The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לSoftware Engineering Institute (SEI) Podcast Series
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hosts Ben Brock Johnson and Amory Sivertson dig into the internet's vast and curious ecosystem of online communities to find untold histories, unsolved mysteries, and other jaw-dropping stories online and IRL.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k
348
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k35
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: developertea@gmail.com
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
Daily Deals
פודקאסטים ששווה להאזין
בחסות
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/fried-the-burnout-podcast">FRIED. The Burnout Podcast</a></span>
FRIED: The Burnout Podcast by BurnBOLD™ BurnBOLD™ is the powerhouse matchup of burnout experts Cait Donovan and Sarah Vosen. Together, they host FRIED as part of their mission to #endburnoutculture — with deep, real, and sometimes hilariously practical advice (yes, like #peewhenyouneedtopee). Each week, you’ll hear raw stories, powerful coaching sessions, and practical strategies to help you drop the shame, blame, guilt, and judgment so you can heal from burnout and rebuild your life. Cait works globally as a keynote speaker and workshop leader, helping organizations and associations create burnout-proof cultures. Sarah guides individuals through burnout recovery using her signature UNFRIED process, working one-on-one or in small groups with people all over the world. Wherever you are in your burnout journey, FRIED is here to help you BurnBOLD™ and take your life back. Homepage: https://caitdonovan.com Podcast page: https://caitdonovan.com/fried UNFRIED page: https://caitdonovan.com/unfried
Can DevSecOps Make Developers Happier?
Manage episode 295783158 series 2487640
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Author Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous Deployment of Capability at Carnegie Mellon University’s Software Engineering Institute, relates these components to DevSecOps and summarizes a recent survey affirming that DevSecOps practices do indeed make developers and other stakeholders in their organizations happier.
418 פרקים
שתפו
Manage episode 295783158 series 2487640
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and Members of Technical Staff at the Software Engineering Institute או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Author Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous Deployment of Capability at Carnegie Mellon University’s Software Engineering Institute, relates these components to DevSecOps and summarizes a recent survey affirming that DevSecOps practices do indeed make developers and other stakeholders in their organizations happier.
418 פרקים
כל הפרקים
×
S
Software Engineering Institute (SEI) Podcast Series
1 Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds 25:10
25:10 
הפעל מאוחר יותר 
הפעל מאוחר יותר 
רשימות 
לייק 
אהבתי25:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיContainer images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such as timestamps and external dependencies. Lack of reproducibility can lead to lack of trust, broken builds, and possibly mask hidden malware insertion. Vessel, a recent tool from the Carnegie Mellon University Software Institute (SEI), helps developers identify the difference between two container images to help sort benign from problematic issues. In this SEI Podcast, Kevin Pitstick, a senior software engineer at the SEI and Vessel’s lead developer, and Lihan Zhan, a software engineer at the SEI working on tactical and AI-enabled systems, sit down with Grace Lewis, lead of the Tactical and AI-Enabled Systems (TAS) applied research and development team at the SEI, to discuss the Vessel tool, its development, and application in mission-critical settings.…
S
Software Engineering Institute (SEI) Podcast Series
1 Mitigating Cyber Risk with Secure by Design 32:29
32:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware enables our way of life, but market forces have sidelined security concerns leaving systems vulnerable to attack. Fixing this problem will require the software industry to develop an initial standard for creating software that is secure by design. These are the findings of a recently released paper coauthored by Greg Touhill, director of the Software Engineering Institute (SEI) CERT Division. In this latest SEI podcast, Touhill and Matthew Butkovic, director of Cyber Risk and Resilience at CERT, discuss the paper including its recommendations for making software secure by design.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Magic in the Middle: Evolving Scaled Software Solutions for National Defense 21:25
21:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA January 2025 Defense Innovation Board study on scaling nontraditional defense innovation stated, “We must act swiftly to ensure the DoD leads in global innovation and competition over AI and autonomous systems – and is a trendsetter for their responsible use in modern warfare." In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), chief technical officer Tom Longstaff discusses the SEI’s long-standing work to help the DoD rapidly scale technology including artificial intelligence (AI) and autonomous systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space 44:26
44:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי44:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWarfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SEI) examined the state of DevSecOps within the Department of Defense. In this podcast, Eileen Wrubel, the SEI’s Transforming Software Acquisition Policy and Practice technical director, sits down with George Lamb, director for DoD Cloud and Software Modernization in the Information Enterprise Office of the DoD CIO, which is responsible for the DoD Software Modernization Strategy and its associated implementation plan, and Bill Nichols, lead of the SEI’s Software Engineering Measurement and Analysis work. They discuss DevSecOps successes in the DoD and opportunities for scaling its impact.…
S
Software Engineering Institute (SEI) Podcast Series
Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit down with senior reesearcher Jose Morales to discuss a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition 21:40
21:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA strong cyber defense is vital to public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America’s cybersecurity workforce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) partnered with the SEI to develop and run the President’s Cup Cybersecurity Competition, a national cyber competition that identifies and rewards the best cybersecurity talent in the federal workforce. In six years, more than 8,000 people have taken part in the President’s Cup. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jarrett Booz, technical lead for the President’s Cup, and John DiRicco, a training specialist in the SEI’s CERT Division, sit down with Matthew Butkovic, the CERT technical director of cyber risk and resilience, to reflect on six years of hosting the cup, including challenges, lessons learned, the path forward, and publicly available resources.…
S
Software Engineering Institute (SEI) Podcast Series
1 Updating Risk Assessment in the CERT Secure Coding Standard 26:04
26:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיEvaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C Coding Standard to better harmonize with the current state of the art for static analysis tools as well as simplify the process of source code security auditing. In this SEI podcast, David Svobodaand Joseph Sible, both engineers in CERT’s Applied Systems Group and primary developers and maintainers of the standard, sit down with Robert Schiela, deputy technical director of the Cybersecurity Foundations Directorate in CERT, to discuss the proposed changes, specifically in the area of risk assessment.…
S
Software Engineering Institute (SEI) Podcast Series
1 Delivering Next Generation Cyber Capabilities to the DoD Warfighter 27:16
27:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in the Department of Defense.…
S
Software Engineering Institute (SEI) Podcast Series
1 Getting the Most Out of Your Insider Risk Data with IIDES 39:14
39:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInsider incidents cause around 35 percent of data breaches, creating financial and security risks for organizations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Austin Whisnant and Dan Costa discuss the Insider Incident Data Expression Standard (IIDES), a new schema for collecting and sharing data about insider incidents. IIDES facilitates insider incident information handling to help organizations better protect themselves against the compromise of sensitive information and mission-critical systems, which is essential to maintaining national security and defense.…
S
Software Engineering Institute (SEI) Podcast Series
1 Grace Lewis Outlines Vision for IEEE Computer Society Presidency 18:14
18:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיGrace Lewis , a principal researcher at the Carnegie Mellon University Software Engineering Institute (SEI) and lead of the SEI’s Tactical and AI-Enabled Systems Initiative, was elected the 2026 president of the IEEE Computer Society (CS), the largest community of computer scientists and engineers, with more than 370,000 members around the world. In this SEI podcast, Lewis sits down with Ipek Ozkaya, technical director of Engineering Intelligent Software Systems, to discuss her vision and plans for the IEEE CS presidency.…
S
Software Engineering Institute (SEI) Podcast Series
1 Improving Machine Learning Test and Evaluation with MLTE 29:06
29:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMachine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration Center (AI2C) discuss Machine Learning Test and Evaluation (MLTE), a new tool that provides a process and infrastructure for ML test and evaluation. MLTE can aid organizations across the DoD in more effectively negotiating, documenting, and evaluating model and system qualities.…
S
Software Engineering Institute (SEI) Podcast Series
1 DOD Software Modernization: SEI Impact and Innovation 27:12
27:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and resilience in the SEI CERT Division, SEI director Paul Nielsen outlines the SEI’s work with the DoD on software modernization, including controlling the attack surface, incorporating industry practices such as DevSecOps, and the interplay between software, cybersecurity, and AI.…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing Docker Containers: Techniques, Challenges, and Tools 39:09
39:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיContainerization allows developers to run individual software applications in an isolated, controlled, repeatable way. With the increasing prevalence of cloud computing environments, containers are providing more and more of their underlying architecture. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Sasank Venkata Vishnubhatla and Maxwell Trdina, both engineers in the SEI CERT Division, sit down with Tim Chick, technical manager of the Applied Systems Group, to explore issues surrounding containerization, including recent vulnerabilities.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Introduction to Software Cost Estimation 22:55
22:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Anandi Hira, a data scientist on the SEI’s Software Engineering Measurement and Analysis team sits down with Bill Nichols, principal engineer and SEI data science team lead, to discuss software cost estimation including various metrics, best practices, and common challenges when developing or building a model.…
S
Software Engineering Institute (SEI) Podcast Series
1 Cybersecurity Metrics: Protecting Data and Understanding Threats 27:00
27:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOne of the biggest challenges in collecting cybersecurity metrics is scoping down objectives and determining what kinds of data to gather. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Bill Nichols, who leads the SEI’s Software Engineering Measurements and Analysis Group, discusses the importance of cybersecurity measurement, what kinds of measurements are used in cybersecurity, and what those metrics can tell us about cyber systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Cybersecurity of Quantum Computing: 6 Areas of Research 23:01
23:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיResearch and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT Division, was recently invited to be a participant in the Workshop on Cybersecurity of Quantum Computing , co-sponsored by the National Science Foundation (NSF) and the White House Office of Science and Technology Policy, to examine the emerging field of cybersecurity for quantum computing. In this podcast from the Carnegie Mellon University Software Engineering Institute, Scanlon discusses how to create the discipline of cyber protection of quantum computing and outlines six areas of future research in quantum cybersecurity.…
S
Software Engineering Institute (SEI) Podcast Series
Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be collected. A top-down, deterministic specification of graphs or other depictions of data required by the metrics program can distract participants from the potentially useful information that the metrics reveal and illuminate. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Will Hayes, who leads the Agile Transformation Team, and Patrick Place, a principal engineer on that team, discuss with principal researcher Suzanne Miller, how user stories can help put development in the context of who is using the system and lead to a conversation about why a specific metric is being collected.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Product Manager’s Evolving Role in Software and Systems Development 24:19
24:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle of a successful product. These activities include thoroughly exploring the problem space by talking to users, assessing existing solutions, understanding the competition, and positioning the product to create value for customers. In this podcast from the Carnegie Mellon University Software Engineering Institute, Hwang talks with principal researcher Suzanne Miller about the importance of implementing foundational product management principles in software and systems development and offers resources for audience members who looking to strengthen their Agile product delivery practices.…
S
Software Engineering Institute (SEI) Podcast Series
1 Measuring the Trustworthiness of AI Systems 19:27
19:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate levels of trust, expectations must be managed for what AI can realistically deliver. In this podcast from the SEI’s AI Division, Carol Smith, a senior research scientist specializing in human-machine interaction, joins design researchers Katherine-Marie Robinson and Alex Steiner, to discuss how to measure the trustworthiness of an AI system as well as questions that organizations should ask before determining if it wants to employ a new AI technology.…
S
Software Engineering Institute (SEI) Podcast Series
1 Actionable Data in the DevSecOps Pipeline 31:58
31:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the help of readily available data. As in commercial companies, DoD PMs are accountable for the overall cost, schedule, and performance of a program. The PM’s job is even more complex in large programs with multiple software-development pipelines where cost, schedule, performance, and risk for the products of each pipeline must be considered when making decisions, as well as the interrelationships among products developed on different pipelines. Nichols and Cohen discuss how PMs can collect and transform unprocessed DevSecOps development data into useful program-management information that can guide decisions they must make during program execution. The ability to continuously monitor, analyze, and provide actionable data to the PM from tools in multiple interconnected pipelines of pipelines can help keep the overall program on track.…
S
Software Engineering Institute (SEI) Podcast Series
1 Insider Risk Management in the Post-Pandemic Workplace 47:34
47:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise threat and vulnerability management, and Randy Trzeciak, deputy director of Cyber Risk and Resilience, both with the SEI’s CERT Division, discuss how remote work in the post-pandemic world is changing expectations about employee behavior monitoring and insider risk detection.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Agile Approach to Independent Verification and Validation 31:57
31:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIndependent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Justin Smith, senior Agile transformation leader in the SEI Software Solutions Division, talks with principal researcher Suzanne Miller about how to bring concepts from Lean and Agile software development into the practice of IV&V. Smith describes his experiences at NASA’s Katherine Johnson IV&V Facility as a project manager for the Orion IV&V team. On that project, the developer employed Scaled Agile Framework (SAFe) as their development process, which had challenging consequences for established IV&V practices within NASA IV&V. Smith also discusses the ways in which NASA adapted to this change and describes strategies and tactics for reconciling Agile and IV&V.…
S
Software Engineering Institute (SEI) Podcast Series
1 Zero Trust Architecture: Best Practices Observed in Industry 27:53
27:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיZero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in practice. Recent executive orders have accelerated the timeline for zero trust adoption in the federal sector, and many private-sector organizations are following suit. Researchers in the CERT Division at the Carnegie Mellon University Software Engineering Institute (SEI) hosted Zero Trust Industry Days to enable industry stakeholders to share information about implementing zero trust. In this SEI podcast, CERT researchers Matthew Nicolai and Nathaniel Richmond discuss five zero trust best practices identified during the two-day event, explain their significance, and provide commentary and analysis on ways to empower your organization’s zero trust transformation.…
S
Software Engineering Institute (SEI) Podcast Series
1 Automating Infrastructure as Code with Ansible and Molecule 39:38
39:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles, users must deal with various concerns, including what operating system(s) and version(s) will be supported and whether a single node or a cluster of machines is needed. In this podcast from the Carnegie Mellon University Software Engineering Institute, Matthew Heckathorn, an integration engineer with the SEI’s CERT Division, offers guidance for systems engineers, system administrators, and others on developing Ansible roles and automating infrastructure as code.…
S
Software Engineering Institute (SEI) Podcast Series
1 Identifying and Preventing the Next SolarWinds 46:04
46:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to prevent a recurrence of another major attack on key systems that are in widespread use. Solar Winds is the name of a company that provided software to the U.S. federal government. In late 2020, news surfaced about a cyberattack that had already been underway for several months and that had reportedly compromised 250 government agencies, including the Treasury Department, the State Department, and nuclear research labs. In addition to compromising data, the attack resulted in financial losses of more than $90 million and was probably one of the most dangerous modern attacks on software and software-based businesses and government agencies in the recent past. The SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains. In this podcast, Touhill discusses topics including the need for systems to be secure by design and secure by default, the importance of transparency in the reporting of vulnerabilities and anomalous system behavior, the CERT Acquisition Security Framework, the need to secure data across a wide range of disparate devices and systems, and tactics and strategies for individuals and organizations to safeguard their data and the systems they rely on daily.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Penetration Testing Findings Repository 25:47
25:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that they helped to build. The repository is a source of information for active directory, phishing, mobile technology, systems and services, web applications, and mobile- and wireless-technology weaknesses that could be discovered during a penetration test. The repository is intended to help assessors provide reports to organizations using standardized language and standardized names for findings, and to save assessors time on report generation by having descriptions, standard remediations, and other resources available in the repository for their use. The repository is available at https://github.com/cisagov/pen-testing-findings…
S
Software Engineering Institute (SEI) Podcast Series
1 Understanding Vulnerabilities in the Rust Programming Language 36:45
36:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhile the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there is the possibility of security vulnerabilities–and malicious software that can take advantage of those vulnerabilities. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Garret Wassermann, researchers with the SEI's CERT Division, explore tools for understanding vulnerabilities in Rust whether the original source code is available or not. These tools are important for understanding malicious software where source code is often unavailable, as well as commenting on possible directions in which tools and automated code analysis can improve.…
S
Software Engineering Institute (SEI) Podcast Series
1 We Live in Software: Engineering Societal-Scale Systems 39:31
39:31 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:31
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSocietal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mechanisms for global communication and connect people with unprecedented speed. Despite the numerous benefits of societal-scale systems, these systems are designed to optimize user engagement and scale by using psychology (such as gaming and reward mechanisms) to influence users. Individual users struggle with privacy of their data and bias in these systems, while governments face new threats of misinformation. In this podcast from the Carnegie Mellon University Software Engineering Institute, John Robert and Forrest Shull discuss issues that must be considered when engineering societal-scale systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Secure by Design, Secure by Default 54:05
54:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי54:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work of the SEI and CERT in particular. The SEI has been in the forefront of secure software development, promoting an approach where security weaknesses are addressed, prevented, or eliminated earlier in the software development lifecycle, which not only helps to ensure secure systems, but also saves time and money. Touhill also discusses the CERT strategy in support of SEI sponsors in the U.S. Department of Defense (DoD), the Department of Homeland Security (DHS), and the Cybersecurity Infrastructure Security Agency (CISA) and his vision for the future of cybersecurity and the role of the CERT Division.…
S
Software Engineering Institute (SEI) Podcast Series
1 Key Steps to Integrate Secure by Design into Acquisition and Development 48:50
48:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי48:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSecure by design means performing more security and assurance activities earlier in the product and system lifecycles. A secure-by-design mindset addresses the security of systems during the requirements, design, and development phases of lifecycles rather than waiting until the system is ready for implementation. The need for a secure-by-design mindset is exacerbated by the amount of interconnectedness of today’s systems and the increasing amount of automation that characterizes system development. These trends have led to increased levels of risk and made implementation of security controls during test and patching systems after deployment increasingly unsustainable. In this podcast from the Carnegie Mellon University Software Engineering Institute, Robert Schiela, technical manager of the Secure Coding group, and Carol Woody, a principal researcher in the SEI’s CERT Division, talk with Suzanne Miller about the importance of integrating the practices and mindset of secure by design into the acquisition and development of software-reliant systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 3 Key Elements for Designing Secure Systems 36:28
36:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי36:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTo make secure software by design a reality, engineers must intentionally build security throughout the software development lifecycle. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Timothy A. Chick, technical manager of the Applied Systems Group in the SEI’s CERT Division, discusses building, designing, and operating secure systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Using Role-Playing Scenarios to Identify Bias in LLMs 45:07
45:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי45:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHarmful biases in large language models (LLMs) make AI less trustworthy and secure. Auditing for biases can help identify potential solutions and develop better guardrails to make AI safer. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Katie Robinson and Violet Turri, researchers in the SEI’s AI Division, discuss their recent work using role-playing game scenarios to identify biases in LLMs.…
S
Software Engineering Institute (SEI) Podcast Series
1 Best Practices and Lessons Learned in Standing Up an AISIRT 38:29
38:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn the wake of widespread adoption of artificial intelligence (AI) in critical infrastructure, education, government, and national security entities, adversaries are working to disrupt these systems and attack AI-enabled assets. With nearly four decades in vulnerability management, the Carnegie Mellon University Software Engineering Institute (SEI) recognized a need to create an entity that would identify, research, and identify mitigation strategies for AI vulnerabilities to protect national assets against traditional cybersecurity, adversarial machine learning, and joint cyber-AI attacks. In this SEI podcast, Lauren McIlvenny, director of threat analysis in the SEI’s CERT Division, discusses best practices and lessons learned in standing up an AI Security Incident Response Team (AISIRT).…
S
Software Engineering Institute (SEI) Podcast Series
1 3 API Security Risks (and How to Protect Against Them) 19:28
19:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI CERT Division, discusses three API risks and how to address them through the lens of zero trust.…
S
Software Engineering Institute (SEI) Podcast Series
1 Evaluating Large Language Models for Cybersecurity Tasks: Challenges and Best Practices 43:05
43:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי43:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHow can we effectively use large language models (LLMs) for cybersecurity tasks? In this Carnegie Mellon University Software Engineering Institute podcast, Jeff Gennari and Sam Perl discuss applications for LLMs in cybersecurity, potential challenges, and recommendations for evaluating LLMs.
S
Software Engineering Institute (SEI) Podcast Series
1 Capability-based Planning for Early-Stage Software Development 33:55
33:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCapability-Based Planning (CBP) defines a framework that has an all-encompassing view of existing abilities and future needs for strategically deciding what is needed and how to effectively achieve it. Both business and government acquisition domains use CBP for financial success or to design a well-balanced defense system. The definitions understandably vary across these domains. In this SEI podcast, Anandi Hira, a data scientist, and William R. Nichols, an initiative lead for Software Engineering Measurement and Analysis, introduce CBP and its use and application in software acquisition.…
S
Software Engineering Institute (SEI) Podcast Series
1 Safeguarding Against Recent Vulnerabilities Related to Rust 26:25
26:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhat can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their sources, and how to mitigate them.
S
Software Engineering Institute (SEI) Podcast Series
1 Developing a Global Network of Computer Security Incident Response Teams (CSIRTs) 30:51
30:51 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:51
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James Lord, security operations technical manager, discuss the SEI’s work developing Computer Security Incident Response Teams (CSIRTs) across the globe.…
S
Software Engineering Institute (SEI) Podcast Series
1 Automated Repair of Static Analysis Alerts 27:05
27:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDevelopers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Redemption, a new open source tool from the SEI that automatically repairs common errors in C/C++ code generated from static analysis alerts, making code safer and static analysis less overwhelming.…
S
Software Engineering Institute (SEI) Podcast Series
1 Developing and Using a Software Bill of Materials Framework 37:37
37:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWith the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Woody, principal researcher, and Michael Bandor, a senior software engineer, discuss a Software Bill of Materials (SBOMs) framework to help promote the use of SBOMs and establish a more comprehensive set of practices and processes that organizations can leverage as they build their programs. They also offer guidance for government agencies who are interested in incorporating SBOMs into their work.…
S
Software Engineering Institute (SEI) Podcast Series
1 Using Large Language Models in the National Security Realm 34:45
34:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAt the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower Project at Carnegie Mellon University’s Software Engineering Institute (SEI) from May 2023 through September 2023. The Mayflower Project attempted to answer the following questions: How might the IC set up a baseline, stand-alone LLM? How might the IC customize LLMs for specific intelligence use cases? How might the IC evaluate the trustworthiness of LLMs across use cases? In this SEI Podcast, Shannon Gallagher, AI engineering team lead, and Rachel Dzombak, special advisor to the director of the SEI’s AI Division, discuss the findings and recommendations from the Mayflower Project and provides additional background information about LLMs and how they can be engineered for national security use cases.…
S
Software Engineering Institute (SEI) Podcast Series
1 Atypical Applications of Agile and DevSecOps Principles 33:41
33:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיModern software engineering practices of Agile and DevSecOps have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business mission and capability delivery even though these concerns are critical to the successful delivery of a software product. Through our work with government organizations, we have found that expanding DevSecOps beyond product development enables other teams to increase their capabilities and improve their processes. Agile methodologies are also being used for complex system and hardware developments. In this podcast from the Carnegie Mellon University Software Engineering Institute, Lyndsi Hughes, a senior systems engineer and David Sweeney, an associate software developer, both with the SEI CERT Division, share their experiences leveraging DevSecOps pipelines in atypical situations in support of teams focused on the capability delivery and business mission for their organizations.…
