AI system trustworthiness is dependent on end users’ confidence in the system’s ability to augment their needs. This confidence is gained through evidence of the system’s capabilities. Trustworthy systems are designed with an understanding of the context of use and careful attention to end-user needs. In this webcast, we’ll discuss how to evaluate trustworthiness of AI systems given their dynamic nature and the challeng...

A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of leading practices for building an SBOM and using it to support risk reduction. The SEI SBOM Frame...

Historically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align with business objectives. In the ideal outcome of such a shift, software teams would act in alignment with business goals, organizational risk, and solution architecture and would understand that...

In this talk, we will present and discuss approaches to using data science and machine learning to address cybersecurity challenges. We provide an overview of data science, including a discussion of what constitutes a good problem to solve with data science. We also discuss applying data science to cybersecurity challenges, highlighting specific challenges such as detecting advanced persistent threats (APTs), assessing risk and trust, determin...

As Artificial Intelligence permeates mission-critical capabilities, it is paramount to design modular solutions to ensure rapid evolution and interoperability. During this webcast, we’ll discuss some of the primary quality attributes guiding such design, and how a Next Generation Architecture can facilitate an integrated future state. What attendees will learn: current challenges facing AI engineering approaches to promoting interoperabi...

Classic tool suites that are used to process network flow records deal with very limited detail on the network connections they summarize. These tools limit detail for several reasons: (1) to maintain long-baseline data, (2) to focus on security-indicative data fields, and (3) to support data collection across large or complex infrastructures. However, a consequence of this limited detail is that analysis results based on this data provide inf...

All technology acquired by an organization requires the support of (or integration with) components, tools, and services delivered by a diverse set of supply chains. However, the practices critical to addressing supply chain risks are typically scattered across many parts of the acquiring organization, and they are performed in isolated stovepipes. This situation causes inconsistencies, gaps, and slow response to crises. The Acquisition Securi...

As a software engineering community, we have started to hear new sentences, words that help us meet the challenges of determining the shelf life of software engineering technologies and practices. Examples include the following: Sentences DevOps is dead. Long live NoOps. Terms/Phrases SecOps, NoCode, SRE, GitOps, and recently Platform Engineering. We often confuse these terms when trying to define certain software engineering job types. In res...

Complex, cyber-physical DoD systems, such as aircraft, depend on correct timing to properly and reliably execute crucial sensing, computing, and actuation functions. In this webcast, SEI staff members Bjorn Andersson, PhD, Dionisio de Niz, PhD, and William Vance of the U.S. Army Combat Capabilities Development Command Aviation & Missile Center will discuss using real-time software on multicore processors. Specifically, they will review the...

The status quo for how we acquire cyber-physical weapon systems (CPS) needs to be changed. It is almost certain (for any acquisition of a CPS) that there will be cost overruns, schedule delays, and/or the loss of promised warfighter capability. Improved product development technologies could be applied, but they have not been adopted widely. We will discuss the status quo, alternative approaches, and how to motivate the community of CPS acquir...