In this SEI Cyber Minute, Alex Corn discusses how to protect systems using Secure Shell (SSH). SSH supports keys, which provide efficiency and security benefits.

A New Path to Verifiable Confidence

Nov 5th, 2019 2m 9s

In this SEI Cyber Minute, Bobbie Stempfley explains how in our increasingly complex world, the SEI is redefining approaches to security to address the transformative technologies being adopted throughout government and industry.

Agile Pitfall in Acquisition: The Bottom of the V

Oct 11th, 2019 3m 36s

In this SEI Cyber Minute, Suzanne Miller explains a pitfall that can occur when trying to use Agile and Lean methods when developing and implementing complex, embedded systems. In such projects, development traditionally proceeds in a model sh

Insider Threat Mitigation, We can help!

Sep 16th, 2019 2m 31s

September 2019 has been designated “National Insider Threat Awareness Month.” A number of federal agencies—including the FBI, Office of the Under Secretary of Defense for Intelligence, and Department of Homeland Security—have chosen September

Automating Alert Handling Reduces Manual Effort

Aug 23rd, 2019 3m 22s

Static analysis (SA) alerts about software code flaws require costly manual effort to validate (e.g., determine True or False) and repair. As a result, organizations often severely limit the types of alerts they manually examine to the types

SCAIFE: An Alert Auditing Classification Prototype

Aug 19th, 2019 2m 11s

In this SEI Cyber Minute, Ebonie McNeil explains how the Source Code Analysis Integrated Framework Environment or (SCAIFE) prototype is intended to be used by developers and analysts who manually audit alerts. SCAIFE provides automatic alert

Integrating Threat Modeling with the SERA Method

May 8th, 2019 1m 31s

Threat-modeling methods provide an approach for identifying possible threats to a system and mitigating them. In this SEI Cyber Minute, Chris Alberts discusses the Security Engineering Risk Analysis (SERA) Method and the threats and risks that

Using Confidence Maps

Apr 22nd, 2019 3m 4s

Chuck Weinstock introduces confidence maps and explains how they work to determine how much confidence someone can have in a claim. Confidence maps collect arguments or doubts about a claim, to which one can then apply a process of elimination

Natural Language Processing for Cybersecurity

Apr 4th, 2019 1m 27s

Elli Kanal describes the work that the SEI does to train computers to learn about stored content and find pertinent information without the help of an analyst. The Software Engineering Institute (SEI) works on projects that help computers (1) l

Moving Cloud Computing to the Tactical Edge

Mar 26th, 2019 3m 7s

At the SEI, we built an implementation of tactical cloudlets that we call KD-Cloudlet. Soldiers, emergency workers, field researchers, medics – really anyone who needs to be a cyber forager for computing resources -- can now use KD-Cloudlet to

Infrastructure as Code: Sustaining Your Legacy Applications

Mar 5th, 2019 2m 2s

The SEI has conducted research on the issues associated with sustaining legacy systems and migrating them, such as trying to sustain a system when there is a lack of documentation and minimal Infrastructure as Code. This SEI Cyber Minute descri

Why Can’t All Contractors Do Agile the Same Way?

Feb 15th, 2019 2m 59s

Suzanne Miller discusses why the use of Agile methods can vary so much from one contractor to another. Because the Agile methodology is based on a set of principles, contractors sometimes apply Agile methods differently depending on the scope a

The SEI, a DoD FFRDC

Feb 11th, 2019 2m 5s

Mary Catherine Ward explains the unique work that the SEI does for the Department of Defense as a federally funded research and development center (FFRDC). Federally funded research and development centers (FFRDCs) perform research to meet the

Assuring Cyber-Physical Systems

Jan 17th, 2019 3m 32s

Self-driving cars, drones, or missiles that use computer systems to interact with the physical world are examples of cyber-physical systems. As these systems become more complex and unpredictable, establishing confidence that they work correctl

Getting Your Agile Program Started

Jan 7th, 2019 2m 19s

Eileen Wrubel discusses getting your agile program started. Agile relies on small batches of work and fast learning cycles, instead of specifying extensive big-batch requirements up front. Programs need to extend this thinking beyond the softwa

Cross-Origin Resource Sharing (CORS)

Dec 20th, 2018 2m 4s

Alex Corn discusses how cross-origin resource sharing (CORS) works to resolve network problems caused by same-origin policy, and how it should be configured. Same-origin policy is a feature of modern web browsers that restricts scripts hosted o

Influence Attacks on Machine Learning

Dec 12th, 2018 2m 33s

Watch Mark Sherman in this SEI Cyber Minute as he discusses "Influence Attacks on Machine Learning".

A Complete DevOps Pipeline: The Foundation for Success

Dec 3rd, 2018 2m 5s

Shane Ficorilli explains some of the requirements for successfully implementing DevOps in your organization, including how to establish a complete deployment pipeline.

What does a software architect do?

Nov 26th, 2018 1m 2s

Watch SEI Researcher Andrew Kotov respond to "What does a software architect do?"

Where Dynamic and Static Code Analysis Merge

Nov 26th, 2018 3m 57s

Watch Bob Schiela and Jeff Boleng discuss "Where dynamic and static code analysis merge".

Why aren’t DoD Programs using static analysis as commercial firms do?

Nov 26th, 2018 2m 48s

Watch Bob Schiela discuss "Why aren’t DoD Programs using static analysis as commercial firms do?"

Deep Learning in Cybersecurit

Nov 15th, 2018 1m 37s

Eliezer Kanal explains deep learning, a subfield of artificial intelligence, and how the SEI is conducting research to learn how it might be used to advance cybersecurity.