Historically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align with business objectives. In the ideal outcome of such a shift, software teams would act in alignment with business goals, organizational risk, and solution architecture and would understand that...

In this talk, we will present and discuss approaches to using data science and machine learning to address cybersecurity challenges. We provide an overview of data science, including a discussion of what constitutes a good problem to solve with data science. We also discuss applying data science to cybersecurity challenges, highlighting specific challenges such as detecting advanced persistent threats (APTs), assessing risk and trust, determin...

As Artificial Intelligence permeates mission-critical capabilities, it is paramount to design modular solutions to ensure rapid evolution and interoperability. During this webcast, we’ll discuss some of the primary quality attributes guiding such design, and how a Next Generation Architecture can facilitate an integrated future state. What attendees will learn: current challenges facing AI engineering approaches to promoting interoperabi...

Classic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. However, a consequence of this limited detail is that analysis results based on this data provide inf...

All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically scattered across many parts of the acquiring organization, and they are performed in isolated stovepipes. This situation causes inconsistencies, gaps, and slow response to crises. The Acquisition Securi...

As a software engineering community, we have started to hear new sentences, words that help us meet the challenges of determining the shelf life of software engineering technologies and practices. Examples include the following: Sentences DevOps is dead. Long live NoOps. Terms/Phrases SecOps, NoCode, SRE, GitOps, and recently Platform Engineering. We often confuse these terms when trying to define certain software engineering job types. In res...

Complex, cyber-physical DoD systems, such as aircraft, depend on correct timing to properly and reliably execute crucial sensing, computing, and actuation functions. In this webcast, SEI staff members Bjorn Andersson, PhD, Dionisio de Niz, PhD, and William Vance of the U.S. Army Combat Capabilities Development Command Aviation & Missile Center will discuss using real-time software on multicore processors. Specifically, they will review the...

The status quo for how we acquire cyber-physical weapon systems (CPS) needs to be changed. It is almost certain (for any acquisition of a CPS) that there will be cost overruns, schedule delays, and/or the loss of promised warfighter capability. Improved product development technologies could be applied, but they have not been adopted widely. We will discuss the status quo, alternative approaches, and how to motivate the community of CPS acquir...

Zero Trust Architecture adoption is a challenge for many organizations. It isn't a specific technology to adopt; instead, it’s a security initiative that an enterprise must understand, interpret, and implement. Enterprise security initiatives are never simple, and their goal to improve the enterprise’s cybersecurity posture requires the alignment of multiple stakeholders, systems, acquisitions, and exponentially changing technology...

In its 2021 report, the National Security Commission on AI (NSCAI) wrote, "The impact of artificial intelligence (AI) on the world will extend far beyond narrow national security applications." How do we move beyond those narrow AI applications to gain strategic advantage? Join Dr. Matt Gaston, Director of the SEI AI Division, Dr. Steve Chien, NSCAI Commissioner and Technical Group Supervisor of the Artificial Intelligence Group and Senior Res...