As a software system moves through its lifecycle, each phase calls for the architect to use a different mix of skills. This podcast explores three roles and three failure patterns of software architects that he has observed working with industry and government software projects. This blog post by John Klein is read by Bill Thomas. Listen on Apple Podcasts .
Recent research indicates that security is no longer only a matter of code and is tightly linked to software architecture. SEI researchers have created security-focused modeling tools that capture vulnerabilities and their propagation paths in an architecture. These security-focused modeling tools help security analysts and researchers improve system and software analysis. In this podcast, Julien Delange discusses the motivation for the work, the available tools, and how to use them. Listen on A...
In November 2016, Internet users across the Eastern Seaboard of the United States had trouble accessing popular websites, such as Reddit, Netflix, and the New York Times. Known as the Dyn attack, the disruption was the result of multiple distributed denial of service (DDoS) attacks against a single organization: Dyn, a New Hampshire-based Internet infrastructure company. DDoS attacks can be extremely disruptive, and they are on the rise. The Verisign Distributed Denial of Service Trends Report s...
Effective cybersecurity engineering requires the integration of security into the software acquisition and development lifecycle. For engineering to address security effectively, requirements that establish the target goal for security must be in place. Risk management must include identification of possible threats and vulnerabilities within the system, along with the ways to accept or address them. There will always be cyber security risk, but engineers, managers, and organizations must be abl...
Dynamic network defense (or moving target defense) is based on a simple premise: a moving target is harder to attack than a stationary target. In recent years the government has invested substantially into moving target and adaptive cyber defense. This rapidly growing field has seen recent developments of many new technologies—defenses that range from shuffling of client-to-server assignments to protect against distributed denial-of-service (DDoS) attacks, to packet header rewriting, to rebootin...
Cyber intelligence is the acquisition of information to identify, track, or predict the cyber capabilities and actions of malicious actors to offer courses of action to decision makers charged with protecting organizations. In this podcast, Jared Ettinger of the SEI’s Emerging Technology Center (ETC) talks about the ETC’s latest work in cyber intelligence as well as the Cyber Intelligence Research Consortium, which brings together organizations from a variety of sectors to exchange cyber intelli...
In this podcast, Peter Feiler describes a textual requirement specification language for the Architecture Analysis & Design Language (AADL) called ReqSpec. ReqSpec is based on the draft Requirements Definition and Analysis Language Annex, which defines a meta-model for requirement specification as annotations to AADL models. A set of plug-ins to the Open Source AADL Tool Environment (OSATE) toolset supports the ReqSpec language. Users can follow an architecture-led requirement specificat...
Whether you are a CISO, CISO equivalent, or have another title with organizational cybersecurity responsibilities, the role you play in your organization to protect and sustain the key information and technical assets needed to achieve the mission is critical in today’s landscape of data breaches, nation-state hackers, and increased threats to the business. In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowle...
To ensure software will function as intended and is free of vulnerabilities (aka software assurance), software engineers must consider security early in the lifecycle, when the system is being designed and architected. Recent research on vulnerabilities supports this claim: Nearly half the weaknesses identified in the Common Weakness Enumeration (CWE) repository have been identified as design weaknesses. These weaknesses are introduced early in the lifecycle and cannot be patched away in later p...
By the close of 2016, annual global IP traffic will pass the zettabyte ([ZB]; 1000 exabytes [EB]) threshold and will reach 2.3 ZBs per year by 2020, according to Cisco's Visual Networking Index. While capturing and evaluating network traffic enables defenders of large-scale organizational networks to generate security alerts and identify intrusions, operators of networks with even comparatively modest size struggle with building a full, comprehensive view of network activity. To make wise securi...
In this podcast, Girish Seshagiri discusses a two-year community college software assurance program that he developed and facilitated with SEI Fellow Nancy Mead at Illinois Community College. The two-year degree program in secure software development, which is based on the SEI’s software assurance curriculum, is the result of a collaboration between Central Illinois Center of Excellence for Secure Software and Illinois Central College. The program, which also incorporates an apprenticeship model...
Internet-connected devices—from cars, insulin pumps, and baby monitors to thermostats and coffee makers—are growing in number and complexity. Most of these Internet of Things (IoT) devices weren’t built with connectivity and security in mind, leaving them vulnerable to attacks. In this podcast, CERT researcher Art Manion discusses work that his team is doing with the Department of Homeland Security to examine and secure IoT devices. Listen on Apple Podcasts ....
The position of SEI Fellow is awarded to people who have made an outstanding contribution to the work of the SEI and from whom the SEI leadership may expect valuable advice for continued success in the institute's mission. Nancy Mead, a principal researcher in the SEI’s CERT Division, was named an SEI Fellow in 2013. This podcast is the first in a series highlighting interviews with SEI Fellows. Listen on Apple Podcasts .
Safety-critical software must be analyzed and checked carefully. Each potential error, failure, or defect must be considered and evaluated before you release a new product. For example, if you are producing a quadcopter drone, you would like to know the probability of engine failure to evaluate the system's reliability. Safety analysis is hard. Standards such as ARP4761 mandate several analyses, such as Functional Hazard Assessment and Failure Mode and Effect Analysis. One popular type of safety...