S
Software Engineering Institute (SEI) Podcast Series
1 When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction 35:21
35:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIncreasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations that software program managers must first address. In this podcast, Patrick Place, a senior engineer, and Stephen Wilson, a test engineer, both with the SEI Agile Transformation Team, discuss seven considerations for successful use of Agile and EVM.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Impact of Architecture on Cyber-Physical Systems Safety 34:05
34:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs developers continue to build greater autonomy into cyber-physical systems (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and more precise data, but they require a complex architecture to correctly transfer and process multiple data streams. This increase in complexity comes with additional challenges for functional verification and validation, a greater potential for faults, and a larger attack surface. What’s more, CPSs often cannot distinguish faults from attacks. To address these challenges, researchers from the SEI and Georgia Tech collaborated on an effort to map the problem space and develop proposals for solving the challenges of increasing sensor data in CPSs. In this podcast from the Carnegie Mellon University Software Engineering Institute, Jerome Hugues, a principal researcher in the SEI Software Solutions Division, discusses this collaboration and its larger body of work, Safety Analysis and Fault Detection Isolation and Recovery (SAFIR) Synthesis for Time-Sensitive Cyber-Physical Systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies 46:22
46:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTo better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span multiple domains and call for vastly different capabilities. In this podcast, Matthew Walsh, a senior data scientist in CERT, and Dominic Ross, Multi-Media Design Team lead, discuss their work in developing the four case studies as well as limitations and future uses of ChatGPT.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Exploration of Enterprise Technical Debt 25:56
25:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיLike all technical debt, enterprise technical debt consists of choices expedient in the short term, but often problematic over the long term. In enterprise technical debt, the impact reaches beyond the scope of a single system or project. Because ignoring enterprise technical debt can have significant consequences, software and systems architects should be alert for it, and they should not let it get overlooked or ignored when they come across it. Enterprise technical debt often results in multi-project or organization-wide risks that increase the organization’s cost, efficiency, or security risks. Remediation of enterprise technical debt requires intervention by governance structures whose scope is broader than that of individual teams or projects. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Stephany Bellomo, a principal engineer in the SEI’s Software Solutions Division, talks with principal researcher Suzanne Miller about identifying and remediating enterprise technical debt.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Messy Middle of Large Language Models 33:46
33:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe recent growth of applications that leverage large language models, including ChatGPT and Copilot, has spurred reactions ranging from fear and uncertainty to adoration and lofty expectations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Jay Palat, senior engineer and technical director of AI for mission, and Dr. Rachel Dzombak, senior advisor to the director of the SEI’s AI Division, discuss the current landscape of large language models (LLMs), common misconceptions about LLMs, how to leverage tools built on top of LLMs, and the need for critical thinking around both the outputs of the tools and the trends in their use.…
S
Software Engineering Institute (SEI) Podcast Series
1 An Infrastructure-Focused Framework for Adopting DevSecOps 43:35
43:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי43:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDevSecOps practices, including continuous-integration/continuous-delivery (CI/CD) pipelines, enable organizations to respond to security and reliability events quickly and efficiently and to produce resilient and secure software on a predictable schedule and budget. Despite growing evidence and recognition of the efficacy and value of these practices, the initial implementation and ongoing improvement of the methodology can be challenging. In this podcast from the Carnegie Mellon University Software Engineering Institute, senior engineers Vanessa Jackson and Lyndsi Hughes discuss with principal researcher Suzanne Miller the DevSecOps adoption framework, which guides organizations in the planning and implementation of a roadmap to functional CI/CD pipeline capabilities.…
S
Software Engineering Institute (SEI) Podcast Series
Rust is growing in popularity. Its unique security model promises memory safety and concurrency safety, while providing the performance of C/C++. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Joe Sible, both engineers in the SEI’s CERT Division, talk with principal researcher Suzanne Miller about the Rust programming language and its security-related features. Svoboda and Sible discuss Rust’s compile-time safety guarantees, the kinds of vulnerabilities that Rust fixes and those that it does not, situations in which users would not want to use Rust, and where interested users can go to get more information about the Rust programming language.…
S
Software Engineering Institute (SEI) Podcast Series
1 Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron 51:16
51:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי51:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCoordinated vulnerability disclosure (CVD) begins when at least one individual becomes aware of a vulnerability, but it can’t proceed without the cooperation of many. Software supply chains, software libraries, and component vulnerabilities have evolved in complexity and have become as much a part of the CVD process as vulnerabilities in vendors’ proprietary code. Many CVD cases now require coordination across multiple vendors. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Allen Householder, a senior vulnerability and incident researcher in the SEI’s CERT Division, talks with principal researcher Suzanne Miller about Vultron , a protocol for multi-party coordinated vulnerability disclosure (MPCVD).…
S
Software Engineering Institute (SEI) Podcast Series
1 Asking the Right Questions to Coordinate Security in the Supply Chain 31:11
31:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Carol Woody, a principal researcher in the SEI's CERT Division, talks with Suzanne Miller about the SEI’s newly released Acquisition Security Framework, which helps programs coordinate the management of engineering and supply-chain risks across system components including hardware, network interfaces, software interfaces, and mission capabilities.…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing Open Source Software in the DoD 35:33
35:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Scott Hissam, a researcher within the SEI’s Software Solutions Division who works on software assurance in Department of Defense (DoD) systems, talks with Linda Parker Gates, initiative lead for the SEI’s Software Acquisition Pathways, about the use of free and open-source software (FOSS) in the DoD, building on insights that surfaced in a recent workshop held for producers and consumers of FOSS for DoD systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Model-Based Tool for Designing Safety-Critical Systems 48:43
48:43 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי48:43
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dr. Sam Procter and Lutz Wrage, researchers with the SEI, discuss the Guided Architecture Trade Space Explorer (GATSE), a new SEI-developed model-based tool to help with the design of safety-critical systems. The GATSE tool allows engineers to evaluate more design options in less time than they can now. This prototype language extension and software tool partially automates the process of model-based systems engineering so that systems engineers can rapidly explore combinations of different design options.…
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Developer Velocity and System Security with DevSecOps 32:55
32:55 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:55
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn aiming for correctness and security of product, as well as for development speed, software development teams often face tension in their objectives. During a recent customer engagement that involved the development of a continuous-integration (CI) pipeline, developers wanted to develop features and deploy to production, deferring non-critical bugs as technical debt, whereas cyber engineers wanted compliant software by having the pipeline fail on any security requirement that was not met. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Alejandro Gomez, a researcher in the SEI’s CERT Division who worked on the customer project, talked with principal researcher Suzanne Miller about how the team explored—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Method for Assessing Cloud Adoption Risks 21:47
21:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe shift to a cloud environment provides significant benefits. Cloud resources can be scaled quickly, updated frequently, and widely accessed without geographic limitations. Realizing these benefits, however, requires organizations to manage associated organizational and technical risks. In this podcast from the Carnegie Mellon University Software Engineering Institute, Chris Alberts, principal cybersecurity analyst in the SEI’s CERT Division, discusses with principal researcher Suzanne Miller a prototype set of cloud adoption risk factors and describes a method that managers can employ to assess their cloud initiatives against these risk factors.…
S
Software Engineering Institute (SEI) Podcast Series
1 Software Architecture Patterns for Deployability 29:09
29:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCompetitive pressures in many domains, as well as development paradigms such as Agile and DevSecOps , have led to the increasingly common practice of continuous delivery or continuous deployment where frequent updates to software systems are rapidly and reliably fielded. In today’s systems, releases can occur at any time—possibly hundreds of releases per day—and each can be instigated by a different team within an organization. Being able to release frequently means that bug fixes and security patches do not have to wait until the next scheduled release, but rather can be made and released as soon as a bug is discovered and fixed. It also means that new features can be put into production at any time and don’t have to wait to be bundled into a release. In this podcast, Rick Kazman, an SEI visiting scientist and coauthor of Software Architecture in Practice , talks with principal researcher Suzanne Miller about using patterns for software deployability. These patterns fall into two broad categories: complete replacement of services and canary testing.…
S
Software Engineering Institute (SEI) Podcast Series
1 ML-Driven Decision Making in Realistic Cyber Exercises 48:58
48:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי48:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Thomas Podnar and Dustin Updyke, both senior cybersecurity engineers with the SEI’s CERT Division, discuss their work to apply machine learning to increase the realism of non-player characters (NPCs) in cyber training exercises.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Roadmap for Creating and Using Virtual Prototyping Software 56:30
56:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי56:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Douglass Post and Richard Kendall, authors of "Creating and Using Virtual Prototyping Software: Principles and Practices" discuss with principal researcher Suzanne Miller experiences and insights that they gleaned from applying virtual prototyping in CREATE (Computational Research and Engineering Acquisition Tools and Environments), a multiyear DoD program to develop and deploy software for systems like ships, air vehicles, ground vehicles, and radio-frequency antennas. CREATE enabled engineers and scientists to design these complex systems and to accurately predict their performance.…
S
Software Engineering Institute (SEI) Podcast Series
1 Software Architecture Patterns for Robustness 31:13
31:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, visiting scientist Rick Kazman and principal researcher Suzanne Miller discuss software architecture patterns and the effect that certain architectural patterns have on quality attributes, such as availability and robustness. Kazman also provides examples of mechanisms—such as architectural tactics and patterns—and the effects they have on availability and robustness, especially in cloud-based systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Platform-Independent Model for DevSecOps 23:41
23:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDevSecOps encompasses all the best software engineering principles known today with an emphasis on faster delivery through increased collaboration of all stakeholders resulting in more secure, useable, and higher-quality software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, researchers Tim Chick and Joe Yankel present a DevSecOps Platform-Independent Model (PIM), which uses model based systems engineering (MBSE) to formalize the practices of DevSecOps pipelines and organize relevant guidance. This first-of-its-kind model gives software development enterprises the structure and articulation needed for creating, maintaining, securing, and improving DevSecOps pipelines.…
S
Software Engineering Institute (SEI) Podcast Series
1 Using the Quantum Approximate Optimization Algorithm (QAOA) to Solve Binary-Variable Optimization Problems 27:36
27:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Jason Larkin and Daniel Justice, researchers in the SEI’s AI Division, discuss a paper outlining their efforts to simulate the performance of Quantum Approximate Optimization Algorithm (QAOA) for the Max-Cut problem and compare it with some of the best classical alternatives, for exact, approximate, and heuristic solutions.…
S
Software Engineering Institute (SEI) Podcast Series
To ensure trust, artificial intelligence systems need to be built with fairness, accountability, and transparency at each step of the development cycle. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in human machine interaction, and Dustin Updyke, a senior cybersecurity engineering in the SEI’s CERT Division, discuss the construction of trustworthy AI systems and factors influencing human trust of AI systems.…
S
Software Engineering Institute (SEI) Podcast Series
In this podcast from the Carnegie Mellon University Software Engineering Institute, Shannon Gallagher, a data scientist with SEI’s CERT Division, and Dominic Ross, multimedia team lead for the SEI, discuss deepfakes, their exponential growth in recent years, their increasing technical sophistication, and the problems they pose for individuals and organizations. Gallagher and Ross also discuss the SEI’s recent research in assessing the technology underlying the creation and detection of deepfakes and understanding current and future threat levels.…
S
Software Engineering Institute (SEI) Podcast Series
1 Challenges and Metrics in Digital Engineering 42:18
42:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDigital engineering uses digital tools and representations in the process of developing, sustaining, and maintaining systems, including requirements, design, analysis, implementation, and test. The digital modeling approach is intended to establish an authoritative source of truth for the system, in which discipline-specific views of the system are created using the same model elements. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), William “Bill” Nichols, a senior member of the technical staff with the SEI’s Software Solutions Division, discusses with principal researcher Suzanne Miller the challenges in making the transition from traditional development practices to digital engineering.…
S
Software Engineering Institute (SEI) Podcast Series
1 The 4 Phases of the Zero Trust Journey 34:28
34:28 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:28
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOver the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the federal sector. Private sector organizations are also looking to adopt zero trust to bring their technical infrastructure and processes in line with cybersecurity best practices. Real-world preparation for zero trust, however, has not caught up with existing cybersecurity frameworks and literature. NIST standards have defined the desired outcomes for zero trust transformation, but the implementation process is still relatively undefined. As the nation’s first federally funded research and development center with a clear emphasis on cybersecurity, the Carnegie Mellon University Software Engineering Institute (SEI) is uniquely positioned to bridge the gap between NIST standards and real-world implementation. In this podcast, Tim Morrow and Matthew Nicolai, researchers with the SEI’s CERT Division, have outlined 4 steps that organizations can take to implement and maintain zero trust architecture.…
S
Software Engineering Institute (SEI) Podcast Series
In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Hasan Yasar, technical director, Continuous Deployment of Capability at the SEI, and Jay Palat, interim director of AI for Mission in the SEI’s AI Division, discuss how to engineer AI systems with DevSecOps and explore the relationship between MLOps and DevSecOps.…
S
Software Engineering Institute (SEI) Podcast Series
1 Undiscovered Vulnerabilities: Not Just for Critical Software 35:26
35:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי35:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Jonathan Spring, a senior vulnerability researcher, discusses with Suzanne Miller the findings in a paper he published recently analyzing the number of undiscovered vulnerabilities in information systems. This paper examines the paradigm that the number of undiscovered vulnerabilities is manageably small through the lens of mathematical concepts from the theory of computing.…
S
Software Engineering Institute (SEI) Podcast Series
As the field of artificial intelligence (AI) has matured, increasingly complex opaque models have been developed and deployed to solve hard problems. Unlike many predecessor models, these models, by the nature of their architecture, are harder to understand and oversee. When such models fail or do not behave as expected or hoped, it can be hard for developers and end-users to pinpoint why or determine methods for addressing the problem. Explainable AI (XAI) meets the emerging demands of AI engineering by providing insight into the inner workings of these opaque models. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri and Rachel Dzombak, both with the SEI's AI Division, discuss explainable AI, which encompasses all the techniques that make the decision-making processes of AI systems understandable to humans.…
S
Software Engineering Institute (SEI) Podcast Series
1 Model-Based Systems Engineering Meets DevSecOps 34:10
34:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, senior researchers Jerome Hugues and Joe Yankel discuss ModDevOps, an extension of DevSecOps that embraces model-based systems engineering (MBSE) practices and technology. Hugues and Yankel also discuss how making this integration between DevSecOps and MBSE explicit unlocks both the speed of DevSecOps and the risk reduction of MBSE.…
S
Software Engineering Institute (SEI) Podcast Series
1 Incorporating Supply-Chain Risk and DevSecOps into a Cybersecurity Strategy 31:46
31:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganizations are turning to DevSecOps to produce code faster and at lower cost, but the reality is that much of the code is actually coming from the software supply chain through code libraries, open source, and third-party components where reuse is rampant. The downside is that this reused code contains defects unknown to the new user, which, in turn, propagate vulnerabilities into new systems. This is troubling news in an operational climate already rife with cybersecurity risk. Organizations must develop a cybersecurity engineering strategy for systems that addresses the integration of DevSecOps with the software supply chain. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Carol Woody, a principal researcher in the SEI’s CERT Division, talks with Suzanne Miller about supply-chain issues and the planning needed to integrate software from the supply chain into operational environments. The discussion includes building a cybersecurity engineering strategy for DevSecOps that addresses those supply-chain challenges.…
