Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לSoftware Engineering Institute (SEI) Webcast Series
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
A podcast about web design and development.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Big tech is transforming every aspect of our world. But how, and at what cost? This season of Land of the Giants – The Disney Dilemma – focuses on Disney’s ability to weather the ups and downs of the business cycle and changing tastes and explores what has kept it successful for over 100 years. The entertainment giant has leveraged nostalgia and its intellectual property to build a beloved brand, but after an acquisition spree that included Marvel, Lucasfilm, and 20th Century Fox, can it sus ...
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
Daily Deals
Leveraging Software Bill of Materials Practices for Risk Reduction
Manage episode 376298089 series 1264075
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of leading practices for building an SBOM and using it to support risk reduction.
The SEI SBOM Framework provides a roadmap for managing vulnerabilities and risks in third-party software, including commercial-off-the-shelf (COTS) software, government-off-the-shelf (GOTS) software, and open-source software (OSS). A set of use cases informed the identification of SBOM practices, including building an SBOM and using it to manage risks to software intensive systems. These foundational practices were augmented using key security management concepts, such as the need to address requirements, planning and preparation, infrastructure, and organizational support. In this webcast, Charles Wallen, Carol Woody, and Michael Bandor discuss how organizations can connect SBOMs to acquisition and development to support improved system and software assurance.
164 פרקים
שתפו
Manage episode 376298089 series 1264075
תוכן מסופק על ידי Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Carnegie Mellon University Software Engineering Institute and SEI Members of Technical Staff או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of leading practices for building an SBOM and using it to support risk reduction.
The SEI SBOM Framework provides a roadmap for managing vulnerabilities and risks in third-party software, including commercial-off-the-shelf (COTS) software, government-off-the-shelf (GOTS) software, and open-source software (OSS). A set of use cases informed the identification of SBOM practices, including building an SBOM and using it to manage risks to software intensive systems. These foundational practices were augmented using key security management concepts, such as the need to address requirements, planning and preparation, infrastructure, and organizational support. In this webcast, Charles Wallen, Carol Woody, and Michael Bandor discuss how organizations can connect SBOMs to acquisition and development to support improved system and software assurance.
164 פרקים
כל הפרקים
×
S
Software Engineering Institute (SEI) Webcast Series
1 I Spy with My Hacker Eye: How Hackers Use Public Info to Crack Your Creds 57:16
57:16 
הפעל מאוחר יותר 
הפעל מאוחר יותר 
רשימות 
לייק 
אהבתי57:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDid you know there are 500 million tweets per day? 3 billion monthly active Facebook users? 1 billion LinkedIn members? Are you one of them? In this webcast, Destiney Marie Plaza reveals how a hacker can use seemingly benign public information to customize an attack on a victim by showing a scenario-based attack and demo (using free and open-source tools). Additionally, you will learn how hackers can gather information about you, common mistakes that put your information at risk, and how to protect yourself. What Attendees Will Learn: how to use open-source tools used to crack passwords, along with a methodology for how hackers may gain access to your accounts what makes a strong password and how such passwords can stave off automated cracking tools how a hacker sees you, so that you can take appropriate steps to protect yourself…
S
Software Engineering Institute (SEI) Webcast Series
1 A New Performance Zone for Software for National Security 1:02:23
1:02:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:02:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיToday, we have seen our national security organizations working to adopt modern software practices, particularly Agile methods and DevSecOps practices, efforts challenged by a mismatch of tempos between operational needs and development processes. The newly mandated Software Acquisition Pathway helps to align those tempos. However, to sustain a competitive advantage through software, we need to see our defense organizations recall and reapply disciplined engineering practices. What Attendees Will Learn: An assessment of current efforts to adopt modern software practices Why and where the pace of adoption faces challenges Characteristics of the needed new level of performance…
S
Software Engineering Institute (SEI) Webcast Series
1 Identifying and Mitigating Cyber Risk 47:33
47:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי47:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAn organization’s cyber risk management practices must be rooted in organizational goals to be truly effective. In this webcast, Matt Butkovic, Greg Crabbe and Beth-Anne Bygum explore how best to align business and resilience objectives.
