Feb 25
2013
By Bill Scherlis
SEI Principal Researcher and Director, Institute for Software Research
Some
of the principal challenges faced by developers, managers, and
researchers in software engineering and cybersecurity involve measurement and evaluation. In two previous blog posts,
I summarized some features of the overall SEI Technology Strategy. This
post focuses on how the SEI measures and evaluates its research program
to help ensure these activities address the most significant and
pervasive problems for the Department of Defense (DoD). Our goal is to
conduct projects that are technically challenging and whose solution
will make a significant difference in the development and operation of
software-reliant systems. In this post we’ll describe the process used
to measure and evaluate the progress of initiated projects at the SEI to
help maximum their potential for success.
Read more...
Feb 18
2013
By Austin Whisnant
Member of the Technical Staff
The CERT Network Situational Awareness Team
Knowing
what assets are on a network, particularly which assets are visible to
outsiders, is an important step in achieving network situational
awareness. This awareness is particularly important for large,
enterprise-class networks, such as those of telephone, mobile, and
internet providers. These providers find it hard to track hosts,
servers, data sets, and other vulnerable assets in the network.
Exposed vulnerable assets make a network a target of opportunity, or “low-hanging fruit” for attackers. According to the 2012 Data Breach Investigations Report,
of the 855 incidents of corporate data theft reported in 2012, 174
million records were compromised. Of that figure, 79 percent of victims
were targets of opportunity because they had an easily exploitable
weakness, according to the report. This blog post highlights recent
research in how a network administrator can use network flow data to
create a profile of externally-facing assets on mid- to large-sized
networks.
Read more...
Feb 11
2013
By Douglas C. Schmidt
Principal Researcher
As
part of an ongoing effort to keep you informed about our latest work,
I’d like to let you know about some recently published SEI technical
reports and notes. These reports highlight the latest work of SEI
technologists in and systems engineering, resilience, and insider threat.
This post includes a listing of each report, author(s), and links where
the published reports can be accessed on the SEI website.
Read more...
Feb 4
2013
By Bill Scherlis
SEI Principal Researcher and Director, Institute for Software Research
The Department of Defense (DoD) has become deeply reliant on software. As a federally funded research and development center (FFRDC),
the SEI is chartered to work with the DoD to meet the challenges of
designing, producing, assuring, and evolving software-reliant systems in
an affordable and dependable manner. This blog post is the second in a
multi-part series that describes key elements of our forthcoming
Strategic Research Plan that address these challenges through research,
acquisition support, and collaboration with the DoD, other federal
agencies, industry, and academia. The first post
in this series focused on Architecture-Led Incremental Iterative
Development. This part focuses on the remaining three elements of our
strategic plan: (1) designed-in security and quality (evidence-based
software assurance), (2) a set of DoD critical component capabilities
relating to cyber-physical systems (CPS), autonomous systems, and big
data analytics, and (3) cybersecurity tradecraft and analytics.
Read more...
Recent Comments