S
Software Engineering Institute (SEI) Podcast Series
1 Software and Systems Collaboration in the Era of Smart Systems 26:04
26:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), director Paul Nielsen talks with principal researcher Suzanne Miller about how the advent of smart systems has led to a growing need for effective collaboration and cross-pollination between the disciplines of systems engineering and software engineering.…
S
Software Engineering Institute (SEI) Podcast Series
1 Securing the Supply Chain for the Defense Industrial Base 18:37
18:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Gavin Jurecko, who leads the Resilience Diagnostics Team, talks with Katie Stewart about risks associated with the supply chains of the defense industrial base (DIB), and how the SEI works with the U.S. Department of Defense to help secure the DIB supply chain.…
S
Software Engineering Institute (SEI) Podcast Series
1 Building on Ghidra: Tools for Automating Reverse Engineering and Malware Analysis 23:24
23:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jeffrey Gennari, a senior malware reverse engineer, and Garret Wassermann, a vulnerability analyst, both with the SEI’s CERT Division, discuss Kaiju, a series of tools that they have developed that allows for malware analysis and reverse engineering. Kajiu helps analysts take better advantage of Ghidra, the National Security Agency’s reverse-engineering tool.…
S
Software Engineering Institute (SEI) Podcast Series
1 Envisioning the Future of Software Engineering 40:11
40:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Anita Carleton, director of the Software Solutions Division at the SEI, and Forrest Shull, lead for defense software acquisition policy research in the Software Solutions Division of the SEI, discuss the recently published SEI-led study Architecting the Future of Software Engineering: A National Agenda for Software Engineering Research & Development . In creating this multi-year research and development vision and roadmap for engineering next-generation software-reliant systems, the SEI engaged the software engineering community and assembled an advisory board of senior thought leaders across commercial industry, academia, and government, with participation from Microsoft, Google, SpaceX, Lockheed Martin, Boeing, DARPA, and others.…
S
Software Engineering Institute (SEI) Podcast Series
1 Implementing the DoD's Ethical AI Principles 23:17
23:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in Human Machine Interaction, and Alexandrea Van Deusen, an assistant design researcher, both with the SEI’s AI Division, discuss a recent project in which they helped the Defense Innovation Unit (DIU) of the U.S. Department of Defense develop guidelines for responsible use of artificial intelligence (AI), based on the DoD’s Ethical Principles for AI. These guidelines can serve as a guide for organizations in industry and government to implement responsible AI considerations into practice in real-world programs.…
S
Software Engineering Institute (SEI) Podcast Series
1 Walking Fast Into the Future: Evolvable Technical Reference Frameworks for Mixed-Criticality Systems 39:36
39:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Nickolas Guertin, a senior systems engineer with the SEI’s Software Solutions Division, and Douglas Schmidt, associate provost of research at Vanderbilt University and former chief technical officer at the SEI, discuss strategies for creating architectures for large-scale, complex systems that comprise functions with a wide range of requirements. This is one of the most challenging areas in U.S. Department of Defense acquisition, and this approach and the strategies discussed are important to the future of our large systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Software Engineering for Machine Learning: Characterizing and Understanding Mismatch in ML Systems 30:19
30:19 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:19
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMismatches between the perspectives and practices of the roles involved in the development and fielding of ML systems—data scientists, software engineers, and operations personnel—can affect the ability of systems to achieve their intended missions. In this SEI Podcast, Grace Lewis, a principal researcher and lead for the Tactical and AI-Enabled Systems Initiative, and Ipek Ozkaya, technical director of Engineering Intelligent Software Systems, discuss their research into characterizing, codifying, and mitigating such mismatches.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Discussion on Automation with Watts Humphrey Award Winner Rajendra Prasad 37:17
37:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Mike Konrad, a principal researcher in the SEI's Software Solutions Division, talks with 2020 IEEE Computer Society SEI Watts Humphrey Software Quality Award winner Rajendra Prasad of Accenture about automation and how SEI-developed process improvement methods and tools provided the foundation for his leadership role.…
S
Software Engineering Institute (SEI) Podcast Series
1 Enabling Transition From Sustainment to Engineering Within the DoD 31:22
31:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOrganic software sustainment organizations within the Department of Defense are expanding beyond their traditional purview of software maintenance into software engineering and development. Instead of repairing and maintaining legacy software in already deployed systems, software sustainment teams must now shift to designing and implementing new software architectures and code. Unfortunately, many of these sustainment teams are taking on these new responsibilities without proper guidance and an understanding of the people, process, and technology issues that must first be addressed in these new roles. In this podcast, Thomas Evans, a senior software architect at the SEI, and Douglas C. Schmidt, associate provost of research at Vanderbilt University and former chief technical officer at the SEI, discuss the challenges that software sustainment teams face while making this transition and strategies for success.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Silver Thread of Cyber in the Global Supply Chain 26:56
26:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe global supply chain touches every aspect of our lives, from fuel prices to the availability of computer chips and supermarket products. In out latest podcast, Matt Butkovic, technical director of risk and resilience at Carnegie Mellon University’s Software Engineering Institute , discusses with Suzanne Miller the supply chain's silver thread of cyber, specifically how cyber both underpins the cyber supply chain and the broader supply chain. Butkovic’s team recently engaged with the World Economic Forum to create an online transformation map, a set of connected topics defining a specific domain of interest. In this episode, Butkovic also discusses work on this map, the importance of cyber resilience, and how to determine the resilience your organization needs and the resilience it currently possesses.…
S
Software Engineering Institute (SEI) Podcast Series
1 Measuring DevSecOps: The Way Forward 39:32
39:32 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:32
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Bill Nichols and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss DevSecOps metrics with Suzanne Miller. DevSecOps practices, made possible by improvements in underlying technology that automate the development-to-production pipeline, can generate more information about development and operational performance than has ever been readily available before. Nichols and Yasar discuss the ways in which DevSecOps practices yield valuable information about software performance that is likely to lead to innovations in software engineering metrics.…
S
Software Engineering Institute (SEI) Podcast Series
1 Bias in AI: Impact, Challenges, and Opportunities 24:58
24:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Smith, a senior research scientist in human-machine interaction, and Jonathan Spring, a senior vulnerability researcher, discuss the hidden sources of bias in artificial intelligence (AI) systems and how systems developers can raise their awareness of bias, mitigate consequences, and reduce risks.…
S
Software Engineering Institute (SEI) Podcast Series
1 Agile Strategic Planning: Concepts and Methods for Success 29:50
29:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי29:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe rapid pace of change in software development, in business, and in the world has many organizations struggling to execute daily operations, wrangle big projects, and feel confident that there is a long-term strategy at play. Incorporating agile principles into strategic planning and execution is a highly effective way to drive strategy development, strategy execution, data-driven decision making, and results. In this SEI Podcast, Linda Parker Gates, initiative lead, Software Acquisition Pathways, and Suzanne Miller, principal researcher in the SEI’s Software Solutions Division, discuss the principles of Agile Strategic Planning and methods for success.…
S
Software Engineering Institute (SEI) Podcast Series
1 Applying Scientific Methods in Cybersecurity 39:49
39:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Dr. Leigh Metcalf and Dr. Jonathan Spring, both researchers with the Carnegie Mellon University Software Engineering Institute’s CERT Division, discuss the application of scientific methods to cybersecurity. As described in their recently published book, Using Science in Cybersecurity , Metcalf and Spring describe a common-sense approach and practical tools for applying scientific rigor to the field of cybersecurity.…
S
Software Engineering Institute (SEI) Podcast Series
1 Zero Trust Adoption: Benefits, Applications, and Resources 30:25
30:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיZero trust adoption is a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve cybersecurity posture requires the alignment of multiple stakeholders, systems, acquisitions, and exponentially changing technology. This alignment is always a complex undertaking and requires cybersecurity strategy and engineering to succeed. In this SEI Podcast, Geoff Sanders, a senior network defense analyst in the CERT Division at Carnegie Mellon University's Software Engineering Institute, discusses zero trust adoption and its benefits, applications, and available resources.…