S
Software Engineering Institute (SEI) Webcast Series
1 Cyber Maturity Model Certification (CMMC): Protecting the Nation’s Defense Industrial Base 28:02
28:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Defense Industrial Base (DIB) is a core element of the national security ecosystem. This point of intersection between private industry and the Department of Defense is a perpetual target for the Nation’s adversaries. In this Intersect, Matthew Butkovic and John Haller explore the development, and implementation, of the Cyber Maturity Model Certification (CMMC) as a means to better protect the DIB.…
S
Software Engineering Institute (SEI) Webcast Series
1 Threat Hunting: What Should Keep All of Us Up at Night 57:09
57:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי57:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWhen it comes to recognizing threats, cybersecurity professionals may become distracted by big promises or ignore some obvious inspections. New claims made by the latest and greatest new apps draw attention away from network situational awareness best practices—like a dog distracted when it spots a squirrel. We also may deviate from making routine inspections that point toward further investigation—overlooking obvious needs right under our noses. Either becoming distracted or missing obvious inspections can cause us not to detect threats. What Attendees Will Learn: • The distinction between anomalies and threats • Steps to analyze data to detect a threat • The benefits of completing work on one threat…
S
Software Engineering Institute (SEI) Webcast Series
1 Can a Cybersecurity Parametric Cost Model be Developed? 56:25
56:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי56:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCan a cybersecurity parametric cost estimation model be developed? Every Department of Defense (DoD) program needs to account for, credibly estimate, budget/plan for, and assess the performance of its cybersecurity activities. Creating a cybersecurity parametric model would allow DoD programs to reliably estimate the effort and cost of cybersecurity activities, estimate an overall cybersecurity cost for a program, and obtain a defined and normalized set of cybersecurity data. In this webcast, Christopher Miller shares insights from a Carnegie Mellon University Software Engineering Institute study on cybersecurity cost estimating that can help national security organizations successfully deploy parametric cost modeling. What Attendees Will Learn: • a proposed work breakdown structure identifying cybersecurity-related activities and cost items, and existing descriptions of secure coding practices and levels of rigor for those practices based on data availability • an approach to develop a cybersecurity parametric cost model • a methodology to develop the cost model…
S
Software Engineering Institute (SEI) Webcast Series
1 Elements of Effective Communications for Cybersecurity Teams 34:00
34:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי34:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCommunications, both in times of crisis and during normal operations, are essential to the overall success and sustainability of an incident response or security operations team. How you plan for and manage these communications and how they are received and actioned by your audience will influence your trustworthiness, reputation, and ultimately your ability to perform incident management services effectively. This webcast leverages the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Forum of Incident Response and Security Teams (FIRST) CSIRT Services Framework to present communications responsibilities as part of both the standard incident management lifecycle and as an integral piece of crisis management support. What Attendees Will Learn: • various communication types or mechanisms for normal and crisis situations • foundational aspects of managing communications with constituents, the public, and the media • building blocks for an effective communications plan…
S
Software Engineering Institute (SEI) Webcast Series
1 Operational Resilience Fundamentals: Building Blocks of a Survivable Enterprise 52:07
52:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי52:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיSurviving disruptive cyber events requires a specific form of planning. One must strike a balance between defending against threats (e.g., managing conditions) and effectively handling the effects of disruption (e.g., managing consequences). Employing a model (such as the CERT Resilience Management Model) provides a catalog of practices and a system of measurement. Focusing on key attributes of performance permits a level of prediction not possible with a basic checklist. In this webcast, Greg Crabbe and Matt Butkovic share their experiences in establishing and maintaining operational resilience programs. What Attendees Will Learn: • how to link mission outcome with asset resilience • how managing for security differs from managing for resilience • how to apply a capability maturity model to the challenge • how to begin analyzing requirements and constructing an operational resilience management program…
S
Software Engineering Institute (SEI) Webcast Series
1 Cybersecurity Priorities in 2025 32:21
32:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי32:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיChief Information Security Officers (CISOs) perpetually navigate a dynamic set of challenges. Applying focus and aligning resources is imperative for success. In this Intersect, Matthew Butkovic and Gregory Touhill, reflect on 2024 and explore the topics that should be front of mind for CISOs in 2025. They provide insights and advice for those contemplating cybersecurity priorities.…
S
Software Engineering Institute (SEI) Webcast Series