Organizations “are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the organizations’ decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated and deployed, as well as...
Intelligence preparation for Operational Resilience (IPOR) is a structured framework that decision makers can use to: •identify intelligence needs •consume the information received by intelligence sources •make informed decisions about the organization and courses of action In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR. Listen on...
In the past decade, the U.S. Air Force has built up great capability with the Distributed Common Ground System (AF DCGS), the Air Force’s primary weapon system for intelligence, surveillance, reconnaissance, planning, direction, collection, processing, exploitation, analysis, and dissemination. AF DCGS employs a global communications architecture that connects multiple intelligence platforms and sensors. In this podcast, Harry Levinson discusses the SEI’s work with the Air Force to further evolv...
Threat modeling, which has been popularized by Microsoft in the last decade, provides vulnerability analysts a means to analyze a system and identify various attack surfaces and use that knowledge to bolster a system against vulnerabilities. In this podcast, Art Manion and Allen Householder of CERT’s vulnerability analysis team, talk about threat modeling and its use in improving security of the Internet of Things. Listen on Apple Podcasts .
Due to advances in hardware and software technologies, Department of Defense (DoD) systems today are highly capable and complex. However, they also face increasing scale, computation, and security challenges. Compounding these challenges, DoD systems were historically designed using stove-piped architectures that lock the government into a small number of system integrators, each devising proprietary point solutions that are expensive to develop and sustain over the lifecycle. Although these sto...
Safety-critical systems are becoming extremely software-reliant. Software complexity can increase total acquisition costs as much as 16 percent. The Effective Reduction of Avoidable Complexity in Embedded Systems (ERACES) project aims to identify and remove complexity in software models. At the same time, safety-critical development is shifting from traditional programming (e.g., Ada, C) to modeling languages (e.g., Simulink, SCADE). In this podcast, Julien Delange discusses the Effective Reduct...
The Department of Defense (DoD) must focus on sustaining legacy weapons systems that are no longer in production, but are expected to remain a key component of our defense capability for decades to come. Despite the fact that these legacy systems are no longer in the acquisition phase, software upgrade cycles are needed to refresh their capabilities every 18 to 24 months. In addition, significant modernization can often be made by more extensive, focused software upgrades with relatively modest ...
We know from existing SEI work on attribute-driven design, Quality Attribute Workshops, and the Architecture Tradeoff Analysis Method that a focus on quality attributes prevents costly rework. Such a long-term perspective, however, can be hard to maintain in a high-tempo, agile delivery model, which is why the SEI continues to recommend an architecture-centric engineering approach, regardless of the software methodology chosen. As part of our work in value-driven incremental delivery, we conduct...
Whether Java is more secure than C is a simple question to ask, but a hard question to answer well. When researchers on the CERT Secure Coding Team began writing the SEI CERT Oracle Coding Standard for Java, they thought that Java would require fewer secure coding rules than the SEI CERT C Coding Standard because Java was designed with security in mind. They also assumed that a more secure language would need fewer rules than a less secure one. However, Java has 168 coding rules compared to just...
In our studies of many large-scale software systems, we have observed that defective files seldom exist alone. They are usually architecturally connected, and their architectural structures exhibit significant design flaws that propagate bugginess among files. We call these flawed structures the architecture roots, a type of technical debt that incurs high maintenance penalties. Removing the architecture roots of bugginess requires refactoring, but the benefits of refactoring have historically b...
The Building Security In Maturity Model (BSIMM) is the result of a multi-year study of real-world software security initiatives. It is built directly from data observed in 78 software security initiatives from firms in nine market sectors. The best way to use the BSIMM is to compare and contrast your own initiative with the data about what other organizations are doing as described in the model. You can then identify goals and objectives and refer to the BSIMM to determine which additional activ...
Grady Booch recently delivered a presentation as part of the SEI’s CTO Distinguished Speaker Series where he discussed his perspectives on the biggest challenges for the future of software engineering. During his visit to the SEI, he sat down for an interview with SEI Fellow Nancy Mead for the SEI Podcast Series. Booch will be a keynote speaker at SATURN 2016. Please click the related link below for additional details. Listen on Apple Podcasts ....
Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applica...
Every day another story arises about a significant breach at a major company or Government agency. Increasingly, cybersecurity is being viewed as a risk management issue by CEOs and boards of directors. So how does corporate America address risk? Insurance. Since, like a natural disaster, a company cannot completely avoid cyber attacks, the next best option is to mitigate the impact these attacks can have. [1]In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyb...
In their haste to deliver software capabilities, developers sometimes engage in less-than-optimal coding practices. If not addressed, these shortcuts can ultimately yield unexpected rework costs that offset the benefits of rapid delivery. Technical debt conceptualizes the tradeoff between the short-term benefits of rapid delivery and long-term value. Taking shortcuts to expedite the delivery of features in the short term incurs technical debt, analogous to financial debt, that must be paid off l...
In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (Pitt), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework). The University of Pittsburgh is a large, decentralized institution with a diverse population of networks and information types. The challenge of balancing academic freedom with security and protection of research data is put to the test every day. The use of the CSF, created by NI...