S
Software Engineering Institute (SEI) Podcast Series
1 Uncertainty Quantification in Machine Learning: Measuring Confidence in Predictions 31:40
31:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Dr. Eric Heim, a senior machine learning research scientist at Carnegie Mellon University's Software Engineering Institute (SEI), discusses the quantification of uncertainty in machine-learning (ML) systems. ML systems can make wrong predictions and give inaccurate estimates for the uncertainty of their predictions. It can be difficult to predict when their predictions will be wrong. Heim also discusses new techniques to quantify uncertainty, identify causes of uncertainty, and efficiently update ML models to reduce uncertainty in their predictions. The work of Heim and colleagues at the SEI Emerging Technology Center closes the gap between the scientific and mathematical advances from the ML research community and the practitioners who use the systems in real-life contexts, such as software engineers, software developers, data scientists, and system developers.…
S
Software Engineering Institute (SEI) Podcast Series
1 11 Rules for Ensuring a Security Model with AADL and Bell–LaPadula
48:05
48:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי48:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Aaron Greenhouse, a senior architecture researcher with Carnegie Mellon University’s Software Engineering Institute, talks with principal researcher Suzanne Miller about use of the Bell–LaPadula mathematical security model in concert with the Architecture Analysis and Design Language (AADL) to model and validate confidentiality. Greenhouse and Miller also discuss 11 analysis rules that must be enforced over an AADL instance to ensure the consistency of a security model. Mapping Bell–LaPadula to AADL allows the expression of key concepts within the AADL model so that they can be analyzed automatically.…
S
Software Engineering Institute (SEI) Podcast Series
1 Benefits and Challenges of Model-Based Systems Engineering 33:10
33:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיNataliya (Natasha) Shevchenko and Mary Popeck, both senior researchers in the CERT Division at Carnegie Mellon University’s Software Engineering Institute, discuss the use of model-based systems engineering (MBSE), which, in contrast to document-centric engineering, puts models at the center of system design. MBSE is used to support the requirements, design, analysis, verification, and validation associated with the development of complex systems.…
S
Software Engineering Institute (SEI) Podcast Series
1 Can DevSecOps Make Developers Happier? 41:17
41:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAuthor Daniel H. Pink recently examined the factors that lead to job satisfaction among knowledge workers and summarized them in three components: autonomy, skill mastery, and purpose. In this SEI Podcast, Hasan Yasar, technical director of Continuous Deployment of Capability at Carnegie Mellon University’s Software Engineering Institute, relates these components to DevSecOps and summarizes a recent survey affirming that DevSecOps practices do indeed make developers and other stakeholders in their organizations happier.…
S
Software Engineering Institute (SEI) Podcast Series
1 Is Your Organization Ready for AI? 30:20
30:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, digital transformation lead Dr. Rachel Dzombak and research scientist Carol Smith, both with the SEI’s Emerging Technology Center at Carnegie Mellon University, discuss how AI Engineering can support organizations to implement AI systems. The conversation covers the steps that organizations need to take (as well as the hard conversations that need to occur) before they are AI ready.…
S
Software Engineering Institute (SEI) Podcast Series
1 A Stakeholder-Specific Approach to Vulnerability Management 37:11
37:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי37:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיMany organizations use the Common Vulnerability Scoring System (CVSS) to prioritize actions during vulnerability management. This podcast—which highlights the latest work in prioritizing actions during vulnerability management—presents a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that avoids some problems with CVSS. SSVC takes the form of decision trees for different vulnerability management communities. During this podcast, CERT vulnerability researchers Eric Hatleback, Allen Householder, and Jonathan Spring discuss SSVC and also take audience members through a sample scoring vulnerability.…
S
Software Engineering Institute (SEI) Podcast Series
The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 5 process maturity requirements, which are standardizing and optimizing a documented approach for CMMC.…
S
Software Engineering Institute (SEI) Podcast Series
1 Reviewing and Measuring Activities for Effectiveness in CMMC Level 4 13:13
13:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss reviewing and communicating CMMC activities and measuring those activities for effectiveness, which are requirements of Level 4 of the model.…
S
Software Engineering Institute (SEI) Podcast Series
1 Situational Awareness for Cybersecurity: Beyond the Network 25:35
25:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי25:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSituational awareness makes it possible to get relevant information from across an organization, to integrate that information, and to disseminate it to help leaders make more informed decisions. In this SEI Podcast, Angela Horneman and Timothy Morrow, researchers in the SEI's CERT Division, discuss the importance of looking beyond the network to acquire situational awareness for cybersecurity.…
S
Software Engineering Institute (SEI) Podcast Series
1 Quantum Computing: The Quantum Advantage 30:34
30:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhile actual quantum computers are available from several different companies, we are currently in the Noisy Intermediate-Scale Quantum (NISQ) era. Working in the NISQ era presents a number of challenges, and the SEI is working to use NISQ devices not only to solve specific mission applications for the Department of Defense, but also to help determine when they will demonstrate so-called quantum advantage: a quantum computer solving a problem of practical interest faster than a classical computer. In this episode, the latest from the SEI Podcast Series , Dr. Jason Larkin, a researcher in the SEI's Emerging Technology Center, discusses the challenges of working in the NISQ era and the work that the SEI is doing in this area. Dr. Larkin also provides a list of resources in quantum computing.…
S
Software Engineering Institute (SEI) Podcast Series
The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss how assessed DIB organizations are scored according to the model.…
S
Software Engineering Institute (SEI) Podcast Series
1 Developing an Effective CMMC Policy 10:25
10:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי10:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, present guidelines for developing an effective CMMC policy.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Future of Cyber: Educating the Cybersecurity Workforce 28:10
28:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe culture of computers and information technology changes quickly. The Future of Cyber Podcast series explores the future of cyber and whether we can use the innovations of the past to address the problems of the future. In our latest episode, Bobbie Stempfley, director of the SEI’s CERT Division, interviews Dr. Diana Burley, executive director and chair of the Institute for Information Infrastructure Protection, or I3P, and vice provost for research at American University. Their discussion focused on educating the cybersecurity workforce in a way that closes the gap between what students are taught in school and the skills they’ll need to use in the workplace.…
S
Software Engineering Institute (SEI) Podcast Series
The Cybersecurity Maturity Model Certification (CMMC) 1.0 for the Defense Industrial Base (DIB) defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss process documentation, a Level 2 requirement.…
S
Software Engineering Institute (SEI) Podcast Series
Software development is shifting to incremental delivery to meet the demand for software quicker and at lower costs. With the current cyber threat climate, the demand for cybersecurity is growing but existing compliance processes focus on a completed product and do not support incremental delivery. Cybersecurity must be carefully woven into each increment deliver results with sufficient security and quality. Previous SEI research has shown that improved quality results in improved cybersecurity. In this SEI Podcast, Dr. Carol Woody and Will Hayes discuss an approach that allows organizations to integrate cybersecurity into the agile pipeline.…
S
Software Engineering Institute (SEI) Podcast Series
1 CMMC Levels 1-3: Going Beyond NIST SP-171 12:56
12:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from Defense Industrial Base (DIB) entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all the CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss CMMC Levels 1-3 and what steps organizations need to take to move beyond NIST 800-171.…
S
Software Engineering Institute (SEI) Podcast Series
1 The Future of Cyber: Secure Coding 41:16
41:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיFor more than 30 years, the cybersecurity community has worked to increase the effectiveness of our cybersecurity and resilience efforts. Today we face an explosion of devices, the pervasiveness of software, the threat of adversarial capability, and the dependence of national capabilities on the cyber domain. These challenges demand that we think about how to achieve the future we need, which is the subject of a new series of podcasts, The Future of Cyber. In this episode, Bobbie Stempfley, director of the CERT Division of the SEI, explores the future of secure coding with Steve Lipner, the executive director of SAFECode and former director of software security at Microsoft, where he created Microsoft’s Security Development Lifecycle.…
S
Software Engineering Institute (SEI) Podcast Series
1 Challenges to Implementing DevOps in Highly Regulated Environments 38:42
38:42 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:42
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI podcast, Hasan Yasar and Jose Morales discuss challenges to implementing DevOps in highly regulated environments (HREs), exploring issues such as environment parity, the approval process, and compliance. This podcast is the second to explore DevOps in HREs.