1 Understanding the Need for Cyber Resilience: A Conversation with Ray Umerley 53:02
53:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי53:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיNo organization can comprehensively avoid disruptive cyber events. All must strive to maintain operational resilience during times of organizational stress. Ransomware incidents create disruption that can be fatal to the unprepared. In this webcast, we explore how to maintain operational resilience during a ransomware incident. Experts with varied backgrounds provide practical advice for improving your resilience and survivability. What attendees will learn: • best practices for ransomware response • moving beyond security and planning for resilience • pitfalls to avoid in the planning and response processes…
S
Software Engineering Institute (SEI) Webcast Series
1 Exploring the Fundamentals of Counter AI 27:57
27:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs the strategic importance of AI increases, so too does the importance of defending those AI systems. To understand AI defense, it is necessary to understand AI offense—that is, counter AI. In this session, Matthew Butkovic, CISA, CISSP, technical director for risk and resilience, and Nathan VanHoudnos, senior machine learning researcher explore the fundamentals of counter AI.…
S
Software Engineering Institute (SEI) Webcast Series
1 Cyber Challenges in Health Care: Managing for Operational Resilience 53:37
53:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי53:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHealth-care organizations are seemingly besieged by a complex set of cyber threats. The consequences of disruptive cyber events in health care are in many ways uniquely troubling. Health-care organizations often face these challenges with modest resources. In this webcast, Matthew Butkovic and Darrell Keeling will explore approaches to maximize return on cybersecurity investment in the health-care context. This will include applying fundamental measures of operational resilience. What Attendees Will Learn: How to yield maximum return on cybersecurity investment in health care How to shift thinking from cybersecurity to operational resilience How to employ free or low-cost cybersecurity resources in the health-care context…
S
Software Engineering Institute (SEI) Webcast Series
1 Independent Verification and Validation for Agile Projects 1:02:23
1:02:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:02:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTraditionally, independent verification and validation (IV&V) is performed by an independent team throughout a program’s milestones or once the software is formally delivered. This approach allows the IV&V team to provide input at the various milestone gates. As more programs move to an Agile approach, those milestones aren’t as clearly defined since requirements, design, implementation, and testing all happen iteratively, sometimes over years of development. In this new paradigm, IV&V teams are struggling to figure out how to add value to the program earlier in the lifecycle by getting in phase with development. This webcast will highlight a novel approach to providing IV&V for projects using an Agile or iterative software development. What Attendees Will Learn: What adopting an Agile mindset for IV&V could look like How focusing on capabilities and using a risk-based perspective could help drive planning for your team Techniques to help the IV&V team get more in phase with the developer while remaining independent…
S
Software Engineering Institute (SEI) Webcast Series
1 Generative AI and Software Engineering Education 1:02:05
1:02:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:02:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWithin a very short amount of time, the productivity and creativity improvements envisioned by generative artificial intelligence (AI), such as using tools based on large language models (LLMs), have taken the software engineering community by storm. The industry is in a race to develop your next best software development tool. Organizations are perplexed by trying to find the right balance between staying ahead in the race and protecting their data and systems from potential risks presented by using generative AI as part of their software development tool chain. There are haters, evangelists, and everything in between. Software engineering education and educators have a special role. No matter how they perceive the opportunities and challenges of generative AI approaches, software engineering educators are going through a watershed moment that will change how they educate the next generation of software engineers. In this webcast, three experts in software engineering will discuss how generative AI is influencing software engineering education and how to balance key skills development with incorporating generative AI into software engineering curricula. What Attendees Will Learn: • how software engineering education is challenged by the increasing popularity of generative AI tools • how software engineering educators can take advantage of generative AI tools • what fundamental skills will be critical to teach to software engineering students in the era of generative AI…
S
Software Engineering Institute (SEI) Webcast Series
1 Secure Systems Don’t Happen by Accident 59:08
59:08 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי59:08
