify, and mitigate cyber risks. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Indicators and Controls for Mitigating Insider Threat 23:26
23:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTechnical controls may be effective in helping prevent, detect, and respond to insider crimes. Related Course Insider Threat Workshop Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 How Resilient Is My Organization? 39:02
39:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיUse the CERT Resilience Management Model (CERT-RMM) to help ensure that critical assets and services perform as expected in the face of stress and disruption. Related Course Introduction to the CERT Resilience Management Model Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Public-Private Partnerships: Essential for National Cyber Security 31:24
31:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיGovernment agencies and private industry must build effective partnerships to secure national critical infrastructures. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Software Assurance: A Master's Level Curriculum 34:37
34:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיKnowledge about software assurance is essential to ensure that complex systems function as intended. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 How to Develop More Secure Software - Practices from Thirty Organizations 29:27
29:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganizations can benchmark their software security practices against 109 observed activities from 30 organizations. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Mobile Device Security: Threats, Risks, and Actions to Take 26:15
26:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInternet-connected mobile devices are becoming increasingly attractive targets Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Establishing a National Computer Security Incident Response Team (CSIRT) 27:56
27:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA national CSIRT is essential for protecting national and economic security, and ensuring the continuity of government agencies and critical infrastructures. Related Courses Creating a Computer Security Incident Response Team Managing Computer Security Incident Response Teams Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing Industrial Control Systems 23:09
23:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSecuring systems that control physical switches, valves, pumps, meters, and manufacturing lines as these systems connect to the internet is critical for service continuity. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 The Power of Fuzz Testing to Reduce Security Vulnerabilities 26:02
26:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTo help identify and eliminate security vulnerabilities, subject all software that you build and buy to fuzz testing. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Protect Your Business from Money Mules 19:02
19:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganized criminals recruit unsuspecting intermediaries to help steal funds from small businesses. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
Being able to respond effectively when faced with a disruptive event requires that staff members learn to become more resilient. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 The Role of the CISO in Developing More Secure Software 26:56
26:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCISOs must leave no room for anyone to deny that they understand what is expected of them when developing secure software. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Computer and Network Forensics: A Master's Level Curriculum 24:46
24:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיStudents learn how to combine multiple facets of digital forensics and draw conclusions to support full-scale investigations. Related Training Advanced Incident Handling Advanced Information Security for Technical Staff Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Introducing the Smart Grid Maturity Model (SGMM) 25:56
25:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe SGMM provides a roadmap to guide an organization's transformation to the smart grid. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Leveraging Security Policies and Procedures for Electronic Evidence Discovery 25:45
25:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBeing able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Integrating Privacy Practices into the Software Development Life Cycle 17:28
17:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAddressing privacy during software development is just as important as addressing security. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Using the Facts to Protect Enterprise Networks: CERT's NetSA Team 22:01
22:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיNetwork defenders and business leaders can use NetSA measures and evidence to better protect their networks. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Ensuring Continuity of Operations When Business Is Disrupted 21:23
21:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיProviding critical services during times of stress depends on documented, tested business continuity plans. Related Course Introduction to CERT Resiliency Management Model Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Relationships with Business Partners to Achieve Operational Resiliency 27:08
27:08 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:08
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA defined, managed process for third party relationships is essential, particularly when business is disrupted. Related Course Introduction to CERT Resiliency Management Model Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 The Smart Grid: Managing Electrical Power Distribution and Use 20:16
20:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Electronic Health Records: Challenges for Patient Privacy and Security 26:02
26:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיElectronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Mitigating Insider Threat: New and Improved Practices 36:22
36:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTwo hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. Related Courses Assessing Information Security Risk Using the OCTAVE Practical Risk Management: Framework and Methods Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 The Upside and Downside of Security in the Cloud 27:41
27:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhen considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 More Targeted, Sophisticated Attacks: Where to Pay Attention 20:05
20:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders need to take action to better mitigate sophisticated social engineering attacks. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Is There Value in Identifying Software Security "Never Events?" 20:22
20:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיNow may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Cyber Security, Safety, and Ethics for the Net Generation 20:14
20:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCapitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 An Experience-Based Maturity Model for Software Security 21:49
21:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיObserved practice, represented as a maturity model, can serve as a basis for developing more secure software. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Mainstreaming Secure Coding Practices 20:03
20:03 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:03
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיRequiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Security: A Key Enabler of Business Innovation 23:54
23:54 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:54
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMaking security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. Related Courses Assessing Information Security Risk Using the OCTAVE Approach Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Better Incident Response Through Scenario Based Training 22:56
22:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTeams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. Related Courses Advanced Incident Handling Advanced Information Security for Technical Staff Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 An Alternative to Risk Management for Information and Software Security 25:53
25:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיStandard, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. Related Course Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Tackling Tough Challenges: Insights from CERT’s Director Rich Pethia 17:33
17:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיRich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Climate Change: Implications for Information Technology and Security 23:45
23:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיClimate change requires new strategies for dealing with traditional IT and information security risks. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Using High Fidelity, Online Training to Stay Sharp 26:38
26:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיVirtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. Related Courses Managing Enterprise Information Security Information Security for Technical Staff Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Integrating Security Incident Response and e-Discovery 25:34
25:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיResponding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Related Course Managing Computer Security Incident Response Teams Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Concrete Steps for Implementing an Information Security Program 21:29
21:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Virtual Communities: Risks and Opportunities 18:06
18:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhen considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Developing Secure Software: Universities as Supply Chain Partners 23:22
23:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIntegrating security into university curricula is one of the key solutions to developing more secure software. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Security Risk Assessment Using OCTAVE Allegro 18:10
18:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOCTAVE® Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. Related Course OCTAVE Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Getting to a Useful Set of Security Metrics 18:49
18:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWell-defined metrics are essential to determine which security practices are worth the investment. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 How to Start a Secure Software Development Program 20:01
20:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Risk to Critical Infrastructures at the National Level 22:13
22:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיProtecting critical infrastructures and the information they use are essential for preserving our way of life. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Analyzing Internet Traffic for Better Cyber Situational Awareness 29:34
29:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAutomation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Related Courses Information Security for Technical Staff Advanced Information Security for Technical Staff Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Security Vulnerabilities Based on What Matters Most 23:28
23:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDetermining which security vulnerabilities to address should be based on the importance of the information asset. Related Course Information Security for Technical Staff Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Identifying Software Security Requirements Early, Not After the Fact 22:57
22:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDuring requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Making Information Security Policy Happen 24:18
24:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTargeted, innovative communications and a robust life cycle are keys for security policy success. Related Course Managing Enterprise Information Security Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Becoming a Smart Buyer of Software 21:11
21:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיManaging software that is developed by an outside organization can be more challenging than building it yourself. Related Course Software Acquisiton Survival Skills Course Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Connecting the Dots Between IT Operations and Security 24:40
24:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHigh performing organizations effectively integrate information security controls into mainstream IT operational processes. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Getting in Front of Social Engineering 23:56
23:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHelping your staff learn how to identify social engineering attempts is the first step in thwarting them. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Using Benchmarks to Make Better Security Decisions 20:07
20:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBenchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Protecting Information Privacy - How To and Lessons Learned 22:12
22:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Initiating a Security Metrics Program: Key Points to Consider 12:05
12:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Insider Threat and the Software Development Life Cycle 23:33
23:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSignificant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Tackling the Growing Botnet Threat 20:34
20:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders need to understand the risks to their organizations caused by the proliferation of botnets. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Building a Security Metrics Program 22:34
22:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSelecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Inadvertent Data Disclosure on Peer-to-Peer Networks 20:14
20:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיPeer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Information Compliance: A Growing Challenge for Business Leaders 21:54
21:54 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:54
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDirectors and senior executives are personally accountable for protecting information entrusted to their care. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Internal Audit's Role in Information Security: An Introduction 14:26
14:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInternal Audit can serve a key role in putting an effective information security program in place, and keeping it there. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 What Business Leaders Can Expect from Security Degree Programs 18:30
18:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInformation security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees? Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 The Path from Information Security Risk Assessment to Compliance 26:18
26:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInformation security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome. Related Course Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Computer Forensics for Business Leaders: Building Robust Policies and Processes 12:22
12:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations. Related Training Computer Forensics for Technical Staff Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Business Resilience: A More Compelling Argument for Information Security 24:34
24:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA business resilience argument can bridge the communication gap that often exists between information security officers and business leaders. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity 18:24
18:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBy taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their organizations stand up to known and unknown threats. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 The Human Side of Security Trade-Offs 27:15
27:15 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:15
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIt's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Dual Perspectives: A CIO's and CISO's Take on Security 26:21
26:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיGiven that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Reducing Security Costs with Standard Configurations: U.S. Government Initiatives 25:09
25:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInformation security costs can be significantly reduced by enforcing standard configurations for widely deployed systems. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Tackling Security at the National Level: A Resource for Leaders 22:19
22:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope. Related Courses Creating a Computer Security Incident Response Team Managing Computer Security Incident Response Teams Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology 21:40
21:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness models are evolving. This has challenging implications as security threats become more covert and technologies facilitate information migration. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
Defense-in-Depth is one path toward enterprise resilience - the ability to withstand threats and failures. The foundational aspects of compliance management and risk management serve as stepping-stones to and supports for other, more technical aspects. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 Protecting Against Insider Threat 27:09
27:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe threat of attack from insiders is real and substantial. Insiders have a significant advantage over others who might want to harm an organization. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Change Management: The Security 'X' Factor 18:38
18:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn a recent survey of organizations' security posture, one factor separated high performers from the rest of the pack: change management. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT 23:35
23:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיLearn more about the future of CERT and Rich Pethia's view of the Internet security landscape. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Proactive Remedies for Rising Threats 19:36
19:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThreats to information security are increasingly stealthy, but they are on the rise and must be mitigated through sound policy and strategy. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Why Leaders Should Care About Security 17:53
17:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיLeaders need to be security conscious and to treat adequate security as a non-negotiable requirement of being in business. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
Integrating security into standard business operating processes and procedures is more effective than treating security as a compliance exercise. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
ROI is a useful tool because it enables comparison among investments in a consistent way. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Real-World Security for Business Leaders 20:27
20:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSecurity is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business. Related Courses Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Using Standards to Build an Information Security Program 27:52
27:52 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:52
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders can use international standards to create a business- and risk-based information security program. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Getting Real About Security Governance 19:24
19:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEnterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities. Related Courses Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Convergence: Integrating Physical and IT Security 28:44
28:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDeploying common solutions for physical and IT security is a cost-effective way to reduce risk and save money. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 IT Infrastructure: Tips for Navigating Tough Spots 22:34
22:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganizations occasionally may need to redefine their IT infrastructures - but to succeed, they must be prepared to handle tricky situations. Related Courses Information Security for Technical Staff Advanced Information Security for Technical Staff Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 The Value of De-Identified Personal Data 31:25
31:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs the legal compliance landscape grows increasingly complex, de-identification can help organizations share data more securely. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Adapting to Changing Risk Environments: Operational Resilience 24:45
24:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders need to ensure that their organizations can keep critical business processes and services up and running in the face of the unexpected. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Computer Forensics for Business Leaders: A Primer 16:32
16:32 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:32
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיComputer forensics is often overlooked when planning an incident response strategy; however, it is a critical part of incident response, and business leaders need to understand how to tackle it. Related Courses Computer Forensics for Technical Staff Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 The Real Secrets of Incident Management 21:17
21:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIncident management is not just about technical response. It is a cross-enterprise effort that requires good communication and informed risk management. Related Courses Creating a Computer Security Incident Response Team Managing Computer Security Incident Response Teams Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Listen on Apple Podcasts .…
S
Software Engineering Institute (SEI) Podcast Series
1 The Legal Side of Global Security 25:56
25:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders, including legal counsel, need to understand how to tackle complex security issues for a global enterprise. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 A New Look at the Business of IT Education 17:52
17:52 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:52
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSystem administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Crisis Communications During a Security Incident 13:42
13:42 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:42
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBusiness leaders need to be prepared to communicate with the media and their staff during high-profile security incident or crisis. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Assuring Mission Success in Complex Environments 17:49
17:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAnalysis tools are needed for assessing complex organizational and technological issues that are well beyond traditional approaches. Related Courses Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
A trend toward more and more data disclosure, as seen in online social networks, may be causing users to become desensitized to privacy breaches in general. Listen on Apple Podcasts .
S
Software Engineering Institute (SEI) Podcast Series
1 Building Staff Competence in Security 21:56
21:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיPractical specifications and guidelines now exist that define necessary knowledge, skills, and competencies for staff members in a range of security positions - from practitioners to managers. Listen on Apple Podcasts .
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
Daily Deals
דומה לSoftware Engineering Institute (SEI) Podcast Series
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hosts Ben Brock Johnson and Amory Sivertson dig into the internet's vast and curious ecosystem of online communities to find untold histories, unsolved mysteries, and other jaw-dropping stories online and IRL.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k348
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k35
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: developertea@gmail.com
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