S
Software Engineering Institute (SEI) Podcast Series
The culture of computers and information technology evolves quickly. In this environment, how can we build a culture of security through regulations and best practices when technology can move so much faster than legislative bodies? The Future of Cyber Podcast Series explores whether we can use the innovations of the past to address the problems of the future. In this SEI Podcast, David Hickton, founding director of the University of Pittsburgh Institute for Cyber Law, Policy, and Security, sits down with Bobbie Stempfley, director of the SEI’s CERT Division, to talk about the future of cybercrime.…
S
Software Engineering Institute (SEI) Podcast Series
Artificially intelligent (AI) systems hold great promise to empower us with knowledge and enhance human effectiveness. As a senior research scientist in human-machine interaction at the Software Engineering Institute's Emerging Technology Center, Carol Smith works to further understand how humans and machines can better collaborate to solve important problems and also understand our responsibilities and how that work continues once AI systems are operational. In this podcast, Smith discusses a framework that builds upon the importance of diverse teams and ethical standards to ensure that AI systems are trustworthy and able to effectively augment warfighters.…
S
Software Engineering Institute (SEI) Podcast Series
1 Managing Vulnerabilities in Machine Learning and Artificial Intelligence Systems 40:59
40:59 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי40:59
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe robustness and security of artificial intelligence, and specifically machine learning (ML), is of vital importance. Yet, ML systems are vulnerable to adversarial attacks. These can range from an attacker attempting to make the ML system learn the wrong thing (data poisoning), do the wrong thing (evasion attacks), or reveal the wrong thing (model inversion). Although there are several efforts to provide detailed taxonomies of the kinds of attacks that can be launched against a machine learning system, none are organized around operational concerns. In this podcast, Jonathan Spring, Nathan VanHoudnos, and Allen Householder, all researchers at the Carnegie Mellon University Software Engineering Institute, discuss the management of vulnerabilities in ML systems as well as the Adversarial ML Threat Matrix, which aims to close this gap between academic taxonomies and operational concerns.…
S
Software Engineering Institute (SEI) Podcast Series
In this SEI Podcast, Rachel Dzombak and Jay Palat discuss growth in the field of artificial intelligence (AI) and how organizations can hire and train staff to take advantage of the opportunities afforded by AI and machine learning—and the critical need for an AI engineering discipline to grow the AI workforce.…
S
Software Engineering Institute (SEI) Podcast Series
DevSecOps is a set of principles and practices that provide faster delivery of secure software capabilities by improving the collaboration and communication between software development teams, IT operations, and security staff within an organization, as well as with acquirers, suppliers, and other stakeholders in the life of a software system. In this SEI podcast, Hasan Yasar, technical director of the Continuous Deployment of Capability group in the Software Solutions Division of the SEI, discusses the transition from DevOps to DevSecOps.…
S
Software Engineering Institute (SEI) Podcast Series
1 Mission-Based Prioritization: A New Method for Prioritizing Agile Backlogs 13:18
13:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Keith Korzec discusses the Mission-Based Prioritization method for prioritizing Agile backlogs. This method overcomes the shortcomings of prioritization based on “weighted shortest job first” and utilizes objective, mission-focused criteria while allowing ongoing re-prioritization to be conducted with minimal overhead.…
S
Software Engineering Institute (SEI) Podcast Series
1 Digital Engineering and DevSecOps 30:45
30:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDigital engineering is an integrated digital approach that uses authoritative sources of systems data and models as a continuum across disciplines to support lifecycle activities from concept through disposal. With digital engineering, models are developed for everything, not just for software, but for all components of a system of systems, hardware and software. The models and associated data are stored in a singular repository of knowledge and are the single source that is used by all contractors and everyone working on the project. In this SEI Podcast, David Shepard, a researcher with the Carnegie Mellon University Software Engineering Institute, discusses digital engineering and its relationship with DevSecOps.…
S
Software Engineering Institute (SEI) Podcast Series
1 A 10-Step Framework for Managing Risk 30:31
30:31 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:31
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיBrett Tucker, a technical manager for cyber risk in the SEI CERT Division, discusses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for the Enterprise (OCTAVE FORTE) Model, which helps organizations evaluate security risks and use principles of enterprise risk management to bridge the gap between executives and practitioners. In this SEI Podcast, Tucker outlines OCTAVE FORTE's 10-step framework to guide organizations in managing risk.…
S
Software Engineering Institute (SEI) Podcast Series
1 7 Steps to Engineer Security into Ongoing and Future Container Adoption Efforts 20:23
20:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIf organizations take more steps to address security-related activities now, they will be less likely to encounter security incidents in the future. When it comes to application containers, security is achieved through adopting a series of best practices and guidelines. In this SEI Podcast, Tom Scanlon and Richard Laughlin, researchers with the SEI's CERT Division, discuss seven steps that developers can take to engineer security into ongoing and future container adoption efforts.…
S
Software Engineering Institute (SEI) Podcast Series
1 Ransomware: Evolution, Rise, and Response 32:50
32:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this SEI Podcast, Marisa Midler and Tim Shimeall, network defense analysts within the SEI's CERT Division, discuss the growing problem of ransomware including the rise of ransomware as a service threats. Ransom payments from Quarter 3 of 2019 were on average $42,000, and in Quarter 1 of 2020, that average increased $70,000 to $112,000. The volume of attacks also increased by 25 percent in Quarter 4 of 2019 and by another 25 percent in Quarter 1 of 2020. The sophistication of the attacks has increased alongside their severity. Midler and Shimeall discuss steps and strategies that organizations can adopt to minimize their exposure to the risks and threats associated with ransomware.…
S
Software Engineering Institute (SEI) Podcast Series
1 VINCE: A Software Vulnerability Coordination Platform 38:14
38:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSoftware vulnerability coordination at the CERT Coordination Center (CERT/CC) has traditionally relied on a hub-and-spoke model, with reports submitted to analysts at the CERT/CC analysts who would then work with contact affected vendors. To scale communications and increase the level of collaboration between vulnerability reporters, coordinators, and software vendors, the CERT/CC team has created a web-based platform for software vulnerability reporting and coordination called the Vulnerability Information and Coordination Environment (VINCE). In this SEI Podcast, Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI’s CERT Division, discuss the rollout of VINCE, how to use it, and future work in vulnerability coordination.…
S
Software Engineering Institute (SEI) Podcast Series
1 Work From Home: Threats, Vulnerabilities, and Strategies for Protecting Your Network
46:17
46:17 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי46:17
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe COVID-19 pandemic has forced significant changes in enterprise work practices, including an increased use of telecommunications technologies required by the new work-from-home policies that most organizations have instituted in response. In this podcast, Phil Groce, a senior network defense analyst in the CERT Division of the Carnegie Mellon University Software Engineering Institute, discusses the security implications of this dramatic increase in the number of people in organizations who are working from home, examines the threats and vulnerabilities associated with the increase in remote work, and offers practical solutions to individuals and enterprises for operating securely in this new environment.…
S
Software Engineering Institute (SEI) Podcast Series
The Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, researchers at the Carnegie Mellon University Software Engineering Institute and architects of the model, discuss the CMMC assessment guides, how they were developed, and how they can be used.…
S
Software Engineering Institute (SEI) Podcast Series
1 The CMMC Level 3 Assessment Guide: A Closer Look 13:45
13:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model and researchers at Carnegie Mellon University's Software Engineering Institute, discuss the Level 3 Assessment Guide for the CMMC and how it differs from the Level 1 Assessment Guide.…
S
Software Engineering Institute (SEI) Podcast Series
1 The CMMC Level 1 Assessment Guide: A Closer Look 20:37
20:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Cybersecurity Maturity Model Certification (CMMC) 1.0 for Defense Industrial Base (DIB) suppliers defines specific cybersecurity practices across five levels of maturity while also measuring the degree to which those practices are institutionalized within an organization. The CMMC model draws on maturity processes and cybersecurity best practices from multiple standards, including the National Institute of Standards and Technology (NIST) frameworks and references, as well as input from DIB entities and the Department of Defense. CMMC requires that DIB organizations complete an assessment of all CMMC practices at a particular level and become certified by a CMMC third-party assessment organization. When fully implemented, CMMC will require all DIB companies to achieve certification at one of the five CMMC levels, which includes both technical security practices and maturity processes. In this SEI Podcast, Andrew Hoover and Katie Stewart, architects of the CMMC model, discuss the Level 1 Assessment Guide for the CMMC.…
S
Software Engineering Institute (SEI) Podcast Series
1 Achieving Continuous Authority to Operate (ATO) 33:29
33:29 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי33:29
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAuthority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.…
S
Software Engineering Institute (SEI) Podcast Series
1 Challenging the Myth of the 10x Programmer 16:51
16:51 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:51
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA pervasive belief in software engineering is that some programmers are much, much better than others (the times-10, or 10x, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organizations’ success or failure. Bill Nichols, a researcher with the Carnegie Mellon University Software Engineering Institute, recently examined the veracity and relevance of this widely held notion. Using data from a study conducted at the SEI, Nichols found evidence that not only challenges the idea that some programmers are inherently far more skilled or productive than others but that the truth if far more nuanced.…
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
Daily Deals
Daily Deals
דומה לSoftware Engineering Institute (SEI) Podcast Series
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hosts Ben Brock Johnson and Amory Sivertson dig into the internet's vast and curious ecosystem of online communities to find untold histories, unsolved mysteries, and other jaw-dropping stories online and IRL.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k348
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
T
There’s a Better Way: Smart Talk on Healthcare and Technology
1
There’s a Better Way: Smart Talk on Healthcare and Technology
Surescripts
12k35
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
WSJ’s Bold Names brings you conversations with the leaders of the bold-named companies featured in the pages of The Wall Street Journal. Hosts Tim Higgins and Christopher Mims speak to CEOs and business leaders in interviews that challenge conventional wisdom and take you inside the decisions being made in the C-suite and beyond.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 17 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell, engineering leader with over 15 years of industry experience. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Email: developertea@gmail.com
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