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיTraditionally, cybersecurity has focused on finding and removing vulnerabilities. This is like driving backward down the highway using your rearview mirror. Most breaches are due to defects in design or code; thus, the only way to truly address the issue is to design and build more secure solutions. In this webcast, Tim Chick discusses how security is an integral aspect of the entire software lifecycle as a result of following deliberate engineering practices focused on reducing security risks through the use of software assurance techniques. What Attendees Will Learn: • The importance of cybersecurity and examples of when security has failed • Qualities to look at when evaluating third-party software • The relationship between quality and security • Engineering techniques used throughout the development lifecycle to reduce cyber risks…
S
Software Engineering Institute (SEI) Webcast Series
1 Can You Rely on Your AI? Applying the AIR Tool to Improve Classifier Performance 38:50
38:50 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:50
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיModern analytic methods, including artificial intelligence (AI) and machine learning (ML) classifiers, depend on correlations; however, such approaches fail to account for confounding in the data, which prevents accurate modeling of cause and effect and often leads to prediction bias. The Software Engineering Institute (SEI) has developed a new AI Robustness (AIR) tool that allows users to gauge AI and ML classifier performance with unprecedented confidence. This project is sponsored by the Office of the Under Secretary of Defense for Research and Engineering to transition use of our AIR tool to AI users across the Department of Defense. During the webcast, the research team will hold a panel discussion on the AIR tool and discuss opportunities for collaboration. Our team efforts focus strongly on transition and provide guidance, training, and software that put our transition collaborators on a path to successful adoption of this technology to meet their AI/ML evaluation needs. What Attendees Will Learn: • How AIR adds analytical capability that didn’t previously exist, enabling an analysis to characterize and measure the overall accuracy of the AI as the underlying environment changes • Examples of the AIR process and results from causal discovery to causal identification to causal inference • Opportunities for partnership and collaboration…
S
Software Engineering Institute (SEI) Webcast Series
1 Using a Scenario to Reason About Implementing a Zero Trust Strategy 1:02:22
1:02:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:02:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThere is a lot of documentation about a zero trust architecture, as well as directives that it be used for U.S. federal agencies and the Department of Defense (DoD), but little information on how to go about implementing it to improve an organization’s enterprise or DoD weapon system security. Use cases typically describe requirements for these systems, but they do not provide the contextual awareness that organizations need to help them create a prioritized roadmap to implement zero trust. In this webcast, Tim Morrow, Rhonda Brown, and Elias Miller discuss an approach that organizations can use to help develop the contextual awareness needed to apply a zero trust strategy. What Attendees Will Learn: Overview of a zero trust strategy Roadmap focusing on zero trust for the DoD Engineering approach for mission/workflow Use of a scenario to help reason about zero trust considerations Awareness of an upcoming SEI Zero Trust Industry Day event…
S
Software Engineering Institute (SEI) Webcast Series
1 Ask Us Anything: Supply Chain Risk Management 41:11
41:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי41:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAccording to the Verizon Data Breach Report , Log4j-related exploits have occurred less frequently over the past year. However, this Common Vulnerabilities and Exposures (CVE) flaw was originally documented in 2021. The threat still exists despite increased awareness. Over the past few years, the Software Engineering Institute (SEI) has developed guidance and practices to help organizations reduce threats to U.S. supply chains. In this webcast, Brett Tucker and Matthew Butkovic, answer your enterprise risk management questions to help your organization achieve operational resilience in the cyber supply chain. What attendees will learn: Enterprise risk governance and how to assess organization’s risk appetite and policy as it relates to and integrates cyber risks into a global risk portfolio Regulatory directives on third-party risk The agenda and topics to be covered in the upcoming CERT Cyber Supply Chain Risk Management Symposium in February…
S
Software Engineering Institute (SEI) Webcast Series
1 The Future of Software Engineering and Acquisition with Generative AI 1:32:10
1:32:10 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:32:10
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWe stand at a pivotal moment in software engineering, with artificial intelligence (AI) playing a crucial role in driving approaches poised to enhance software acquisition, analysis, verification, and automation. While generative AI tools initially sparked excitement for their potential to reduce errors, scale changes effortlessly, and drive innovation, concerns have emerged. These concerns encompass security risks, unforeseen failures, and issues of trust. Empirical research on generative AI development assistants reveals that productivity and quality gains depend not only on the sophistication of tools but also on task flow redesign and expert judgment. In this webcast, Software Engineering Institute (SEI) researchers will explore the future of software engineering and acquisition using generative AI technologies. They’ll examine current applications, envision future possibilities, identify research gaps, and discuss the critical skill sets that software engineers and stakeholders need to effectively and responsibly harness generative AI’s potential. Fostering a deeper understanding of AI’s role in software engineering and acquisition accentuates its potential and mitigates its risks. What Attendees Will Learn • how to identify suitable use cases when starting out with generative AI technology • the practical applications of generative AI in software engineering and acquisition • how developers and decision makers can harness generative AI technology…
S
Software Engineering Institute (SEI) Webcast Series
1 Cyber Supply Chain Risk Management: No Silver Bullet 38:40
38:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי38:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCompliance standards, privileged access management, software bills of materials (SBOMs), maturity models, cloud services, vulnerability management, etc. The list of potential solutions to supply chain risk management (SCRM) challenges seems unending as much as it is daunting to address. In this webcast, Brett Tucker explores some of these solutions. More importantly, he renews an emphasis on using robust enterprise risk management to achieve operational resilience in the cyber supply chain. What attendees will learn A means of decomposing strategic objectives and critical services into high-value assets that point to prioritization of limited risk response resources Enterprise risk governance, appetite, and policy as they relate to and integrate cyber risks into a global risk portfolio The application and impacts of Cybersecurity Maturity Model Certification (CMMC) and other regulatory directives on third-party risk A kick-off announcement about the SEI CERT Supply Chain Risk Management Symposium to be held in February 2024…
S
Software Engineering Institute (SEI) Webcast Series
1 Ask Us Anything: Generative AI Edition 1:30:37
1:30:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:30:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיGenerative AI (GenAI) has been around for decades, but the latest leap in progress, fueled by high-capability large language models (LLMs), image and video generators, and AI pair programmers, has captivated audiences across a variety of disciplines. What can GenAI do well? What are the risks and opportunities of using GenAI? SEI experts Doug Schmidt, Rachel Dzombak, Jasmine Ratchford, Matt Walsh, John Robert and Shing-hon Lau conducted a live question-and-answer session driven by the audience. Here’s what attendees will learn: The risks and rewards of generative AI The future of LLMs SEI research in this area…
S
Software Engineering Institute (SEI) Webcast Series
1 Evaluating Trustworthiness of AI Systems 1:02:08
1:02:08 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:02:08
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAI system trustworthiness is dependent on end users’ confidence in the system’s ability to augment their needs. This confidence is gained through evidence of the system’s capabilities. Trustworthy systems are designed with an understanding of the context of use and careful attention to end-user needs. In this webcast, SEI researchers discuss how to evaluate trustworthiness of AI systems given their dynamic nature and the challenges of managing ongoing responsibility for maintaining trustworthiness. What attendees will learn: Basic understanding of what makes AI systems trustworthy How to evaluate system outputs and confidence How to evaluate trustworthiness to end users (and affected people/communities)…
S
Software Engineering Institute (SEI) Webcast Series
1 Leveraging Software Bill of Materials Practices for Risk Reduction 1:02:03
1:02:03 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:02:03
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of leading practices for building an SBOM and using it to support risk reduction. The SEI SBOM Framework provides a roadmap for managing vulnerabilities and risks in third-party software, including commercial-off-the-shelf (COTS) software, government-off-the-shelf (GOTS) software, and open-source software (OSS). A set of use cases informed the identification of SBOM practices, including building an SBOM and using it to manage risks to software intensive systems. These foundational practices were augmented using key security management concepts, such as the need to address requirements, planning and preparation, infrastructure, and organizational support. In this webcast, Charles Wallen, Carol Woody, and Michael Bandor discuss how organizations can connect SBOMs to acquisition and development to support improved system and software assurance.…
S
Software Engineering Institute (SEI) Webcast Series
1 Institutionalizing the Fundamentals of Insider Risk Management 56:33
56:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי56:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInsider threats pose an enduring, ever-evolving risk to an organization’s critical assets that require enterprise-wide participation to manage effectively. Many organizations struggle to make critical tasks in insider risk management “stick,” relying on several crutches to drive temporary organizational change, only to see those changes come undone and have incidents slip through the cracks. In this webcast, we’ll discuss those crutches and identify themes of best practices observed over two decade of researching insider threat and building insider risk management programs that organizations can use to institutionalize key components of effective insider risk management. What attendees will learn: • How to identify drivers of change to an organization’s insider risk posture • How to differentiate between one-time and routine activities in the planning and implementation of an insider risk management program • How to measure the maturity of those routine activities…
S
Software Engineering Institute (SEI) Webcast Series
1 What’s Wrong with ROI for Model-Based Analysis of Cyber-Physical Systems? 56:06
56:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי56:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this webcast, Fred Schenker, Jerome Hugues, and Linda Parker Gates discuss the benefits of using a model-based approach to improve the design of a CPS’ embedded computing resources. This is accomplished by (1) building virtual architectural models of the CPS’ embedded computing resources early in the system development lifecycle and (2) using these models to predict computing system constraints and component integration issues. They will discuss the cultural resistance to adopting the model-based approach, and how established justification methods, e.g., Return on Investment, are being used to stifle the adoption. Finally, some alternatives to ROI will be proposed that would be more effective justification mechanisms.…
S
Software Engineering Institute (SEI) Webcast Series
1 Will Rust Solve Software Security? 53:38
53:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי53:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe Rust programming language makes some strong claims about the security of Rust code. In this webcast, David Svoboda and Joe Sible will evaluate the Rust programming language from a cybersecurity perspective. They will examine Rust's security model, both in what it promises and its limitations. They will also examine how secure Rust code has been seen in practice and conclude with discussing the overall maturity and stability of the Rust ecosystem. What attendees will learn: The Rust Security Model Limitations of the Rust Security Model Rust code in the current vulnerability ecosystem Rust code stability and maturity…
S
Software Engineering Institute (SEI) Webcast Series
1 Top 5 Challenges to Overcome on Your DevSecOps Journey 1:00:36
1:00:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:00:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHistorically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align with business objectives. In the ideal outcome of such a shift, software teams would act in alignment with business goals, organizational risk, and solution architecture and would understand that security practices are integral to business success. However, the shift from project- to program-level thinking brings lots of challenges. In this webcast, Hasan Yasar and Joe Yankel discuss the top 5 challenges and barriers to implementing DevSecOps practices and describe some solutions for overcoming them. What attendees will learn: The DevSecOps ecosystem and how it aligns with business objectives The DevSecOps challenges and barriers How to overcome the top 5 challenges Practical solutions for your business needs How your system architecture drives your DevSecOps ecosystem…
S
Software Engineering Institute (SEI) Webcast Series
1 Improving Analytics Using Enriched Network Flow Data 1:02:25
1:02:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:02:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיClassic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. However, a consequence of this limited detail is that analysis results based on this data provide information about indications of behavior rather than information that accurately identifies behavior with high confidence. In this webcast, Tim Shimeall and Katherine Prevost discuss how to use IPFIX-formatted data with detail derived from deep packet inspection (DPI) to provide increased confidence in identifying behavior.…
S
Software Engineering Institute (SEI) Webcast Series
1 How Can Data Science Solve Cybersecurity Challenges? 1:00:01
1:00:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:00:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this webcast, Tom Scanlon, Matthew Walsh and Jeffrey Mellon discuss approaches to using data science and machine learning to address cybersecurity challenges. They provide an overview of data science, including a discussion of what constitutes a good problem to solve with data science. They also discuss applying data science to cybersecurity challenges, highlighting specific challenges such as detecting advanced persistent threats (APTs), assessing risk and trust, determining the authenticity of digital content, and detecting deepfakes. What attendees will learn: Basics of data science and what makes for a good data science problem How data science techniques can be applied to cybersecurity Ways to get started using data science to address cybersecurity challenges…
S
Software Engineering Institute (SEI) Webcast Series
1 AI Next Generation Architecture 1:01:44
1:01:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי1:01:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAs Artificial Intelligence permeates mission-critical capabilities, it is paramount to design modular solutions to ensure rapid evolution and interoperability. During this webcast, we’ll discuss some of the primary quality attributes guiding such design, and how a Next Generation Architecture can facilitate an integrated future state. What attendees will learn: current challenges facing AI engineering approaches to promoting interoperability across AI solutions considerations for facilitating modularity and reuse in design…
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
Daily Deals
דומה לSoftware Engineering Institute (SEI) Webcast Series
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
A podcast about web design and development.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Big tech is transforming every aspect of our world. But how, and at what cost? This season of Land of the Giants – The Disney Dilemma – focuses on Disney’s ability to weather the ups and downs of the business cycle and changing tastes and explores what has kept it successful for over 100 years. The entertainment giant has leveraged nostalgia and its intellectual property to build a beloved brand, but after an acquisition spree that included Marvel, Lucasfilm, and 20th Century Fox, can it sus ...
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
